docker compose.yml
services:
caddy:
image: caddy:2.11-alpine
container_name: caddy
restart: unless-stopped
networks:
- caddy_network
volumes:
- caddy_data:/data
- caddy_config:/config
- ./Caddyfile:/etc/caddy/Caddyfile
environment:
- CF_API_EMAIL=wwo@qq.com
- CF_API_KEY=437fac4d96a30a73f79d9c67a2134efd14325
ports:
- "80:80"
- "443:443"
command: caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
mariadb:
image: mariadb:11.8.5
container_name: mariadb
restart: always
environment:
- TZ=Asia/Shanghai
- MYSQL_ROOT_PASSWORD=OpsXlab!2026
- MYSQL_DATABASE=typecho_db
- MYSQL_USER=typecho_user
- MYSQL_PASSWORD=C%wut@QVuLBRe88#
volumes:
- /opt/mariadb/data:/var/lib/mysql
- /opt/mariadb/config:/etc/mysql/conf.d/
networks:
- caddy_network
typecho:
image: joyqi/typecho:nightly-php8.2-apache
container_name: typecho
restart: always
networks:
- caddy_network
volumes:
- /opt/typecho:/app/usr
environment:
- TYPECHO_SITE_URL=https://blog.blt.cc
- TYPECHO_DB_ADAPTER=Pdo_Mysql
- TYPECHO_DB_HOST=mariadb
- TYPECHO_DB_PORT=3306
- TYPECHO_DB_USER=typecho_user
- TYPECHO_DB_PASSWORD=C%wut@QVuLBRe88#
- TYPECHO_DB_DATABASE=typecho_db
it-tools:
image: corentinth/it-tools:latest
container_name: it-tools
restart: unless-stopped
networks:
- caddy_network
networks:
caddy_network:
name: caddy_network
driver: bridge
volumes:
caddy_data:
caddy_config:
Caddyfile
你的域名 {
# 安全响应头
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "strict-origin-when-cross-origin"
Permissions-Policy "geolocation=(), microphone=(), camera=()"
-Server
}
# 压缩(自动 brotli + gzip)
encode gzip zstd
# 反向代理
reverse_proxy typecho:80
}