Auto Caddy certificates with docker?

Essentially I’m trying to get the auto HTTPS feature in Caddy working while running it in a docker container. Any ideas on the optimal way of doing this? If not, what would be the best way to configure https manually using tailscale’s certificates?

If you don’t know about the feature, here are a few links:

Did you ever resolve this?

I’m in the same situation.

Tailscale is running smoothly on my Mac. On the same Mac, I also have Rancher Desktop, so I can run Caddy inside a docker container.

I need Caddy in the container (which is forwarding ports 80 and 443 to my Mac) to automatically establish an SSL connection to the Tailscale daemon on my Mac. What Linux pipe or socket should be mounted in the container for this to work?

I think I’ve gotten it working by passing the certificate keys to the docker container with

volumes:
      - /etc/ssl/private:/etc/ssl/private

And in my caddyfile adding a tls directive with

myhost.xxx-yyy.ts.net

root * /srv/www
file_server

tls /etc/ssl/private/myhost.xxx-yyy.ts.net.crt /etc/ssl/private/myhost.xxx-yyy.ts.net.key

It now serves html files from within docker to https://myhost.xxx-yyy.ts.net across my tailnet

@pgcudahy Thank you for your reply.

This does not completely address my post, however. I want to use the automatic HTTPS certificate management on Tailscale (“Caddy Certificates on Tailscale”) that was mentioned above.

Perusing the commit that added TS_PERMIT_CERT_UID did not make it clearer to me how to make this functionality available in the Caddy container.

Does anyone know what to do next?

Thank you!

Hi guys, I think I’ve found the best way around this issue.

Tailscale in main OS but Caddy in docker:
Add this to the volumes for your caddy container

volumes:
- /run/tailscale/tailscaled.sock:/run/tailscale/tailscaled.sock

Tailscale and Caddy in docker:
Check this reddit post: https://www.reddit.com/r/Tailscale/comments/104y6nq/docker_tailscale_and_caddy_with_https_a_love_story/

1 Like

Any idea for where the socket is on MacOS?

Is it in /private/var/run/?