How to install Docker and Docker Compose on Linux/Ubuntu
As soon as you run more than one service, or want a proper address with HTTPS, you need a reverse proxy. It accepts requests on ports 80 and 443 and routes them to the right service. Caddy is ideal for this, because it obtains and renews TLS certificates fully automatically through Let's Encrypt. This guide sets up Caddy and serves your first service under a domain.
10 minIntermediateTested on Ubuntu 24.04Updated 2026-06-18
In short
Install Caddy, point your domain at the local service in the Caddyfile, then reload. Caddy fetches the HTTPS certificate on its own.
Instead of exposing every service directly, everything goes through one central point. The reverse proxy decides, based on the domain, which service a request goes to, and encrypts the connection. That way you reach, for example, app.example.com and cloud.example.com on the same server, cleanly separated and each with HTTPS.
You need a domain whose DNS points to your server. Create an A record that points to your IPv4. Ports 80 and 443 also need to be open, because Let's Encrypt verifies your domain over port 80:
The first time you visit your domain, Caddy automatically fetches a certificate and switches to HTTPS. Open https://example.com and your site is reachable encrypted, with no manual certificate handling at all.
Each subdomain gets its own certificate, automatically.
Caddy in a container too
You can also run Caddy as a Docker container. When Caddy runs natively on the host as shown here, reverse_proxy simply points to your containers' published ports, such as localhost:8080. That is the simplest way to start.
