Caddyfile config use case: I don’t use it as a proxy but only to host a static website. No auth or anything fancy here.

I maintained a fork of the official project because:

• Cache is active
• Run under alpine 3.8 (not scratch)
• Added UPX
• Added curl to do the healthcheck when docker service create. You must use healthcheck for serious orchestration.
• Added tiny, init for containers
• Removed exposing 80 443 as it's managed by Traefik (proxy). See my super-duper docker-stack for a better context.

Get an A+ on security header out of the box.

Before I was using CloudFlare worker (5$ per month) to get the same result. I asked myself, how does a ‘real server’ is configured to manage the security-header? This is how.

More features, much lighter. In the screenshot, you see the uncompressed sized on my local machine.

Launch those three bash scripts from your terminal:

./runup.sh
./runup-caddyfile.sh (mount the Caddyfile)
./rundown.sh