Easy HTTPS Proxy Using Caddy on DigitalOcean.

April 28, 2017

The setup need DigitalOcean account and Domain on DigitalOcean’s nameserver. Otherwise, it’d need a different step to complete.

If you need a good HTTPS proxies that come with auto Let’s Encrypt certificates and already a user of DigitalOcean. Here I’ve got an easy but solid way to deploy one. Already using this on a production servers with no problem so far.

Caddy server is already the easiest server that you can install on Linux. But I decided to use docker with it because it’s easier for me to control volume and settings.

From beginning to deploy.

  • Setup domain to use DigitalOcean’s nameserver.
  • Create droplet using pre-defined docker droplet.
  • Add A or CNAME that point domain to droplet’s IP address.
  • SSH into droplet and create directory caddy in home directory.
  • Enable ufw port 443.
  • Create DigitalOcean auth token and keep it close.
  • Create Caddyfile in home directory.
  • Create docker-compose.yml in home directory.
  • From home directory, use command docker-compose up -d
  • Caddy’s online. That’s it. No more hassle.
# proxy's url (domain that we set record earlier.)
front-end-url:443 {
# backend's servers can be single or multiple servers
# SSL terminate here.
proxy / backend-url-1:80 backend-url-2:80 backend-url-3:80 {
policy round_robin
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}
header_upstream X-Forwarded-Proto {scheme}
tls {
# verify ssl certificate using dns from DigitalOcean really save me from a lot of pain.
dns digitalocean
version: '3'
image: zzrot/alpine-caddy
- 443:443
- ./Caddyfile:/etc/Caddyfile
- ./caddy:/root/.caddy
# don't forget to add volume, otherwise you will request new certificate
# every time server restart and exceed letsencrypt quota in the process.
# get this token from setting page.

Where to go from here

See official documentation of Caddy. There’s a lot of features that can be easily setup using simple directives.