Caddy & SSL

How Launchtic handles HTTPS using Caddy as the reverse proxy.

Caddy is built-in

Launchtic includes Caddy as a Docker service. You don't need to install or configure Nginx, Certbot, or anything else — SSL is fully automatic.

When you provide your domains during installation, Caddy:

1. Listens on ports 80 and 443
2. Redirects all HTTP → HTTPS
3. Issues Let's Encrypt certificates for both domains automatically
4. Renews certificates before they expire (no cron job needed)

Requirements for SSL to work

• Ports 80 and 443 must be open on your firewall
• DNS A records for both your app domain and pages domain must point to the server IP
• The ACME_EMAIL in .env must be a valid email (Let's Encrypt sends renewal alerts there)

Changing your domains

To update your domains after installation:

1. Edit .env:

APP_DOMAIN=newapp.yourdomain.com
PAGES_DOMAIN=newpages.yourdomain.com
APP_URL=https://newapp.yourdomain.com
NEXTAUTH_URL=https://newapp.yourdomain.com
RENDERER_URL=https://newpages.yourdomain.com
ACME_EMAIL=admin@yourdomain.com

2. Update your DNS A records to point to the server IP
3. Wait for DNS to propagate — verify with dig newapp.yourdomain.com
4. Restart: docker compose restart

Caddy will request new SSL certificates for the new domains automatically.

View Caddy logs

docker compose logs -f caddy

Custom Caddy config (advanced)

The Caddyfile is at Caddyfile in the root of the launchtic/ directory. Edits take effect after:

docker compose restart caddy