This repository contains a Docker Compose configuration for setting up Rancher on an Ubuntu server with Caddy as a reverse proxy, optimized for Cloudflare's Full SSL mode.
Saeed Ghanbari - GitHub
- Ubuntu server with Docker and Docker Compose installed
- Domain name configured in Cloudflare with "Full" SSL option
- Cloudflare API token (if using DNS validation)
- Make sure Docker and Docker Compose are installed on your Ubuntu server:
# Install Docker if not already installed
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io
# Install Docker Compose if not already installed
sudo curl -L "https://github.com/docker/compose/releases/download/v2.20.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose- Create the external Docker network:
sudo docker network create rancher-network- Start Rancher using Docker Compose:
# Navigate to the directory containing docker-compose.yml
cd /path/to/rancher
# Start Rancher
sudo docker-compose up -d- Start Caddy using the provided docker-compose.caddy.yml:
# Start Caddy
sudo docker-compose -f docker-compose.caddy.yml up -d- Access Rancher UI:
- Open your browser and navigate to
https://your-domain.com - The first time you access Rancher, you'll be prompted to set a password and the server URL
- For the server URL, make sure to use your domain:
https://your-domain.com
- Open your browser and navigate to
This setup is optimized for Cloudflare's "Full" SSL mode, which means:
- Cloudflare handles SSL from the visitor to Cloudflare
- Caddy handles SSL from Cloudflare to your server
To configure Cloudflare correctly:
- In your Cloudflare dashboard, go to the SSL/TLS section
- Set the encryption mode to "Full"
- Make sure your domain's DNS records point to your server's IP address
- Recommended: Enable "Always Use HTTPS" in the SSL/TLS > Edge Certificates section
The main Rancher configuration file that:
- Uses the external
rancher-networknetwork - Exposes ports 80 and 443 internally (not to the host)
- Sets up volumes for data persistence
- Configures Rancher with appropriate environment variables
The Caddy configuration file that:
- Uses the same external
rancher-networknetwork - Publishes ports 80 and 443 to the host
- Mounts the Caddyfile and data directories
- Configures Caddy with appropriate environment variables
The Caddy server configuration that:
- Sets up reverse proxy to Rancher
- Configures TLS for Cloudflare Full SSL mode
- Handles WebSocket connections
- Sets up proper logging
The docker-compose.yml includes several environment variables that you can customize:
CATTLE_BOOTSTRAP_PASSWORD: Initial admin passwordCATTLE_SERVER_URL: Set this to your domainCATTLE_SYSTEM_DEFAULT_REGISTRY: Set default private registry if neededCATTLE_AGENT_IMAGE: Specify agent imageAUDIT_LEVEL: Audit log level (0=off, 1=minimal, 2=medium, 3=full)CATTLE_MEMORY_LIMIT: Memory limit for RancherCATTLE_PROMETHEUS_METRICS: Enable Prometheus metricsCATTLE_DEBUG: Enable debug mode (for troubleshooting only)
The configuration uses Docker volumes to persist Rancher data:
rancher-data: Stores all Rancher datarancher-audit-log: Stores audit logs if enabled
To upgrade to a newer version of Rancher:
# Pull the latest image
sudo docker-compose pull
# Restart with the new image
sudo docker-compose up -dTo manually back up Rancher data:
# Create a backup directory
mkdir -p backups
# Create a backup
sudo docker run --rm -v rancher_rancher-data:/var/lib/rancher:ro -v $(pwd)/backups:/backups alpine tar -czf /backups/rancher-backup-$(date +%Y%m%d-%H%M%S).tar.gz /var/lib/rancher