feat: add Caddy web server provider#4534
Conversation
|
Related Knowledge 1 document with suggested updates is ready for review. Dokploy's Space README
|
46a438e to
7baf056
Compare
|
Architecture RFC for this PR (comparison with the label-driven approach, production evidence, and a proposed stacked split so nobody has to review 27.8k lines at once): #4615 — a commit regroup and a review-map description update for this PR are coming shortly to make it tractable. |
…o behavior change)
8a4292f to
0dcc5f9
Compare
…validate Caddy's Server.trusted_proxies_strict JSON field is an int; the compiler emitted a JSON boolean, so `caddy validate` rejected any config with strict trusted proxies enabled. Found in production on 2026-06-10. Emit 1 when strict; keep omitting the field otherwise.
Resolves conflicts with 16 upstream commits, notably: - Renumber caddy migration 0172_parched_ares -> 0173_cool_vargas (upstream 0172_quick_the_professor from concurrent deployments Dokploy#4645 is canonical); regenerated snapshot on top of upstream's, restored idempotent DDL so hosts that applied the old identity no-op cleanly - Adopt dynamic traefik container resolution in access-log cleanup (Dokploy#4646) within the provider-aware handler - Accept admin-tools refactor (Dokploy#4625): traefik file-system modal is deleted; /dashboard/traefik page with ServerFilter is now the entry point and is cloud-enabled, ShowTraefikSystem stays provider-aware with a provider-aware empty state path - Fold buildsConcurrency (server + webServerSettings) alongside caddy provider columns in db schema - Tailwind v4 class renames (shadow-xs, h-140) applied to our provider-aware components, keeping caddy language switch and pointer-events-none read-only overlay fix Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Upstream's concurrent deployments (Dokploy#4645) allow builds to finish simultaneously. The active caddy.json is compiled from the fragments directory, so an unsynchronized read-compile-write could publish a config missing a concurrently written fragment, and the rm-rf-based restoreCaddyRouteFragments rollback could delete another deployment's fragment outright. Add a per-server promise-chain lock; the public compile+reload entry takes it, and the fragment read-modify-write flows (application domains, compose domains, dashboard route) hold it across their full capture-mutate-compile-rollback sequences. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Mechanical move of the 20 provider/web-server/caddy-migration procedures plus their input schemas and helpers from settings.ts into web-server.ts, spread back into settingsRouter so client api.settings.* paths and existing tests are unchanged. settings.ts now carries only the in-place provider-awareness edits to upstream procedures, which keeps its diff against canary reviewable. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
getActiveWebServerProvider was adminProcedure, but it is consumed by member-visible surfaces: domain forms, application traefik/caddy config views, and the web-server files page (cloud-enabled by the admin-tools refactor Dokploy#4625 and gated only by traefikFiles.read). For non-admin members the query returned FORBIDDEN, so provider resolution failed and those surfaces silently degraded (e.g. traefik-only fields shown on caddy installs, file editor locked). getWebServerSettings, a superset of this data, is already protectedProcedure; ensureServerAccess keeps remote-server lookups scoped to the caller's organization. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Apply the shadow-xs rename from the tailwind v4 migration (Dokploy#4706) to the caddy components it could not have touched, and biome-format the provider-aware empty state. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
|
Merged
Validation on the merged branch: both typechecks clean; 758 tests passed / 1 skipped, with only the 4 known environment-dependent |
# Conflicts: # apps/dokploy/drizzle/meta/0173_snapshot.json # apps/dokploy/drizzle/meta/_journal.json
…12-refresh # Conflicts: # apps/dokploy/drizzle/meta/0174_snapshot.json # apps/dokploy/drizzle/meta/_journal.json
|
Updated this branch against current New in the latest push:
Fresh validation: both typechecks pass; the complete Caddy suite passes (29 files, 215 tests); the merged encryption suite passes (10 tests); Biome passes on the updated source/test files; migration indexes/tags are unique and ordered. |
Summary
Adds Caddy as an opt-in web-server provider alongside Traefik. Traefik remains the default and is unchanged unless an administrator completes the guarded migration.
Related: #1246. Architecture RFC: #4615.
Review map
The largest files are generated Drizzle snapshots and test fixtures. The main review surfaces are:
packages/server/src/utils/caddy/config.ts- fragment store, deterministic compilation, config locking, validation, reload, and filtered access logspackages/server/src/utils/caddy/migration/- preparation, translators, runtime preflight, apply, rollback, and durable artifactspackages/server/src/setup/caddy-setup.ts- standalone and Swarm lifecycle, immutable image support, candidate validation, convergence, and rollbackapps/dokploy/server/api/routers/web-server.ts- provider, settings, request-log, health, and migration endpointspackages/server/src/services/settings.ts- provider-aware setup and verified network attachmentcomponents/dashboard/settings/web-server/- opt-in migration and provider controlsSafety model
CADDY_IMAGEaccepts a full digest-pinned reference; the default remainscaddy:2.11.4.X-Api-Key, remove query strings, and redact application/Compose deploy credentials before persistence.Current
canaryintegrationMerged through
2e867c5be1fa3c136d0d3f738f0c0d39e1d4de6eon 2026-07-12.0174_great_naoko.0175_nebulous_nightshade.0174_great_naoko,0175_nebulous_nightshade.Validation - 2026-07-12
pnpm install --frozen-lockfilepnpm --filter=@dokploy/server typecheck- passedpnpm --filter=dokploy typecheck- passedpnpm --filter=dokploy test --run __test__/caddy- 29 files, 215 tests passedpnpm --filter=dokploy test --run __test__/env/encryption.test.ts- 10 tests passed0174to0175lineage - passedProduction evidence
The Caddy path is running on a two-node Swarm with Caddy 2.11.4. The current production candidate passed signed immutable-image verification, schema preflight, guarded promotion, container health, all 17 cataloged public routes, and the authenticated 15/15 platform health profile. Privacy canaries confirmed that API keys, query strings, and deploy credentials do not persist in request logs.
The production failures that informed the final hardening are covered by failure-injection tests: pull failure leaves the current edge untouched; creation/start/reconnect/network/config/upstream failures restore it; Swarm update failure restores the prior service specification.