This README provides a detailed guide on setting up a Docker Compose environment that integrates Tailscale and Caddy for secure HTTPS communication. The configuration involves using Caddy as a web server and reverse proxy, and Tailscale for creating a secure, private network.
- Docker and Docker Compose installed on your system.
- An active Tailscale account. To get your Tailscale auth key, visit the Tailscale admin console.
- Caddy: An efficient web server that automatically handles HTTPS certificates.
- Tailscale: A secure VPN service that creates a private network for your devices.
- Web Servers (web1, web2, web3): Sample HTTP servers for demonstration purposes.
This file orchestrates the deployment of the Caddy server, Tailscale service, and three web servers. Key configurations include:
-
Caddy Service: Configures the Caddy server, specifying the necessary ports (80, 443) and linking to the Caddyfile and other directories for configuration and data storage.
-
Tailscale Service: Sets up Tailscale within the Docker environment, enabling secure communication between containers and external Tailscale nodes.
-
Web Services: Deploys three instances of the HTTP server, demonstrating the load-balancing and reverse proxy capabilities of Caddy.
The Caddyfile is the central configuration file for the Caddy web server. It defines how requests are routed and handled. Key features in the Caddyfile include:
- Automatic HTTPS: Caddy will automatically obtain and renew SSL certificates for secure communication.
- Reverse Proxy Settings: Configuration directives for routing requests to appropriate backend services.
The Tailscale auth key is stored in a .env
file to keep it secure and separate from the main docker-compose.yml
file. This file is used to set environment variables for the Tailscale service in the Docker Compose configuration. env_file: .env
is used in the docker-compose.yml
file to load the Tailscale auth key from the .env
file.
Proper volume mapping is crucial for enabling Caddy and Tailscale to function correctly within Docker. The configuration ensures that necessary files, like the Caddyfile and Tailscale's socket file, are accessible within containers.
-
Clone the Repository: Start by cloning this repository to your local machine.
-
Tailscale Authentication: Ensure that Tailscale is authenticated and running. This may involve logging into your Tailscale account and connecting your device to your Tailscale network.
-
Launching Services: Run
docker-compose up
to start the Caddy server, Tailscale service, and web servers. This command pulls the necessary Docker images and creates the containers based on thedocker-compose.yml
configuration. -
Accessing Web Services: Once the services are up and running, you can access the web servers through your Tailscale network securely via HTTPS.
-
Customization: Feel free to customize the
Caddyfile
and Docker Compose file according to your specific requirements.
The command docker exec tailscaled tailscale cert <domain>.ts.net
is used to generate a certificate for a specific domain within the Tailscale network, allowing Caddy to serve HTTPS content for that domain. Be sure restart docker-compose
after generating a new certificate.
This setup demonstrates a scalable and secure way to deploy web services using Docker, Caddy, and Tailscale. It's suitable for personal projects, development environments, homelabs, or small-scale enterprise applications. The automatic handling of HTTPS by Caddy and the secure networking provided by Tailscale make this setup robust for various use cases.
For further reading and community support, you can explore discussions on Tailscale's forum and Caddy's community pages