services: caddy: build: context: ./caddy-labeled dockerfile: Dockerfile container_name: caddy restart: unless-stopped ports: - "80:80" - "443:443" - "443:443/udp" # HTTP/3 environment: - CADDY_INGRESS_NETWORKS=proxy - CF_API_TOKEN=${CF_API_TOKEN} volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - caddy_data:/data - ./Caddyfile:/etc/caddy/Caddyfile:ro - ./users.json:/data/users.json:ro networks: [proxy] command: ["caddy","docker-proxy","--caddyfile-path=/etc/caddy/Caddyfile","--docker-sockets","unix:///var/run/docker.sock"] portainer: image: portainer/portainer-ce:latest container_name: portainer restart: always expose: - "9000" # HTTP UI внутрь докера - "8000" # Edge (если нужен: лучше через NetBird; иначе публикуйте отдельно с FW) volumes: - /var/run/docker.sock:/var/run/docker.sock - portainer_data:/data networks: [proxy] labels: caddy: port.realy.nothing.help caddy.encode: zstd gzip caddy.import: auth_portal_forwarder caddy.reverse_proxy: "{{upstreams 9000}}" volumes: caddy_data: portainer_data: networks: proxy: external: true