Custom SSL/TLS certificates #

Here is an example service that uses a custom SSL cert which is stored in /etc/certs inside the Caddy container.

We suggest to map the /etc/certs directory to a volume or use the s3 storage backend instead of baking the certificate files into the container.

Once you generated your private key and purchased your certificate, you usually receive two files. Combine your server certificate and the bundle into a fullchain.pem:

cat server.crt bundle.pem > fullchain.pem

Then proceed to upload the files and configure the stack like in the following example:

version: '3.8'

services:
  example:
    image: wordpress
    networks:
      - public
    deploy:
      labels:
        caddy: wordpress.example.org
        caddy.tls: /ssl/certs/fullchain.pem /ssl/certs/key.pem
        caddy.reverse_proxy: "{{upstreams 80}}"

networks:
  public:
    external: true
    name: public