- Vue 48.2%
- Go 42.4%
- TypeScript 5.9%
- Dockerfile 1.1%
- CSS 1.1%
- Other 1.3%
Caddy Proxy Manager
A modern web-based management interface for Caddy reverse proxy configurations, similar to nginx proxy manager but built specifically for Caddy.
✨ Features
- 🌐 Web UI: Clean, modern interface built with Vue 3, Vite, and DaisyUI
- 🔒 Automatic HTTPS: Let's Encrypt integration with HTTP-01 and DNS-01 challenges
- 🌍 DNS Challenge Support: Works behind firewalls with DNS providers (Cloudflare, DigitalOcean, DuckDNS, Hetzner, Gandi, DNSimple)
- ⚡ Real-time Management: Direct integration with Caddy Admin API
- 🐳 Containerized: Complete Docker setup with all dependencies included
- 🔧 Easy Configuration: No complex config files - manage everything through the UI
- 📊 Status Monitoring: Real-time proxy status and health monitoring
- 🏥 Health Checks: Monitor upstream server health with configurable intervals and failure thresholds
- 📝 Custom Headers: Add custom request/response headers for enhanced functionality
- 🛡️ IP Access Control: Whitelist or blacklist IP addresses for advanced security
- 📋 Audit Logging: Comprehensive logging of all configuration changes
🚀 Quick Start
Using Docker Compose (Recommended)
-
Clone the repository
git clone <repository-url> cd caddyproxymanager -
Start the services
docker-compose up -d -
Access the web interface
- Proxy Manager UI: http://localhost:8080
- Caddy Admin API: http://localhost:2019 (optional, for debugging)
Manual Installation
Prerequisites
- Go 1.25+
- Node.js 20+
- Caddy 2.7+ with DNS plugins
Backend Setup
cd backend
go mod download
go build -o server ./cmd/server
./server
Frontend Setup
cd frontend
npm install
npm run build
# Serve the built files with your preferred web server
📖 Usage
Creating a Proxy
- Access the UI at http://localhost:8080
- Click "Add Proxy"
- Configure your proxy:
- Domain: Your domain/subdomain (e.g.,
api.example.com) - Target URL: Where to proxy requests (e.g.,
http://localhost:3000) - SSL Mode: Choose automatic HTTPS or HTTP-only
- Domain: Your domain/subdomain (e.g.,
Advanced Proxy Features
Health Checks
Monitor the health of your upstream servers:
- Enable Health Checks: Toggle monitoring for each proxy
- Check Interval: Configure how often to check (default: 30 seconds)
- Timeout: Set request timeout for health checks
- Failure Threshold: Number of consecutive failures before marking as unhealthy
- Success Threshold: Number of consecutive successes to mark as healthy again
Custom Headers
Add custom headers to requests and responses:
- Request Headers: Headers sent to upstream servers
- Response Headers: Headers returned to clients
- Common Use Cases: CORS headers, authentication tokens, custom API headers
IP Access Control
Restrict access based on client IP addresses:
- Whitelist Mode: Only allow specified IP addresses/ranges
- Blacklist Mode: Block specified IP addresses/ranges
- CIDR Support: Use CIDR notation for IP ranges (e.g.,
192.168.1.0/24) - Multiple IPs: Add multiple IP addresses or ranges separated by commas
Audit Logging
All configuration changes are automatically logged:
- User Actions: Track who made what changes
- Timestamps: When changes were made
- Change Details: What was modified
- System Events: Automatic system actions and health check status changes
SSL Certificate Options
Automatic HTTPS (Recommended)
- HTTP-01 Challenge: Standard Let's Encrypt validation (requires port 80 accessible)
- DNS-01 Challenge: DNS-based validation (works behind firewalls)
DNS Challenge Configuration
For DNS challenges, you can configure credentials in two ways:
Option 1: Through the UI (Recommended)
- Select "DNS-01 Challenge" when creating a proxy
- Choose your DNS provider
- Enter your API credentials directly in the form
Option 2: Environment Variables Set these in your docker-compose.yml or environment:
# Cloudflare
CLOUDFLARE_API_TOKEN=your-api-token
# DigitalOcean
DO_AUTH_TOKEN=your-do-token
# DuckDNS
DUCKDNS_TOKEN=your-duckdns-token
# Hetzner
HETZNER_API_TOKEN=your-hetzner-token
# Gandi
GANDI_BEARER_TOKEN=your-gandi-token
# DNSimple
DNSIMPLE_API_ACCESS_TOKEN=your-dnsimple-token
Supported DNS Providers
| Provider | Credentials Required | Notes |
|---|---|---|
| Cloudflare | API Token | Create token with Zone:DNS:Edit permissions |
| DigitalOcean | Auth Token | Personal Access Token with write scope |
| DuckDNS | Token | Your DuckDNS account token |
| Hetzner | API Token | Create token in Hetzner Cloud Console |
| Gandi | Bearer Token | Personal Access Token (API Key deprecated) |
| DNSimple | API Access Token | Generate token in account settings |
🛠 Development
Project Structure
├── backend/ # Go backend server
│ ├── cmd/server/ # Main application entry point
│ ├── internal/ # Internal packages
│ │ └── handlers/ # HTTP handlers
│ └── pkg/ # Public packages
│ ├── caddy/ # Caddy API client
│ └── models/ # Data models
├── frontend/ # Vue.js frontend
│ ├── src/
│ │ ├── components/ # Vue components
│ │ ├── views/ # Page views
│ │ └── services/ # API services
├── docker/ # Docker configuration files
└── docker-compose.yml # Container orchestration
Development Commands
Using the included Justfile:
# Start backend development server
just backend-run
# Start frontend development server
just frontend-dev
# Install dependencies for both
just setup
# Build both frontend and backend
just build
Or manually:
# Backend
cd backend && go run ./cmd/server
# Frontend
cd frontend && npm run dev
Building Custom Caddy
The project uses xcaddy to build Caddy with DNS plugins:
xcaddy build \
--with github.com/caddy-dns/cloudflare \
--with github.com/caddy-dns/digitalocean \
--with github.com/caddy-dns/duckdns \
--with github.com/caddy-dns/hetzner \
--with github.com/caddy-dns/gandi \
--with github.com/caddy-dns/dnsimple
🔧 Configuration
Environment Variables
| Variable | Description | Default |
|---|---|---|
CADDY_CONFIG_FILE |
Path to Caddy config JSON | /config/caddy-config.json |
STATIC_DIR |
Frontend static files directory | /var/www/html |
CLOUDFLARE_API_TOKEN |
Cloudflare DNS API token | - |
DO_AUTH_TOKEN |
DigitalOcean auth token | - |
DUCKDNS_TOKEN |
DuckDNS token | - |
HETZNER_API_TOKEN |
Hetzner DNS API token | - |
GANDI_BEARER_TOKEN |
Gandi bearer token | - |
DNSIMPLE_API_ACCESS_TOKEN |
DNSimple API access token | - |
Ports
| Port | Service | Description |
|---|---|---|
80 |
HTTP | Proxy traffic and ACME challenges |
443 |
HTTPS | Secure proxy traffic |
8080 |
Proxy Manager | Web management interface |
2019 |
Caddy Admin | Caddy API (optional) |
🐳 Docker Configuration
The Docker setup includes:
- Multi-stage build for optimized image size
- Caddy with DNS plugins pre-compiled
- Supervisord for process management
- Persistent volumes for config and certificates
Volumes
./config→/config- Configuration persistence./data→/data- Caddy data (certificates, etc.)./logs→/var/log- Application logs
🔒 Security
- Credentials: Never logged or exposed in responses
- HTTPS: Automatic certificate management
- API: RESTful API with input validation
- Environment: Secure credential storage options
🤝 Contributing
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙏 Acknowledgments
- Caddy - The amazing web server that makes this all possible
- Vue.js - The progressive JavaScript framework
- DaisyUI - Beautiful UI components
Note: This project is in active development. Features and documentation are continuously being improved. Most of the code is written by Claude Code.