How do I deploy Caddy Zero Trust on Railway?

You can deploy Caddy Zero Trust on Railway by clicking the "Deploy Now" button on this page. Railway will automatically set up all the necessary services and configurations for you.

What are the system requirements?

Railway handles all the infrastructure requirements. You only need a web browser to deploy and manage your application.

Is this template free to use?

Yes, this template is free to use within your existing Railway account.

Can I customize this template?

Yes, you can fully customize this template. After deployment, you will have full control of what you've deployed in your Railway project.

How do I get support for this template?

You can get support through our community forum: caddy-zero-trust-eb5c4264, or join our Discord community for more assistance.

Deploy and Host caddy-zero-trust on Railway

caddy-zero-trust is a lightweight authentication proxy built on Caddy. It protects internal services with Basic Auth, converting plain passwords to bcrypt hashes at startup. Designed to run behind TLS-terminating edges like Railway, it proxies authenticated requests to private upstream services.

About Hosting caddy-zero-trust

Deploying caddy-zero-trust on Railway requires minimal configuration. The service runs as a Docker container that listens on port 80, while Railway handles TLS termination and certificate management. You configure three environment variables: username, password, and the upstream service URL. The entrypoint script hashes the password at boot, so no manual bcrypt generation is needed. Railway's private networking allows caddy-zero-trust to reach internal services that have no public exposure.

Common Use Cases

Protect Celery Flower dashboards from unauthorized access
Add authentication to internal monitoring tools (Grafana, Prometheus UI)
Gate access to admin panels or debug endpoints in staging environments

Dependencies for caddy-zero-trust Hosting

Docker-based deployment environment
Target service running on the same Railway project with private networking enabled

Deployment Dependencies

Caddy - Web server handling reverse proxy and Basic Auth
Railway Private Networking - Internal service communication

Implementation Details

Environment variable configuration using Railway's variable interpolation:

AUTH_USER=admin
AUTH_PASS=your-secure-password
UPSTREAM_URL=http://${{your-service.RAILWAY_PRIVATE_DOMAIN}}:${{your-service.PORT}}

The Caddyfile uses these variables at runtime:

:80 {
	basic_auth /* {
		{$AUTH_USER} {$AUTH_PASS_HASH}
	}

	reverse_proxy {$UPSTREAM_URL}
}

Why Deploy caddy-zero-trust on Railway?

Railway is a singular platform to deploy your infrastructure stack. Railway will host your infrastructure so you don't have to deal with configuration, while allowing you to vertically and horizontally scale it.

By deploying caddy-zero-trust on Railway, you are one step closer to supporting a complete full-stack application with minimal burden. Host your servers, databases, AI agents, and more on Railway.