mirror of
https://github.com/frappe/frappe_docker.git
synced 2026-06-17 13:55:08 +00:00
99d9a1dc38
* refactor: move core nginx files into more recognizable folder structure * chore: include HTTPS_PUBLISH_PORT in example .env * feat: add nginx-proxy and acme-companion compose overrides * docs: add NGINX_PROXY_HOSTS to example.env * docs: add nginx-proxy overrides * docs: split docs, variables for usage of traefik or nginx-proxy * docs: update override notes for traefik proxy on separate stack * docs: split TLS/SSL overview and add own caddy guide * docs: add nginx-proxy + acme companion guide * docs: add nginx-proxy and acme single-server setup guide
1.3 KiB
1.3 KiB
Caddy reverse proxy (local HTTPS)
This guide shows how to use Caddy as an external reverse proxy in front of the frontend container. It is most useful for local HTTPS or internal networks.
Prerequisites
- Expose the frontend container on a host port (default 8080)
- Add a local domain to your hosts file (or use internal DNS)
- Install Caddy
Step 1: Expose the frontend service
Include the no-proxy override so the frontend is reachable on the host:
docker compose -f compose.yaml \
-f overrides/compose.mariadb.yaml \
-f overrides/compose.redis.yaml \
-f overrides/compose.noproxy.yaml \
config > ~/gitops/docker-compose.yml
docker compose --project-name <project-name> -f ~/gitops/docker-compose.yml up -d
If you changed the HTTP port, note the value of HTTP_PUBLISH_PORT for the next step.
Step 2: Configure Caddy
Add a site block to your Caddyfile (usually /etc/caddy/Caddyfile):
erp.localdev.net {
tls internal
reverse_proxy localhost:8080
}
Replace 8080 with your published frontend port if you changed it.
Step 3: Trust the Caddy root certificate
When using tls internal, Caddy issues certificates from its internal CA. Import and trust the Caddy root certificate on any client that needs to access the site.
See also: TLS/SSL Setup Overview.