The Caddyfile was bind-mounted as a single file. ansible.builtin.template writes
atomically (temp + rename), so a re-render swaps the file's inode while the running
container keeps the old one — `caddy reload` then re-read stale config and silently
no-op'd ("config is unchanged"), so new routes never loaded. Surfaced deploying the
NetBird route: Caddy never requested its cert. Fix: render to ./caddy/Caddyfile and
mount the ./caddy DIRECTORY at /etc/caddy — directory mounts reflect inode swaps, so
graceful `caddy reload` works. Proven on askari: atomic replace in the host dir is
visible inside the running container.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
27 lines
471 B
Django/Jinja
27 lines
471 B
Django/Jinja
# {{ ansible_managed }}
|
|
services:
|
|
caddy:
|
|
image: {{ reverse_proxy__image }}
|
|
container_name: caddy
|
|
restart: unless-stopped
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
{% if reverse_proxy__acme_dns_provider == 'gandi' %}
|
|
env_file:
|
|
- ./env
|
|
{% endif %}
|
|
volumes:
|
|
- ./caddy:/etc/caddy:ro
|
|
- caddy_data:/data
|
|
- caddy_config:/config
|
|
networks:
|
|
- boma
|
|
|
|
volumes:
|
|
caddy_data:
|
|
caddy_config:
|
|
|
|
networks:
|
|
boma:
|
|
name: boma
|