Caddy would have the bridge proxy network and the port 443 exposed.
version: "3.7"
networks:
proxy-network:
external: true
# needs to be created manually bevor running (docker create network proxy-network)
services:
caddy:
image: caddy
container_name: caddy
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- ./data:/data
- ./config:/config
- ./Caddyfile:/etc/caddy/Caddyfile:ro
networks:
- proxy-network
Other services:
version: "3.7"
networks:
proxy-network:
external: true
services:
app:
image: app
container_name: app
restart: unless-stopped
volumes:
- ./app-data:/data
networks:
- proxy-network
Caddy can now talk to the app with the apps container_name.
Caddyfile:
homepage.domain.de {
reverse_proxy app:80
}
So the reverse proxy network is an extra network only for containers that need to be exposed.
I've just posted a little example. I'd recommend doing it this way. No more thinking about what port is allready exposed etc