Caddy, Wildcard Certs and Ghost

Friday, May 23, 2025 | 1 minute read | Updated at Friday, May 23, 2025

@

The Problem

Hosting multiple applications on subdomains requires a strategy for SSL certificates. The specific example involves deploying Ghost blogging software to blog.geoffcorey.com while redirecting the root domain to this subdomain. The setup uses wildcard Let’s Encrypt certificates to avoid generating separate certificates for each subdomain.

Cloudflare API Token

DNS configuration requires Cloudflare. The CaddyBuilds/caddy-cloudflare Docker image provides DNS challenge support for obtaining wildcard certificates.

Setup: Docker Compose & Caddy Configuration

docker-compose.yml

The configuration includes three services:

  • Caddy (ghcr.io/caddybuilds/caddy-cloudflare:latest) - reverse proxy with DNS challenge support
  • Ghost (ghost:latest) - blogging platform
  • MariaDB - database backend

All services use environment variables from .env and connect via internal Docker networks.

.env File

Contains sensitive configuration:

  • Cloudflare API token
  • Ghost database credentials
  • Database host and root password

Caddyfile

Defines routing rules:

  • Root domain redirects to subdomain
  • Wildcard certificate covers all *.geoffcorey.com domains
  • Ghost reverse proxy handles requests to blog.geoffcorey.com:2368

Results

Users access https://geoffcorey.com and are automatically redirected to https://blog.geoffcorey.com. Additional applications (Immich, Jellyfin) can be added with new subdomain entries in the wildcard configuration.

Previous page Setup a Self-Hosted Ghost Blog with Docker and Caddy
Next page Snowflake: conversion of timestamp NTZ to UTC with offset

© 2025 - 2026 Geoff Corey's Blog

🌱 Powered by Hugo with theme Dream.

About Me

Contact

Email: me @ geoffcorey.com

Current Role

North - Senior Manager (Aug 2019 - Present, Remote) Manager for PayAnywhere API team utilizing Node.js, PostgreSQL, Snowflake, and AWS.

Professional Experience

IBM - Software Developer

Oct 2015 - Aug 2019 | Durham, NC

  • Developed open-source continuous delivery services for Kubernetes
  • Built IBM Cloud Kubernetes Service API/CLI with GoLang and Docker
  • Created IBM Bluemix DevOps tools using Cloud Foundry and Node.js
  • Patent filed Mar 31, 2017: “Container chaining for automated process completion” (US20180285156A1)

UDU LLC - Application Architect

Dec 2014 - Sep 2015 | Durham, NC

  • Reduced infrastructure costs by 60%
  • Designed REST services with MongoDB, Redis, Node.js on AWS
  • Developed chat service using Node.js and Faye
  • Created microservices for image manipulation
  • Evaluated Docker container architectures

TotalCast LLC - Director of Technology

Mar 2014 - Dec 2014 | Raleigh, NC

  • Commercialized patents for Capitol Broadcasting Company
  • Managed TV watch app development for WRAZ FOX50
  • Designed DRM server for encrypted Apple HLS streams in GoLang
  • Built auto-scaling architecture on AWS

Additional Notable Positions

  • Ignite - Contract Software Engineer (Nov 2013 - Feb 2014)
  • 6fusion USA - Senior Software Engineer (Sep 2011 - Oct 2013)
  • Independent Consultant (Jul 2008 - Sep 2011)
  • National Cinemedia/Creoss - Program Manager (Mar 2011 - Jul 2011)
  • ESRG Tech/Creoss - Program Manager (Nov 2009 - Dec 2010) - U.S. Navy engine monitoring systems
  • Digitalsmiths - Senior Software Engineer (Sep 2008 - Nov 2009)
  • GameVee.com - Development Lead/Application Architect (Feb 2007 - Sep 2008)
  • Pheasant Creek Coffee LLC - Owner (Jul 2004 - Feb 2008)
  • Sprint - Senior Manager (Jul 2001 - Jul 2004) - Led team of 30+ for SprintPCS.com
  • Red Sky Interactive - Team Lead (Sep 2000 - Jul 2001)
  • Online Insight, Inc - Manager of Technical Services (Jul 1999 - Sep 2000)
  • McKesson HBOC - Software Engineer (Nov 1998 - Jul 1999)
  • ClientLink, Inc - Director of Object Technologies (Feb 1997 - Aug 1998)
  • Additional roles from 1990-1996 in database and software engineering

Education

University of North Carolina at Greensboro BS, Information Systems and Operations Management (1985-1989)

Patents

Container Chaining for Automated Process Completion

View on Google Patents

This patent describes “a method obtains a configuration for an automated process that includes discrete tasks.” The system allows users to specify different container images for each task and define the sequence for instantiating containers to complete the process. The method automatically identifies the next container to execute and repeats this process until all tasks are finished.

Intra-Media Demarcation

View on Google Patents

This patent presents a mechanism enabling users to “mark one or more sections of the media’s timeline for later reference.” The system stores demarcation data as metadata while preserving the original media intact. An enhanced player can then display these highlighted sections during playback without modifying the source material, allowing viewers to experience both the complete media and the annotated portions.