github homeall/caddy-reverse-proxy-cloudflare 2025.09.02
on GitHub

13 hours ago

🚀 Docker Images for This Release

This release provides multi-architecture Docker images (amd64, arm64, and arm) published to both Docker Hub and GitHub Container Registry (GHCR).

🔹 Docker Hub

Note: Docker Hub is the world's most popular public container registry, but it enforces anonymous pull limits. If you are automating deployments or have many servers, consider using GHCR below to avoid interruptions.

Repository: homeall/caddy-reverse-proxy-cloudflare
Tags available: latest, 2025.09.02
Image Digest: sha256:ad88c92727e0bf7eea76c1b0384617f8330ea40eb9ad5bf75bbe49de11c4f6ec

Pull commands: 

docker pull homeall/caddy-reverse-proxy-cloudflare:latest
docker pull homeall/caddy-reverse-proxy-cloudflare:2025.09.02

🔹 GitHub Container Registry (GHCR)

GHCR offers higher pull rate limits, strong integration with GitHub, and is recommended for most CI/CD or cloud-native environments.

Repository: ghcr.io/homeall/caddy-reverse-proxy-cloudflare
Tags available: latest, 2025.09.02

Pull commands: 

docker pull ghcr.io/homeall/caddy-reverse-proxy-cloudflare:latest
docker pull ghcr.io/homeall/caddy-reverse-proxy-cloudflare:2025.09.02

Pull by digest: 

docker pull ghcr.io/homeall/caddy-reverse-proxy-cloudflare@sha256:ad88c92727e0bf7eea76c1b0384617f8330ea40eb9ad5bf75bbe49de11c4f6ec

🔒 Supply Chain Security

These images are signed and include:

  • SLSA Provenance: Downloadable and verifiable from the GitHub UI.
  • Cosign signatures: For tamper-evidence and trust.

How to verify:

1. Verify the image signature (recommended for everyone)

cosign verify \
  --certificate-identity "https://github.com/homeall/caddy-reverse-proxy-cloudflare/.github/workflows/main.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  ghcr.io/homeall/caddy-reverse-proxy-cloudflare:@sha256:ad88c92727e0bf7eea76c1b0384617f8330ea40eb9ad5bf75bbe49de11c4f6ec

2. Download provenance/SBOM from the workflow run artifacts below.

Then verify with:

gh attestation verify --owner homeall <provenance-or-sbom-file.json>

Links:

Download the 'spdx.json' or provenance artifact from the run above to verify.

Note: 'cosign verify-attestation' is not supported for this release, as attestations are not yet published to the registry. Use the provenance file and 'gh attestation verify' instead.

See Sigstore Cosign Docs and GitHub Attestation Docs for full instructions.

Need help or want to report an issue?

Open an issue on GitHub.

Check out latest releases or
releases around homeall/caddy-reverse-proxy-cloudflare 2025.09.02

Don't miss a new caddy-reverse-proxy-cloudflare release

NewReleases is sending notifications on new releases.

Get notifications