boma/roles/reverse_proxy/templates/docker-compose.yml.j2
sjat 3a31b8e6f4 fix(reverse_proxy): bind-mount the Caddy config dir so reload sees changes
The Caddyfile was bind-mounted as a single file. ansible.builtin.template writes
atomically (temp + rename), so a re-render swaps the file's inode while the running
container keeps the old one — `caddy reload` then re-read stale config and silently
no-op'd ("config is unchanged"), so new routes never loaded. Surfaced deploying the
NetBird route: Caddy never requested its cert. Fix: render to ./caddy/Caddyfile and
mount the ./caddy DIRECTORY at /etc/caddy — directory mounts reflect inode swaps, so
graceful `caddy reload` works. Proven on askari: atomic replace in the host dir is
visible inside the running container.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-16 07:44:45 +02:00

27 lines
471 B
Django/Jinja

# {{ ansible_managed }}
services:
caddy:
image: {{ reverse_proxy__image }}
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
{% if reverse_proxy__acme_dns_provider == 'gandi' %}
env_file:
- ./env
{% endif %}
volumes:
- ./caddy:/etc/caddy:ro
- caddy_data:/data
- caddy_config:/config
networks:
- boma
volumes:
caddy_data:
caddy_config:
networks:
boma:
name: boma