R.001 / TechnologyINFRASTRUCTURE
§ Tech.00
Caddy — Automatic SSL and routing
Modern web server and reverse proxy. Routes traffic to the correct Docker container, auto-provisions and renews Let's Encrypt SSL certificates with zero manual configuration. Wildcard subdomains — each service gets its own automatically.
Auto TLS
zero manual renewal
Wildcard subdomains
per-service routing
Runs under Coolify
you never touch it
§ Tech.01Replaces
What it replaces
| Concern | Traditional setup | Caddy approach |
|---|---|---|
| SSL renewal | Manual certbot cron, gets forgotten | Automatic — renews before expiry, every time |
| Nginx config | Server block per service, manual reload | Config generated by Coolify, zero manual editing |
| Subdomain routing | Manual DNS + proxy config per subdomain | Wildcard cert + auto-routing — new service = new subdomain instantly |
| Expired cert errors | Site goes red, clients see warnings | Never happens — renewal is Caddy's job, not yours |
STACKD clients never interact with Caddy. It runs silently under Coolify and keeps every service reachable and secure.
§ Tech.02Pipeline
How STACKD uses it
- Every service in the stack gets its own subdomain (n8n.client.com, crm.client.com) — Caddy routes all of them
- Let's Encrypt certificates auto-provisioned and renewed — no expired SSL incidents, ever
- Runs inside Coolify's Docker network — STACKD configures it once during setup, clients never touch it
§ Tech.03Business case
Business outcomes
All industries
8 services on one box — each with its own subdomain, each with valid SSL, none requiring manual cert work
Zero SSL incidents across all client deployments
All industries
New service added to client stack → Coolify creates container → Caddy routes subdomain → cert issued automatically
New service live in under 5 minutes from git push
All industries
Caddy handles HTTPS redirect, HTTP/2, HSTS headers automatically
Security headers correct out of the box
§ Tech.04Systems