Use Caddy instead of NGNIX as your reverse proxy

Here are some notes about how I got my test Discourse instance running with Caddy Server.

Cool stuff about Caddy:

• They use Discourse

• Free SSL with Let’s Encrypt

• HTTP2 and QUIC out of the box

• Easier to configure than nginx

Cons:

• Not as battle tested as apache, nginx and cia.

How To

Preparing Discourse

First, you need to apply this changes to your app.yml:

templates:
  - "templates/postgres.template.yml"
  - "templates/redis.template.yml"
  - "templates/web.template.yml"
  - "templates/web.ratelimited.template.yml"
  - "templates/web.socketed.template.yml" # <<<----- THIS IS NEW

## Leave these two commented out
#  - "templates/web.ssl.template.yml"
#  - "templates/web.letsencrypt.ssl.template.yml"

## Leave these two commented out 
expose:
#  - "8080:80"   # http
#  - "443:443" # https

env:
  ## This should be commented out
  #LETSENCRYPT_ACCOUNT_EMAIL: mymail@gmail.com
  ## This is required to avoid mixed content warnings when behind a reverse proxy
  DISCOURSE_FORCE_HTTPS: true

Preparing Caddy

In the spirit of Discourse, let’s put Caddy in a Docker image too

First prepare with:

mkdir -p /var/caddy/data /var/caddy/config
nano /var/caddy/Caddyfile

Add the following to the Caddyfile (using Caddy v2 syntax):

{
  email MYEMAILHERE@gmail.com
}

forum.example.com { # your domain here
  reverse_proxy unix//sock/nginx.http.sock
}

Save and exit.

Let’s test

Now you need to rebuild Discourse:

cd /var/discourse
./launcher rebuild app

And then run Caddy:

docker run -d \
    -v /var/caddy/Caddyfile:/etc/caddy/Caddyfile \
    -v /var/caddy/data:/data \
    -v /var/caddy/config:/config \
    -v /var/discourse/shared/standalone:/sock \
    -p 80:80 -p 443:443 \
    -p 443:443/udp \
    --restart=always \
    --name caddy \
    caddy:latest

After all, your forum should be avaliable at your domain, using SSL + HTTP2 + QUIC. You can’t more hipster than that.

Last edited by @JammyDodger 2024-05-25T11:20:30Z

Check document

Perform check on document:

I run Caddy’s Discourse forums with this Caddyfile and no container:

forum.caddyserver.com

timeouts off
proxy / localhost:8080 {
	transparent
}

I just set up Discourse (with one easy tweak) and ran Caddy on the host machine.

^ This setup has been tested, and I can confirm it has been running with no glitches for months.

I like how you’ve proxied to the socket and left the ports unexposed.

Neat little guide that one can use as a guideline to easily incorporate their Discourse installation to an existing Caddy proxy, too. Cheers!

But using nginx, as I can see now.

Well, I have more than 1 Discourse install with Caddy in the front, but I didn’t bother to replace the server header and it still shows nginx. Can be the same. Or they are just using the simple Discourse install and have no need to run a reverse proxy at all in the front.

My Discourse sites behind Caddy show nginx as the server too. I guess that transparent setting might make Caddy, uh, transparent.

That might be a bug from a recent change, it didn’t used to do that.

Dear @Falco

Thank you so much for your posting.

I would like to install discourse using caddy condition, but I was confused with your docker command.

I never heard about the caddy, so I follow the digital ocean document

My question is, in the current server situation, Should I change the path
from etc/Caddyfile to /etc/caddy/Caddyfile?

docker run -d \
    -v /var/caddy/Caddyfile:/etc/Caddyfile \
    -v /var/caddy:/root/.caddy \
    -v /var/discourse/shared/standalone:/sock \
    -p 80:80 -p 443:443 \
    -p 80:80/udp -p 443:443/udp \
    --restart=always \
    --name caddy \
    --entrypoint "/usr/local/bin/caddy" \
    abiosoft/caddy -quic -email MYEMAILHERE@gmail.com -agree --conf /etc/Caddyfile --log stdout

Sincerely

This not work on my server. For me, I used:

unix:/var/discourse/shared/standalone/nginx.http.sock

And this is for caddy v1. For caddy v2, please use:

unix//var/discourse/shared/standalone/nginx.http.sock

Just replace “:” to “/”.

That path works if you are following the guide in the OP and running Caddy in docker and mounting the volumes as specified. If you are not following the guide, there will be different paths, yes.

Their forum domain and subdomain are now named under this.

Sorry for bumping old threads, I’m trying to make Caddy work with Discourse. In your Caddy configuration, you use “proxy”, but when I use it, it says that there is a syntax error and that it’s not valid. Hasn’t “proxy” now been changed to “reverse_proxy”?

here’s my config:

forum.example.com {
    reverse_proxy / unix//var/discourse/shared/standalone/nginx.http.sock {
        transparent
    }
}

I think so. Did you try it?

Thanks Matt!
I can confirm that the no container setup still works in 2025

forum.website.com {
        reverse_proxy localhost:8080
}

Using just “proxy” didn’t work.

Works great for me as well!

However, I got “Mixed Content” warnings following that very straightforward setup:

The image showcases error messages indicating the need to upgrade insecure display requests to HTTPS on three identical files related to upgraded versions, with a visual update icon. (Captioned by AI)767×171 29.4 KB

# FORCE SSL 
DISCOURSE_FORCE_HTTPS: true

For reference, these are the current steps for a non-dockerized setup using Caddy as reverse proxy:

1) Adjust the Discourse config file

• Comment out certificates

  templates:
  #  - "templates/web.ssl.template.yml"
  #  - "templates/web.letsencrypt.ssl.template.yml"
  

• Change port mapping and disable 443 mapping

  expose:
  - "8080:80"   # http
  # - "443:443" # https
  

• Force HTTPS for serving static files

  env: 
  DISCOURSE_FORCE_HTTPS: true
  

2) Rebuild Discourse

./launcher rebuild app

3) Setup Caddy

• Install Caddy, just using the official defaults: Install — Caddy Documentation

• Adjust /etc/caddy/Caddyfile

  forum.example.com {
        reverse_proxy localhost:8080
  }
  

  If you have multisite, you can just list your domains:

  forum.example.com, forum2.example.com, forum3.example.com {
        reverse_proxy localhost:8080
  }
  

  You can also run systemctl status caddy to verify the default config file location.

4) Run Caddy

systemctl start caddy

Reload configuration after changes:

cd /etc/caddy
caddy reload

Hey, thanks for the tutorial.

Is there any advantage in using Caddy for a non-multisite setup? Performance or anything else?

I don’t know about that.. I just use this setup on my staging servers now because it’s really easy to add or change instances without running into certificate issues.

I did something similar to this on a multisite setup to streamline the SSL setup…
… but updated to Caddy v2, and using docker-compose with a multisite setup.

In the web.yml:

• using only templates/web.socketed.template.yml and no SSL yml files.
• commenting out the ports "443:443", "80:80" etc.
• adding DISCOURSE_HOSTNAME_ALIASES and DISCOURSE_FORCE_HTTPS: true

This uses the latest version of Caddy 2, which is why it might look different from some of the Caddy v1 configs mentioned above in this topic.

This is the bash file that gets the relevant files initially created and caddy started:

#!/usr/bin/env bash

# Create necessary directories
mkdir -p /var/caddy
mkdir -p /var/caddy/data
mkdir -p /var/caddy/config



# Create the simplified Caddyfile
cat > /var/caddy/Caddyfile << 'EOF'
{
    email your-email-address-here@example.com
}

community1.example.com, community2.example.com, community3.example.com {
    reverse_proxy unix//sock/nginx.http.sock
}
EOF

# Create docker-compose.yml
cat > /var/caddy/docker-compose.yml << 'EOF'
services:
  caddy:
    image: caddy:latest
    container_name: caddy-proxy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - /var/caddy/Caddyfile:/etc/caddy/Caddyfile
      - /var/caddy/data:/data
      - /var/caddy/config:/config
      - /var/discourse/shared/standalone:/sock
EOF

# Navigate to caddy directory and start
cd /var/caddy

# Start Caddy
docker compose up -d

Thanks! I want to switch to Caddy from Nginx. You still have unix//sock/nginx.http.sock - are you using both Nginx and Caddy together?