feat: add Caddy web server provider

[masonjames]

Summary

Adds Caddy as an opt-in web-server provider alongside Traefik. Traefik remains the default and is untouched unless a user explicitly runs the guarded migration.

• Provider-neutral web-server abstraction (settings, health, file views become provider-aware)
• Caddy setup + deterministic config generation for dashboard, application, compose, and domain flows
• Guarded Traefik→Caddy migration: dry-run report, live upstream preflight, apply with rollback snapshots, fail-closed on missing artifacts
• Settings UI for provider selection, migration workflow, trusted proxies, and request analytics
• Fail-closed runtime Drizzle migration handling

Related: #1246 (feature request). RFC with architecture comparison: #4615.

Review map — where the +27.8k actually is

Cluster	Files	Lines	Review effort
Generated Drizzle snapshot	3	+8,506	Skip (generated; schema source is web-server-settings.ts)
Tests + fixtures	31 + 3	+7,838 (~200 cases)	Skim for coverage
Docs	1	+515	Removed in regroup
Real source	82	+11,022/−859	Review

Real-source hotspots, largest first:

• packages/server/src/utils/caddy/config.ts (+1,107) — Caddy JSON compilation
• packages/server/src/utils/caddy/migration/ (~4,300 across prepare/apply/rollback/translators/preflight/files/types)
• apps/dokploy/server/api/routers/settings.ts (+881/−23) — provider + migration endpoints (candidate for webServerRouter extraction)
• packages/server/src/utils/caddy/{domain,compose,web-server,types}.ts (~580) — route generation
• packages/server/src/setup/caddy-setup.ts (+332)
• Provider-neutral refactors: services/settings.ts, services/web-server-settings.ts, services/domain.ts, utils/docker/domain.ts, db schema/validations
• UI: components/dashboard/settings/web-server/* (migration panel, provider selector, trusted proxies, env editor), domains/handle-domain.tsx, show-traefik-* made provider-aware
• Analytics: utils/access-log/{utils,handler}.ts

Safety model

• Traefik default; direct provider switching is blocked outside migration/rollback flows
• Caddy config paths constrained to Dokploy-owned directories
• Manual Caddy fragments detected; unsafe migration output conflicts block apply
• Unsupported BasicAuth hashes blocked, not silently downgraded
• Migration reports sanitized for non-admin surfaces

Validation

Fresh run on the regrouped branch (2026-06-10):

• pnpm --filter=@dokploy/server typecheck — clean (tsc --noEmit)
• pnpm --filter=dokploy typecheck — clean (tsc --noEmit)
• pnpm --filter dokploy run test — 80/81 test files pass: 710 passed, 1 skipped, 4 failed. All 4 failures are in __test__/deploy/application.real.test.ts ("REAL Execution" tests that require the local Docker daemon to be a swarm manager) — environment-dependent and unrelated to this PR; every caddy/db/traefik suite passes
• Running in production since 2026-06-01 on a 2-node swarm: ~30 services, ~40 domains, HTTP/3, Prometheus metrics; one documented failed-and-rolled-back cutover (2026-05-23) drove the fail-closed preflight design

[dosubot]

Related Knowledge

1 document with suggested updates is ready for review.

Dokploy's Space

README /dokploy/blob/canary/README.md — ⏳ Awaiting Merge

^{How did I do? Any feedback?}  

[masonjames]

Architecture RFC for this PR (comparison with the label-driven approach, production evidence, and a proposed stacked split so nobody has to review 27.8k lines at once): #4615 — a commit regroup and a review-map description update for this PR are coming shortly to make it tractable.