CaddyUI v2.12.12 — AI tool calling: chat the assistant into actually building proxy hosts

🔧 AI tool calling — chat the assistant into building things v2.12.11

The AI assistant always knew how to write Caddyfile snippets — copy/paste them into /caddyfile-import and you'd get a proxy host. v2.12.11 closes that loop: the model emits a structured tool call, you see a confirmation card with the parameters, click Apply, and CaddyUI creates the resource for real.

Two tools shipped today:

The system prompt tells the model when to call a tool vs. just write a snippet:

• "create a proxy host for X" / "set up X" / "add X" → tool call
• "redirect old.com to new.com" → tool call
• "what's the Caddyfile for X" / "explain X" / "how would I configure X" → just write a snippet, no tool

Implemented over Ollama's OpenAI-compatible tools array. Works on qwen2.5, qwen2.5-coder, llama3.1+, gemma2; older or smaller models silently ignore the tools field, so back-compat is automatic. Every successful exec writes an ai_tool_call row to the activity log with the resource ID + a human-readable summary, so admins can audit what the AI actually did.

💬 Chat polish — memory, markdown, custom prompts v2.12.7, v2.12.10

Three rounds of polish on the AI panel that landed alongside tool calling:

• Conversation memory. /api/ai/chat now accepts {messages:[{role,content},...]} for multi-turn context. Every prior turn is sent with the next request, so "make one here" or "add to that" actually refers back to what was discussed instead of restarting cold. Capped at 20 messages server-side to avoid blowing the model's context window. "New chat" button in the modal header wipes context when the topic switches.
• Markdown rendering. Llama / Qwen / Gemma all emit Markdown — **bold**, fenced ```code blocks```, ` inline code `, lists. The chat panel was passing those through HTML-escape only, so the asterisks and backticks showed up as literal characters in every reply. Tiny in-line renderer (no CDN, no library) handles bold, italic, code spans, fenced blocks, and bullet/numbered lists. HTML-escape happens first; regex marker replacement runs on the escaped text so injected tags can't reach the DOM.
• Custom system prompt setting. Settings → AI assistant → Custom system prompt — paste your own steering text to override the built-in Caddy-flavoured one. Useful for teams with in-house naming conventions, different verbosity preferences, or a different persona — without writing an Ollama Modelfile.

📊 Dashboard cards scoped to the active server v2.12.8, v2.12.9

The Requests / Visitors / Bandwidth Today cards on the dashboard were calling AccessTotalsSince(..., "") with no host filter, so they summed every access event across the entire fleet — ignoring which server the picker had selected. On a multi-server install with a busy edge node, the active server's dashboard would show another server's traffic.

v2.12.8 scopes the cards to the active server's hostnames (loops over each Domain in the active server's proxy hosts / redirections / raw routes and sums per-host).

v2.12.9 fixed a related bug: hosts with wildcard SAN domains (*.example.com) were being passed as a literal host = '*.example.com' filter to the analytics queries — which never matched a real recorded hostname. New hostMatchClause helper detects the *. prefix and translates to host LIKE '%.example.com'. Wildcard-routed traffic now contributes to the per-server totals correctly.

⌘ Command palette + keyboard nav v2.11.0 → v2.11.5

v2.11 leans hard on keyboard navigation. ⌘K on macOS or Ctrl+K anywhere else opens a global palette that searches across every Proxy Host, Redirection, Advanced route, and Cert visible to the active user on the active server. ↑/↓ navigates, Enter opens, Esc closes. Backed by a new GET /api/search endpoint that shares the same viewer / peer / admin permission filtering the list pages already use; frontend caches the response per palette open with a 60-second freshness window.

Around the palette, v2.11.0 ships a tri-state theme toggle (auto / light / dark), live filter inputs on every list page, a ? overlay listing every binding, and Vim-style g+letter chord nav:

📋 Bulk ops + drag-to-reorder v2.11.6 → v2.11.11

Every list page now has a per-row checkbox, a select-all in the header, and a floating bulk-action bar at the bottom. The pattern /proxy-hosts already had is now everywhere:

v2.11.11 adds an HTML5 ⠿ drag handle on every row of /proxy-hosts and /redirection-hosts. Drag the handle to reflow the row immediately; the new order POSTs to /proxy-hosts/reorder (or the redirection equivalent) and persists. UI-only — no Caddy sync on reorder. The sort_order writes are index * 10 so future single-row Sort Order edits can wedge between drag-saved rows without renumbering.

🛠️ Proxy-host form rebuilt top-down v2.11.4 → v2.11.8

After v2.10 added ~70 per-host options, the proxy-host edit form became a wall of toggles. The v2.11 cycle puts essentials at the top and collapses the rest. The form now reads top-down:

1. Domain names + www redirect + trailing slash
2. Forward Scheme + Host + Port + Test upstream ← v2.11.8
3. Enabled / Auto SSL / Force SSL ← v2.11.4
4. Managed DNS ← v2.11.7
5. TLS Certificate ← v2.11.7
6. Path matching, query string, tags & notes (collapsed)
7. Upstream TLS & advanced settings (collapsed)
8. Options & Forwarded Headers (collapsed, ~70 fields)

Every <details> section carries a configured-field count badge in its summary, so users editing an existing host can see at a glance which sections are non-default without expanding any. Plus a sticky save bar that floats at the bottom whenever the in-form Save button scrolls offscreen.

🔬 Live route-JSON preview v2.11.13

A new collapsed <details> at the bottom of the proxy-host edit form shows the exact Caddy route JSON the form would push, refreshing ~500ms after the last keystroke or toggle. Reuses the same parseProxyHostForm + caddy.BuildProxyRoute path as createProxyHost, so what the user sees here is exactly what gets pushed on save — byte-for-byte.

Lenient on missing required fields (v2.11.17 / v2.11.18): empty forward_port / forward_host / domains render as visible placeholders instead of leaking the raw strconv.Atoi error to the user. The strict parser is still used at save time — only the preview path is forgiving.

📊 Dashboard widgets — Recent edits + fleet health v2.11.12, v2.11.16

Two new strips on the dashboard:

• Recently edited — last 8 successful CRUD events across every resource type (proxy hosts, redirections, raw routes, certs, groups, API tokens), pulled from the activity log. Skips login / sync / snapshot noise so the widget reads as "what just changed in CaddyUI". Each row colour-codes the resource type with the same brand colours used by the ⌘K palette and the list pages.
• Caddy fleet status grid — one card per registered Caddy server with online/offline status, host count, version, and last-seen relative timestamp. The active server (matching the picker) gets a brand-tinted ring; non-active rows show a "Switch to this server" button. Renders only when more than one Caddy server is registered — single-server installs see no widget.

🤖 AI assistant via local Ollama v2.11.15

Opt-in floating chat button (bottom-right) that proxies prompts to a local Ollama instance for "explain this proxy host", "convert this Caddyfile snippet", "suggest headers for Nextcloud", etc. Runs locally on your GPU — no cloud calls, no telemetry, no third-party API keys.

Configure under Settings → AI assistant:

• Enable toggle (off by default)
• Ollama URL — defaults to http://ollama:11434 (assumes same docker network as CaddyUI)
• Model — defaults to llama3.2:latest; anything you've pulled into Ollama works (qwen2.5, mistral, etc.)

The backend wraps the user prompt in a CaddyUI-flavoured system prompt that steers generic-knowledge models toward Caddy / TLS / DNS answers. 60-second context-deadline on the upstream call so a slow Ollama doesn't park a request handler indefinitely.

🌐 Managed DNS — wildcards, ACME, redirections v2.11.14, v2.11.19, v2.12.2

Three big DNS / cert improvements stitched together this cycle:

v2.11.14 — Notifier covers Caddy-managed live certs

The expiry notifier used to inspect only custom certs stored in CaddyUI's DB. Production deployments using ACME / Let's Encrypt auto-issuance got no warning when those expired. v2.11.14 adds a daily TLS dial against {first_domain}:443 for every enabled SSL-on proxy host, reads the peer cert, and fires the same webhook + email channels when expiry is within the configured threshold. Wildcard SANs are skipped (can't dial them directly). Dedup keys are prefixed proxy: so they don't collide with custom-cert keys.

v2.11.19 — Wildcard cert auto-issuance via DNS-01

Type *.example.com in Domains and a yellow callout appears under the field: "Wildcard SAN detected. Wildcards can only be issued via the ACME DNS-01 challenge — HTTP-01 can't validate them." Pick Cloudflare in the Managed DNS section below and syncCaddy automatically pushes a matching apps.tls.automation.policies entry using the Cloudflare token already stored for managed-DNS A-record CRUD. No second token entry, no manual JSON.

v2.12.2 — Managed DNS for redirection hosts

The long-standing gap closed. Proxy hosts got Managed DNS in v2.5.6, raw routes got it in v2.5.6 — but redirections were skipped. The db.go comment even said "redirection_hosts don't create records." Not anymore.

• New dns_provider / dns_zone_id / dns_zone_name / dns_record_id columns on redirection_hosts (additive migration, no backfill)
• New picker section in the redirection edit form (right under TLS Certificate), mirroring the proxy-host placement
• dnsCreateRecordForRedirection auto-creates one A record per hostname in Domains on save, deleted on row removal
• Per-hostname pre-flight checklist (v2.12.1) on every form: ⚠ wildcard already exists, will skip · ✓ apex will be created

Providers supported: Cloudflare, DigitalOcean, Hetzner, Porkbun, GoDaddy, Namecheap. Same picker, same flow, every resource type.

📦 Upgrade

docker compose pull && docker compose up -d

Or in Portainer: Recreate → enable Re-pull image. Migrations run automatically on startup. No downtime beyond the container restart.

Multi-arch on Docker Hub (linux/amd64 + linux/arm64, SBOM + provenance attestations, scratch base, non-root UID 10001):

# pinned to this exact release (recommended)
docker pull applegater/caddyui:v2.12.12

# rolling tags — all four point at the same image right now
docker pull applegater/caddyui:latest
docker pull applegater/caddyui:stable
docker pull applegater/caddyui:preview

:latest and :stable retag here, replacing v2.12.4. Eight patch versions in this wave (v2.12.5 → v2.12.12), headlined by the AI tool-calling feature.

🗺️ On the whiteboard

• More DNS plugins for wildcard auto-issuance — DigitalOcean, Hetzner, Porkbun next; the credential-to-Caddy-plugin mapping table is already there in caddyDNSProviderConfig, just needs each provider's schema confirmed.
• Caddyfile export — reverse direction of the import path: turn a proxy host (or a whole server) back into a paste-able Caddyfile snippet for backup / hand-off.
• Per-host rate limiting — Caddy supports it natively; the UI doesn't expose it yet.
• Inline-edit on the list pages — change a domain alias, port, or tag without entering the full edit form.
• Multi-server bulk operations — push a single proxy host to N servers at once (the "Also deploy to" checkboxes are already in the form, just need a bulk variant on the list page).

Want something specific? Open an issue on GitHub.