SilverBullet with Caddy for HTTPS using Docker Compose on Windows 11

Guides
1

Overview

Certain browsers, Chrome for example, will restrict functionality to sites that are not served via https. I wanted to access such functionality and started on this journey.

The journey started from the community forums with a post by Mr Red, but this assumed a local install of SilverBullet into a Linux OS and then installing Caddy directly into that OS. I wanted a docker approach.

Environment

I am working on a Windows 11 machine, mileage may vary if you use another OS.

Docker Desktop is installed on this machine, using WSL2 (although that should not effect these steps).

Chrome is my browser of choice.

Steps

The steps involved can be distilled into the following:

  • Create a directory somewhere, give it a name that will be reflected in Docker Desktop to represent the compose stack we are going to build.
  • Create directory structure required
  • Add an entry to your hosts file for the local domain you want to use to access your SilverBullet container
  • Create the docker-compose.yml file
  • Create the Caddyfile
  • Launch the compose stack
  • Export the caddy CA cert file
  • Import the CA cert into Windows cert store^1^
  • Test cert is valid and being used using PowerShell
  • Access your local SilverBullet install from Chrome

^(1)^ Whenever the stack is recreated the CA cert will need to be exported and imported into the Windows cert store

In the following steps I have combined some of the steps listed above for simplicity.

Step by step then...

Add hosts entry

On Windows, the hosts file is located at C:\Windows\System32\drivers\etc\hosts

By default, editing this file is restricted to Administrators, you will need to launch your editor as Administrator.

Assuming you want to use the domain silverbullet.local to access your install, add the following entry to the end of the hosts file:

127.0.0.1 silverbullet.local

Compose directory

This is a minimal configuration, just enough to get off the ground:

.
├── caddy
│   └── conf
│       └── Caddyfile
├── docker-compose.yml
└── silverbullet
    └── data

The docker-compose.yml file

This config has no respect for other compose stacks, and it does not make use of shared network, it is a simple example to be used as a starting point.

services:

  silverbullet:
    image: ghcr.io/silverbulletmd/silverbullet
    container_name: silverbullet
    restart: unless-stopped
    volumes:
      - ./silverbullet/data:/space

  caddy:
    image: caddy:latest
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./caddy/conf/Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
    depends_on:
      - silverbullet

volumes:
  caddy_data:
  caddy_config:

The Caddyfile

Again, this is the basics, assumes container is running on default port of 3000 and using the domain added to hosts in previous step.

{
    local_certs
}

silverbullet.local {
    tls internal
    reverse_proxy silverbullet:3000
}

Launch the stack and export the CA certificate

Open a PowerShell terminal and cd to the directory containing the docker-compose.yml file. Enter the following command^1^:

docker compose up -d

The stack is now running as a background process.

To export the Caddy root CA Certificate, issue the following command in the same PowerShell terminal:

docker cp caddy:/data/caddy/pki/authorities/local/root.crt ./silverbullet-root.crt

Launch Explorer in same directory from the terminal:

explorer .

Now double-click on the exported CA Cert file silverbullet-root.crt, a dialog will open. Follow these steps:

  • Select Install -> Local Machine.
  • Place in: Trusted Root Certification Authorities.
  • Click Yes on the scary warning.

Test the certificate is working

From the same PowerShell terminal, issue the following command:

curl.exe -v --ssl-no-revoke https://silverbullet.local

Hopefully there are no errors and everything is working. You should see the content of your index page displayed in the terminal

Access SilverBullet using https

Now you should be able to access SilverBullet using https.

Podman update

I have tested the above on a PodMan install as well and it works as expected. Just change the terminal commands as you would expect:

  • docker ... -> podman ...
  • docker compose ... -> docker-compose ...

Thanks

Thanks for reading!

1 Like