{"id":20643827,"url":"https://github.com/homeall/caddy-reverse-proxy-cloudflare","last_synced_at":"2026-04-28T03:06:43.051Z","repository":{"id":55395166,"uuid":"326207244","full_name":"homeall/caddy-reverse-proxy-cloudflare","owner":"homeall","description":"Caddy server Docker image with Cloudflare plugin enabled for easy reverse proxying.","archived":false,"fork":false,"pushed_at":"2026-04-14T00:20:16.000Z","size":2975,"stargazers_count":150,"open_issues_count":5,"forks_count":19,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-14T02:02:50.361Z","etag":null,"topics":["caddy","cloudflare","cloudflare-plugin","docker","docker-image","https","reverse-proxy"],"latest_commit_sha":null,"homepage":"","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/homeall.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"homeall","buy_me_a_coffee":"homeall"}},"created_at":"2021-01-02T15:05:44.000Z","updated_at":"2026-04-13T23:23:46.000Z","dependencies_parsed_at":"2026-04-14T02:01:50.233Z","dependency_job_id":null,"html_url":"https://github.com/homeall/caddy-reverse-proxy-cloudflare","commit_stats":null,"previous_names":[],"tags_count":190,"template":false,"template_full_name":null,"purl":"pkg:github/homeall/caddy-reverse-proxy-cloudflare","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/homeall%2Fcaddy-reverse-proxy-cloudflare","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/homeall%2Fcaddy-reverse-proxy-cloudflare/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/homeall%2Fcaddy-reverse-proxy-cloudflare/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/homeall%2Fcaddy-reverse-proxy-cloudflare/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/homeall","download_url":"https://codeload.github.com/homeall/caddy-reverse-proxy-cloudflare/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/homeall%2Fcaddy-reverse-proxy-cloudflare/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32364111,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-27T20:07:02.737Z","status":"online","status_checked_at":"2026-04-28T02:00:07.250Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["caddy","cloudflare","cloudflare-plugin","docker","docker-image","https","reverse-proxy"],"created_at":"2024-11-16T16:13:58.636Z","updated_at":"2026-04-28T03:06:43.024Z","avatar_url":"https://github.com/homeall.png","language":"Dockerfile","funding_links":["https://github.com/sponsors/homeall","https://buymeacoffee.com/homeall","https://buymeacoffee.com/homeall)!","https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20coffee\u0026slug=homeall\u0026button_colour=FFDD00\u0026font_colour=000000\u0026font_family=Arial\u0026outline_colour=000000\u0026coffee_colour=ffffff"],"categories":["docker"],"sub_categories":[],"readme":"[![Cloudflared](https://github.com/homeall/caddy-reverse-proxy-cloudflare/workflows/CI/badge.svg)](https://github.com/homeall/caddy-reverse-proxy-cloudflare/actions)\n![Trivy Workflow Status](https://github.com/homeall/caddy-reverse-proxy-cloudflare/actions/workflows/security-scan.yml/badge.svg?branch=main)\n[![Docker](https://img.shields.io/badge/Docker-2496ED?logo=docker\u0026logoColor=fff)](#) \n[![Docker pulls](https://img.shields.io/docker/pulls/homeall/caddy-reverse-proxy-cloudflare)](https://img.shields.io/docker/pulls/homeall/caddy-reverse-proxy-cloudflare)\n[![Docker Image Size](https://img.shields.io/docker/image-size/homeall/caddy-reverse-proxy-cloudflare/latest)](https://hub.docker.com/r/homeall/caddy-reverse-proxy-cloudflare)\n[![GitHub Actions](https://img.shields.io/badge/GitHub_Actions-2088FF?logo=github-actions\u0026logoColor=white)](#) \n[![Cloudflare](https://img.shields.io/badge/Cloudflare-F38020?logo=Cloudflare\u0026logoColor=white)](#) \n[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fhomeall%2Fcaddy-reverse-proxy-cloudflare.svg?type=shield\u0026issueType=license)](https://app.fossa.com/projects/git%2Bgithub.com%2Fhomeall%2Fcaddy-reverse-proxy-cloudflare?ref=badge_shield\u0026issueType=license)\n[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/licenses/MIT)\n[![Contributions welcome](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://ionut.vip)\n\n\n# Caddy reverse proxy with cloudflare plugin\n\nEnjoying the caffeine boost? If this repo saves you some time, [buy me a coffee](https://buymeacoffee.com/homeall)!\n[![Buy Me A Coffee](https://img.shields.io/badge/Buy%20Me%20a%20Coffee-yellow?logo=buymeacoffee\u0026logoColor=white)](https://buymeacoffee.com/homeall)\n![Caddy Ultimate Reverse Proxy Banner](./assets/banner.png)\n\u003c!-- TABLE OF CONTENTS --\u003e\n\u003cdetails open=\"open\"\u003e\n  \u003csummary\u003eTable of Contents\u003c/summary\u003e\n  \u003col\u003e\n    \u003cli\u003e\n      \u003ca href=\"#whats-new\"\u003eWhat's New\u003c/a\u003e\n    \u003c/li\u003e\n    \u003cli\u003e\n      \u003ca href=\"#about-the-project\"\u003eAbout The Project\u003c/a\u003e\n    \u003c/li\u003e\n    \u003cli\u003e\n      \u003ca href=\"#getting-started\"\u003eGetting Started\u003c/a\u003e\n      \u003cul\u003e\n        \u003cli\u003e\u003ca href=\"#prerequisites\"\u003ePrerequisites\u003c/a\u003e\u003c/li\u003e\n      \u003c/ul\u003e\n    \u003c/li\u003e\n    \u003cli\u003e\n      \u003ca href=\"#usage\"\u003eUsage\u003c/a\u003e\n        \u003cul\u003e\n          \u003cli\u003e\u003ca href=\"#docker-compose\"\u003eDocker-compose\u003c/a\u003e\u003c/li\u003e\n          \u003cli\u003e\u003ca href=\"#docker-run\"\u003eDocker run\u003c/a\u003e\u003c/li\u003e\n        \u003c/ul\u003e\n        \u003cul\u003e\n        \u003cli\u003e\u003ca href=\"#testing\"\u003eTesting\u003c/a\u003e\u003c/li\u003e\n      \u003c/ul\u003e\n    \u003c/li\u003e\n    \u003cli\u003e\u003ca href=\"#license\"\u003eLicense\u003c/a\u003e\u003c/li\u003e\n      \u003cli\u003e\u003ca href=\"#contact\"\u003eContact\u003c/a\u003e\u003c/li\u003e\n      \u003cli\u003e\u003ca href=\"#support-this-project\"\u003eSupport\u003c/a\u003e\u003c/li\u003e\n  \u003c/ol\u003e\n\u003c/details\u003e\n\n## What's New\n\n- Now built on a minimal **distroless** base image.\n- Expanded plugin set including rate limiting, Cloudflare IP handling, geolocation, Coraza WAF and more.\n- Updated CI workflows and security docs.\n\n\u003c!-- ABOUT THE PROJECT --\u003e\n## About The Project\n\nThis docker image enhances the work from [@lucaslorentz](https://github.com/lucaslorentz/caddy-docker-proxy) by bundling several useful plugins:\n* **[caddy-docker-proxy](https://github.com/lucaslorentz/caddy-docker-proxy)** – auto-configure Caddy from container labels.\n* **[caddy-dynamicdns](https://github.com/mholt/caddy-dynamicdns)** – updates DNS records when your IP changes.\n* **[sablier](https://github.com/sablierapp/sablier)** – start workloads on demand and stop them when idle.\n* **[CrowdSec bouncer](https://github.com/hslatman/caddy-crowdsec-bouncer)** – block malicious traffic via CrowdSec (HTTP/AppSec/Layer4).\n* **[caddy-admin-ui](https://github.com/gsmlg-dev/caddy-admin-ui)** – experimental web UI for administration.\n* **[caddy-storage-redis](https://github.com/pberkel/caddy-storage-redis)** – store certificates in Redis for clustered setups.\n* **[Cloudflare DNS](https://github.com/caddy-dns/cloudflare)** – handle ACME DNS challenges through Cloudflare.\n* **[transform-encoder](https://github.com/caddyserver/transform-encoder)** – additional compression encoders.\n* **[caddy-ratelimit](https://github.com/mholt/caddy-ratelimit)** – simple request rate limiting.\n* **[caddy-l4](https://github.com/mholt/caddy-l4)** – layer‑4 (TCP/UDP) features.\n* **[caddy-cloudflare-ip](https://github.com/WeidiDeng/caddy-cloudflare-ip)** – log real client IPs when behind Cloudflare.\n* **[caddy-maxmind-geolocation](https://github.com/porech/caddy-maxmind-geolocation)** – MaxMind GeoIP lookups.\n* **[Coraza WAF](https://github.com/corazawaf/coraza-caddy)** – integrate the Coraza web application firewall.\n* **[caddy-security](https://github.com/greenpau/caddy-security)** – authentication portals and security helpers.\n* **[caddy-websockify](https://github.com/hadi77ir/caddy-websockify)** – proxy and translate WebSockets.\n\nThe image uses a **distroless** base for a smaller footprint and improved security. Caddy and its plugins are refreshed automatically by GitHub Actions, so you always get the latest stable versions.\n\n:notebook_with_decorative_cover: For detailed guidance on using the base caddy-docker-proxy functionality, refer to the [original documentation](https://github.com/lucaslorentz/caddy-docker-proxy).\n\nThis image is ideal for using :tm: [Caddy](https://caddyserver.com/) as a reverse proxy with [Let's Encrypt](https://letsencrypt.org/) and [Cloudflare DNS](https://www.cloudflare.com/dns/).\n\nGitHub Actions automatically update the Docker image weekly, including Caddy and all plugins.\n\nIt also supports dynamic IP address updates via [Caddy DynamicDNS](https://github.com/mholt/caddy-dynamicdns).\n\n:interrobang: Note: A **scoped API token** is required for Cloudflare DNS. Details can be found [here](https://github.com/libdns/cloudflare#authenticating).\n\n\n\u003c!-- GETTING STARTED --\u003e\n## Getting Started\n\n:beginner: This image supports `linux/amd64`, `linux/arm`, and `linux/arm64` architectures, making it suitable for standard Linux servers and various ARM-based devices, including Raspberry Pi.\n\n### Prerequisites\n\n[![Made with Docker !](https://img.shields.io/badge/Made%20with-Docker-blue)](https://github.com/homeall/caddy-reverse-proxy-cloudflare/blob/main/Dockerfile)\n\nYou will need to have:\n\n* :whale: [Docker](https://docs.docker.com/engine/install/)\n* :whale2: [docker-compose](https://docs.docker.com/compose/) \n* Domain name -\u003e you can get from [Name Cheap](https://www.namecheap.com)\n* [Cloudflare DNS Zone](https://www.cloudflare.com/en-gb/learning/dns/glossary/dns-zone/)\n\n\u003c!-- USAGE --\u003e\n## Usage\n\n### Docker Compose\n\n:warning: You will have to use **labels** in docker-compose deployment. Please review below what it means each [label](https://caddyserver.com/docs/caddyfile/directives/tls). :arrow_down:\n\nYou will tell :tm: [Caddy](https://caddyserver.com/) where it has to route traffic in docker network, as :tm: [Caddy](https://caddyserver.com/) is **ingress** on this case. \n\n:arrow_down: A simple [docker-compose.yml](https://docs.docker.com/compose/):\n\n```\n\nservices:\n  caddy:\n    container_name: caddy\n    image: homeall/caddy-reverse-proxy-cloudflare:latest\n    restart: unless-stopped\n    environment:\n      TZ: 'Europe/London'\n    volumes:\n      - \"/var/run/docker.sock:/var/run/docker.sock\"      # needs socket to read events\n      - \"./caddy-data:/data\"                             # persist certificates via XDG_DATA_HOME\n    ports:\n      - \"80:80\"\n      - \"443:443\"\n      - \"443:443/udp\"                                    # Enable HTTP/3\n    labels:                                              # Global options\n      caddy.email: email@example.com                     # needs for acme CERT registration account\n      caddy.acme_dns: \"cloudflare $API_TOKEN\"            # When set here, you don't need to set it for each service individually\n      # Optional: Enable Admin UI (experimental) - see section below for more details\n      # caddy.admin: \"0.0.0.0:2019\" \n      # caddy.admin.origins: \"your.admin.domain.com\" # Or use specific IP/host if not exposing publicly\n\n  whoami0:\n    container_name: whoam\n    image: traefik/whoami # Using traefik/whoami as jwilder/whoami is a bit old\n    hostname: TheDocker #-----\u003e\u003eExpected result using curl\n    restart: unless-stopped\n    labels:\n      caddy: your.example.com                            # Caddy will route traffic for this domain\n      # caddy.tls.ca: \"https://acme.zerossl.com/v2/DV90\" # Uncomment if you prefer ZeroSSL. Default is Let's Encrypt.\n      caddy.reverse_proxy: \"{{upstreams 80}}\"            # Forward traffic to port 80 of this container (traefik/whoami listens on 80)\n      caddy.tls.protocols: \"tls1.3\"                      # Optional: Enforce TLS 1.3. Default is tls1.2 and tls1.3.\n      caddy.tls.ca: \"https://acme-staging-v02.api.letsencrypt.org/directory\" # For testing. Remove for production.\n      caddy.tls.dns: \"cloudflare $API_TOKEN\"             # (Optional when using global setting) Replace $API_TOKEN with your Cloudflare scoped API token.\n```\n\u003e Please get your scoped API-Token from  **[here](https://github.com/libdns/cloudflare#authenticating)**.\n\n---\n\n### Docker Run\n\nFor quick tests without a compose file:\n\n```bash\ndocker run -d --name caddy \\\n  -v /var/run/docker.sock:/var/run/docker.sock \\\n  -v $(pwd)/caddy-data:/data \\\n  -e TZ=\"Europe/London\" \\\n  -p 80:80 -p 443:443 -p 443:443/udp \\\n  homeall/caddy-reverse-proxy-cloudflare:latest\n```\n\nLabel your other containers as in the compose example so Caddy can route traffic.\n\n---\n\n### Using a Custom Caddyfile\n\nBy default, this image uses `caddy-docker-proxy` to generate Caddy's configuration from Docker labels. However, you can also provide your own complete Caddyfile.\n\n**How Caddy Loads Configuration:**\nCaddy itself loads its primary configuration from `/etc/caddy/Caddyfile` by default.\n\n**Role of `caddy-docker-proxy` and Labels:**\nThe `caddy-docker-proxy` service (which is part of this image's entrypoint logic) monitors Docker events and generates a Caddyfile based on the labels you define on your services. By default, `caddy-docker-proxy` writes this generated Caddyfile to `/etc/caddy/Caddyfile`.\n\n**Providing Your Own Caddyfile (Most Common Method):**\nIf you want to use your own complete Caddyfile and bypass the label-based generation for the main configuration, mount your custom Caddyfile to `/etc/caddy/Caddyfile`.\n\nExample `docker-compose.yml` snippet:\n```yaml\nservices:\n  caddy:\n    # ... other caddy service config ...\n    image: homeall/caddy-reverse-proxy-cloudflare:latest\n    volumes:\n      - \"/var/run/docker.sock:/var/run/docker.sock\"  # Still needed if you import label-generated snippets or for other proxy features\n      - \"./caddy-data:/data\"                         # persist certificates via XDG_DATA_HOME\n      - \"./my-custom-caddyfile:/etc/caddy/Caddyfile\" # Mount your custom Caddyfile here\n    # environment:\n      # CADDY_DOCKER_CADDYFILE_PATH: '/etc/caddy/Caddyfile' # Default path for label-generated config.\n                                                            # If you mount to /etc/caddy/Caddyfile, this var is implicitly handled.\n    # ...\n```\nWhen you mount your own file to `/etc/caddy/Caddyfile`, it takes precedence over the file `caddy-docker-proxy` would generate at that same default location. The image's entrypoint is designed to detect a user-provided Caddyfile at this path and will use it directly.\n\n### Basic Caddyfile Example\n\nBelow is a minimal Caddyfile that configures a single domain using the Cloudflare DNS plugin. The Cloudflare API token is read from the `CLOUDFLARE_API_TOKEN` environment variable.\n\n```caddyfile\n{\n    email you@example.com\n    acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}\n}\n\nexample.com {\n    respond \"Hello from Caddy\"\n}\n```\n\nBefore running Caddy, ensure the `CLOUDFLARE_API_TOKEN` environment variable is set with a token that has permission to manage your domain's DNS records.\n\n**Advanced: Label-Generated Config to a Different Path (`CADDY_DOCKER_CADDYFILE_PATH`)**\nThe `CADDY_DOCKER_CADDYFILE_PATH` environment variable tells `caddy-docker-proxy` where it should write the Caddyfile it generates from Docker labels.\n*   If you **do not set** `CADDY_DOCKER_CADDYFILE_PATH`, it defaults to `/etc/caddy/Caddyfile`.\n*   If you mount your custom Caddyfile to `/etc/caddy/Caddyfile`, `caddy-docker-proxy` will still attempt to write to this path, but your mounted file will be what Caddy uses.\n\n**Important Considerations:**\n*   If you provide a custom Caddyfile to `/etc/caddy/Caddyfile`, you are fully responsible for its content, including global options, TLS settings, and defining your sites.\n*   Plugins like `caddy-storage-redis` require their configuration to be in the global options block of the Caddyfile that Caddy loads (i.e., your custom `/etc/caddy/Caddyfile`).\n*   The `caddy.email` and `caddy.acme_dns` labels on the Caddy service itself are typically used by `caddy-docker-proxy` to generate global options. If you provide a full custom Caddyfile, ensure these global options (like `email` for ACME and `acme_dns` for DNS challenges) are correctly defined in your Caddyfile's global block `{...}`.\n\n---\n\n### :construction: Caddy Admin UI (Experimental)\n\nThe `caddy-admin-ui` plugin provides a web interface for managing Caddy. \nTo enable it, you can add the following global labels to your Caddy service in `docker-compose.yml`:\n\n```yaml\n    labels:\n      # ... other global labels ...\n      caddy.admin: \"0.0.0.0:2019\"                             # Listen address for the admin API \u0026 UI\n      caddy.admin.origins: \"your.admin.domain.com\"            # Allowed Host header for accessing the UI (replace with your domain or IP)\n      # caddy.admin.enforce_origin: \"true\"                    # Optional: Enforce origin check\n      # caddy.admin.instance_id: \"my-caddy-instance\"          # Optional: Custom instance ID\n```\n\n:warning: **Security Note**: Exposing the Caddy admin interface publicly can be a security risk. Ensure you understand the implications and secure it appropriately (e.g., using strong authentication, IP whitelisting, or running it on a private network). The plugin is also experimental.\n\n---\n\n### \u003cimg src=\"https://avatars.githubusercontent.com/u/7040912?s=200\u0026v=4\" width=\"20\" height=\"20\"\u003e Caddy Storage Redis\n\nThe `caddy-storage-redis` plugin allows Caddy to use Redis for storing certificates and other state. This is particularly useful in a distributed setup where multiple Caddy instances need to share this information.\n\nConfiguration for `caddy-storage-redis` is done within the global options of your Caddyfile (typically `/etc/caddy/Caddyfile`), specifically in the `storage` block. Environment variables are not directly used for configuring the Redis storage parameters themselves.\n\nHere is an example Caddyfile snippet showing Redis storage configuration:\n\n```caddyfile\n{\n    # All values are optional, below are the defaults\n    storage redis {\n        host           127.0.0.1\n        port           6379\n        address        127.0.0.1:6379 // derived from host and port values if not explicitly set\n        username       \"\"\n        password       \"\"\n        db             0\n        timeout        5\n        key_prefix     \"caddy\"\n        encryption_key \"\"    // default no encryption; enable by specifying a secret key containing 32 characters (longer keys will be truncated)\n        compression    false // default no compression; if set to true, stored values are compressed using \"compress/flate\"\n        tls_enabled    false\n        tls_insecure   true\n    }\n}\n\n:443 {\n    # Your site configuration\n    # e.g., reverse_proxy / your-app:port\n}\n```\n\n:information_source: **Note:** The example above shows the default values for the Redis storage module. If your Redis instance is running on a different server or requires authentication, you will need to update the `host`, `port`, `address` (if not using default host/port), `username`, `password`, and `tls_enabled` fields accordingly.\n\nYou'll also need a Redis instance running and accessible by Caddy. Here's a simple example of adding a Redis service to your `docker-compose.yml` if you don't have one already:\n\n```yaml\nservices:\n  # ... your caddy service ...\n\n  redis:\n    image: redis:alpine\n    container_name: redis\n    restart: unless-stopped\n    volumes:\n      - \"./redis-data:/data\" # Persist Redis data\n    # For production, set a password:\n    # command: redis-server --requirepass your-strong-password\n```\nIf you set a password for Redis, ensure you configure it in your Caddyfile's `storage redis` block.\n\nTo use a custom Caddyfile (e.g., for configuring Redis storage or other specific settings not covered by labels), mount it to `/etc/caddy/Caddyfile`. See the \"Using a Custom Caddyfile\" section above for more details.\n\nExample `docker-compose.yml` for Caddy service using a custom Caddyfile for Redis storage:\n```yaml\nservices:\n  caddy:\n    container_name: caddy\n    image: homeall/caddy-reverse-proxy-cloudflare:latest\n    restart: unless-stopped\n    environment:\n      TZ: 'Europe/London'\n      # CADDY_DOCKER_CADDYFILE_PATH: '/etc/caddy/Caddyfile' # Default path for label-generated config.\n                                                            # When mounting to /etc/caddy/Caddyfile, this is implicitly handled.\n    volumes:\n      - \"/var/run/docker.sock:/var/run/docker.sock\"  # For caddy-docker-proxy to read service labels\n      - \"./caddy-data:/data\"                         # persist certificates via XDG_DATA_HOME\n      - \"./my-caddyfile-with-redis-config:/etc/caddy/Caddyfile\" # Mount your Caddyfile here\n    ports:\n      - \"80:80\"\n      - \"443:443\"\n      - \"443:443/udp\"\n    # Docker labels for caddy-docker-proxy (e.g., for other services) can still be used\n    # in conjunction with a custom Caddyfile if your custom Caddyfile imports label-generated snippets.\n    # However, global options like 'storage' must be in the primary /etc/caddy/Caddyfile.\n    # labels:\n    #   caddy.email: email@example.com \n    #   caddy.acme_dns: \"cloudflare $API_TOKEN\"\n```\nThe `caddy-storage-redis` configuration (like the `storage redis { ... }` block) must be in the global options of the Caddyfile that Caddy loads (i.e., `/etc/caddy/Caddyfile` if you've mounted your own).\n\n\n:arrow_up: [Go on TOP](#about-the-project) :point_up:\n\n### Testing\n\n:arrow_down: Your can run the following command to see that is working:\n \n```\n$  curl --insecure -vvI https://your.example.com 2\u003e\u00261 | awk 'BEGIN { cert=0 } /^\\* Server certificate:/ { cert=1 } /^\\*/ { if (cert) print }'\n* Server certificate:\n*  subject: CN=your.example.com \n*  start date: \u003cDate specific to your test\u003e\n*  expire date: \u003cDate specific to your test\u003e\n*  issuer: CN=Fake LE Intermediate X1 # This indicates staging/test certificate\n*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.\n* Using HTTP2, server supports multi-use\n* Connection state changed (HTTP/2 confirmed)\n* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0\n* Using Stream ID: 1 (easy handle \u003csome_hex_value\u003e)\n* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):\n* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!\n$  curl -k https://your.example.com\nI'm TheDocker\n```\nMake sure to replace `your.example.com` with the domain you configured in the `whoami` service labels. The output `I'm TheDocker` comes from the `hostname` set in the `whoami` service. If you used `traefik/whoami` on port 80, it will output its own identifying information.\n\n![](./assets/caddy-reverse-proxy.gif)\n\n## License\n\n:newspaper_roll: Check the [LICENSE](https://raw.githubusercontent.com/homeall/caddy-reverse-proxy-cloudflare/main/LICENSE) for more information.\n\n\u003c!-- CONTACT --\u003e\n## Contact\n\n:red_circle: [Open an issue on GitHub](https://github.com/homeall/caddy-reverse-proxy-cloudflare/issues/new/choose) if you run into problems.\n## Support this project\nIf you find this image useful, you can [buy me a coffee](https://buymeacoffee.com/homeall) to help keep development going.\n\n[![Buy Me a Coffee](https://img.buymeacoffee.com/button-api/?text=Buy%20me%20a%20coffee\u0026slug=homeall\u0026button_colour=FFDD00\u0026font_colour=000000\u0026font_family=Arial\u0026outline_colour=000000\u0026coffee_colour=ffffff)](https://buymeacoffee.com/homeall)\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhomeall%2Fcaddy-reverse-proxy-cloudflare","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhomeall%2Fcaddy-reverse-proxy-cloudflare","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhomeall%2Fcaddy-reverse-proxy-cloudflare/lists"}