catalog / docker.io/library/caddy / criteria

caddy — validation criteria

Per-image acceptance criteria for the docker.io/library/caddy profile (compose-lint#359). Validated against caddy:2@sha256:58483504…, the default file-server configuration.

Representative workload / correctness check

profiles/workloads/caddy.sh — wait for readiness, serve a file-server GET / on :80, send SIGUSR1 to reload the Caddyfile, and serve again. Under the derived config it must complete cleanly. The drop-test correctness check (container-sec-derive testdata/drop-test/correctness/caddy.sh) is the same correctness signal: caddy serves a GET on :80.

capabilities — derived by drop-test

filesystem — derived by drop-test

Scope

Covers the default file server. A caddy configured as a reverse proxy with automatic HTTPS exercises the same capability minimum (NET_BIND_SERVICE, plus :443) and the same filesystem posture, but makes /data load-bearing — it is then strictly required as a persistent volume for certificate storage.