diff --git a/.github/workflows/v2.7.yml b/.github/workflows/v2.7.yml
new file mode 100644
index 00000000..fe6ab83b
--- /dev/null
+++ b/.github/workflows/v2.7.yml
@@ -0,0 +1,159 @@
+---
+name: v2.7
+
+"on":
+  push:
+    branches:
+      - master
+    paths:
+      - v2.7/*
+      - .github/workflows/v2.7.yml
+  pull_request:
+    branches:
+      - master
+    paths:
+      - v2.7/*
+      - .github/workflows/v2.7.yml
+  workflow_dispatch:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout source
+        id: source
+        uses: actions/checkout@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          images: |
+            webhippie/apache
+            quay.io/webhippie/apache
+            ghcr.io/dockhippie/apache
+          labels: |
+            org.opencontainers.image.vendor=Webhippie
+            maintainer=Thomas Boerger <thomas@webhippie.de>
+
+      - name: Setup QEMU
+        id: qemu
+        uses: docker/setup-qemu-action@v2
+
+      - name: Setup Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Hub login
+        id: login1
+        uses: docker/login-action@v2
+        if: github.event_name != 'pull_request'
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Quay login
+        id: login2
+        uses: docker/login-action@v2
+        if: github.event_name != 'pull_request'
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+
+      - name: Ghcr login
+        id: login3
+        uses: docker/login-action@v2
+        if: github.event_name != 'pull_request'
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build amd64
+        id: amd64
+        uses: docker/build-push-action@v4
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: v2.7/
+          provenance: false
+          file: v2.7/Dockerfile.amd64
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: |
+            webhippie/caddy:2.7-amd64
+            quay.io/webhippie/caddy:2.7-amd64
+            ghcr.io/dockhippie/caddy:2.7-amd64
+
+      - name: Build arm64
+        id: arm64
+        uses: docker/build-push-action@v4
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: v2.7/
+          provenance: false
+          file: v2.7/Dockerfile.arm64
+          platforms: linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: |
+            webhippie/caddy:2.7-arm64
+            quay.io/webhippie/caddy:2.7-arm64
+            ghcr.io/dockhippie/caddy:2.7-arm64
+
+      - name: Build arm
+        id: arm
+        uses: docker/build-push-action@v4
+        with:
+          builder: ${{ steps.buildx.outputs.name }}
+          context: v2.7/
+          provenance: false
+          file: v2.7/Dockerfile.arm
+          platforms: linux/arm/v6
+          push: ${{ github.event_name != 'pull_request' }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: |
+            webhippie/caddy:2.7-arm
+            quay.io/webhippie/caddy:2.7-arm
+            ghcr.io/dockhippie/caddy:2.7-arm
+
+      - name: Hub manifest
+        id: manifest1
+        uses: actionhippie/manifest@v1
+        if: github.event_name != 'pull_request'
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          platforms: linux/amd64,linux/arm64,linux/arm/v6
+          template: webhippie/caddy:2.7-ARCH
+          target: webhippie/caddy:2.7
+          ignore_missing: true
+
+      - name: Quay manifest
+        id: manifest2
+        uses: actionhippie/manifest@v1
+        if: github.event_name != 'pull_request'
+        with:
+          username: ${{ secrets.QUAY_USERNAME }}
+          password: ${{ secrets.QUAY_PASSWORD }}
+          platforms: linux/amd64,linux/arm64,linux/arm/v6
+          template: quay.io/webhippie/caddy:2.7-ARCH
+          target: quay.io/webhippie/caddy:2.7
+          ignore_missing: true
+
+      - name: Ghcr manifest
+        id: manifest3
+        uses: actionhippie/manifest@v1
+        if: github.event_name != 'pull_request'
+        with:
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          platforms: linux/amd64,linux/arm64,linux/arm/v6
+          template: ghcr.io/dockhippie/caddy:2.7-ARCH
+          target: ghcr.io/dockhippie/caddy:2.7
+          ignore_missing: true
+
+...
diff --git a/v2.7/Dockerfile.amd64 b/v2.7/Dockerfile.amd64
new file mode 100644
index 00000000..6ad62a7f
--- /dev/null
+++ b/v2.7/Dockerfile.amd64
@@ -0,0 +1,36 @@
+FROM ghcr.io/dockhippie/golang:1.20-amd64@sha256:4a2008ce489e7051fb8d39405e1d3be502be7927d6c620a68e56266b975e2e76 AS build
+
+# renovate: datasource=github-releases depName=caddyserver/caddy
+ENV CADDY_VERSION=2.7.3
+
+# renovate: datasource=github-releases depName=caddyserver/xcaddy
+ENV XCADDY_VERSION=0.3.5
+
+# renovate: datasource=github-tags depName=ggicci/caddy-jwt
+ENV JWT_VERSION=v0.9.1
+
+# renovate: datasource=github-tags depName=MagnaXSoftware/gopkg
+ENV GOPKG_VERSION=v1.2.0
+
+RUN curl -sSLo - https://github.com/caddyserver/xcaddy/releases/download/v${XCADDY_VERSION}/xcaddy_${XCADDY_VERSION}_linux_amd64.tar.gz | tar -xvz -C /tmp && \
+  /tmp/xcaddy build v${CADDY_VERSION} \
+    --with github.com/ggicci/caddy-jwt@${JWT_VERSION} \
+    --with magnax.ca/caddy/gopkg@${GOPKG_VERSION}
+
+FROM ghcr.io/dockhippie/alpine:latest-amd64@sha256:8625a244a26b90bc5c802c4449154d23bda974fb6b8c341c929daa99cd056305
+
+EXPOSE 8080
+
+WORKDIR /srv/www
+CMD ["/usr/bin/container"]
+
+RUN apk update && \
+  apk upgrade && \
+  mkdir -p /home/caddy/.config/caddy && \
+  groupadd -g 1000 caddy && \
+  useradd -u 1000 -d /home/caddy -g caddy -s /bin/bash -M caddy && \
+  apk add mailcap && \
+  rm -rf /var/cache/apk/*
+
+COPY --from=build /srv/app/caddy /usr/sbin/caddy
+COPY ./overlay /
diff --git a/v2.7/Dockerfile.arm b/v2.7/Dockerfile.arm
new file mode 100644
index 00000000..55c146e2
--- /dev/null
+++ b/v2.7/Dockerfile.arm
@@ -0,0 +1,36 @@
+FROM ghcr.io/dockhippie/golang:1.20-arm@sha256:fe2fc89810395055f3c28b03cb609cb0d663b6354d11b34ba48680ebb4552cd8 AS build
+
+# renovate: datasource=github-releases depName=caddyserver/caddy
+ENV CADDY_VERSION=2.7.3
+
+# renovate: datasource=github-releases depName=caddyserver/xcaddy
+ENV XCADDY_VERSION=0.3.5
+
+# renovate: datasource=github-tags depName=ggicci/caddy-jwt
+ENV JWT_VERSION=v0.9.1
+
+# renovate: datasource=github-tags depName=MagnaXSoftware/gopkg
+ENV GOPKG_VERSION=v1.2.0
+
+RUN curl -sSLo - https://github.com/caddyserver/xcaddy/releases/download/v${XCADDY_VERSION}/xcaddy_${XCADDY_VERSION}_linux_armv6.tar.gz | tar -xvz -C /tmp && \
+  /tmp/xcaddy build v${CADDY_VERSION} \
+    --with github.com/ggicci/caddy-jwt@${JWT_VERSION} \
+    --with magnax.ca/caddy/gopkg@${GOPKG_VERSION}
+
+FROM ghcr.io/dockhippie/alpine:latest-arm@sha256:b4b521c8229a803f530feb976bc7d46f9a63ed7050d320af5d9ea1f910dab022
+
+EXPOSE 8080
+
+WORKDIR /srv/www
+CMD ["/usr/bin/container"]
+
+RUN apk update && \
+  apk upgrade && \
+  mkdir -p /home/caddy/.config/caddy && \
+  groupadd -g 1000 caddy && \
+  useradd -u 1000 -d /home/caddy -g caddy -s /bin/bash -M caddy && \
+  apk add mailcap && \
+  rm -rf /var/cache/apk/*
+
+COPY --from=build /srv/app/caddy /usr/sbin/caddy
+COPY ./overlay /
diff --git a/v2.7/Dockerfile.arm64 b/v2.7/Dockerfile.arm64
new file mode 100644
index 00000000..d749877b
--- /dev/null
+++ b/v2.7/Dockerfile.arm64
@@ -0,0 +1,36 @@
+FROM ghcr.io/dockhippie/golang:1.20-arm64@sha256:6febc16e362b54d86bbaf14abcf74a84678f7b76b1a2cf54d82ff981b2c7d177 AS build
+
+# renovate: datasource=github-releases depName=caddyserver/caddy
+ENV CADDY_VERSION=2.7.3
+
+# renovate: datasource=github-releases depName=caddyserver/xcaddy
+ENV XCADDY_VERSION=0.3.5
+
+# renovate: datasource=github-tags depName=ggicci/caddy-jwt
+ENV JWT_VERSION=v0.9.1
+
+# renovate: datasource=github-tags depName=MagnaXSoftware/gopkg
+ENV GOPKG_VERSION=v1.2.0
+
+RUN curl -sSLo - https://github.com/caddyserver/xcaddy/releases/download/v${XCADDY_VERSION}/xcaddy_${XCADDY_VERSION}_linux_arm64.tar.gz | tar -xvz -C /tmp && \
+  /tmp/xcaddy build v${CADDY_VERSION} \
+    --with github.com/ggicci/caddy-jwt@${JWT_VERSION} \
+    --with magnax.ca/caddy/gopkg@${GOPKG_VERSION}
+
+FROM ghcr.io/dockhippie/alpine:latest-arm64@sha256:cf76796c3edf88c31a47aba4398a85dcfc366710d8df0886abddc2c806791e6d
+
+EXPOSE 8080
+
+WORKDIR /srv/www
+CMD ["/usr/bin/container"]
+
+RUN apk update && \
+  apk upgrade && \
+  mkdir -p /home/caddy/.config/caddy && \
+  groupadd -g 1000 caddy && \
+  useradd -u 1000 -d /home/caddy -g caddy -s /bin/bash -M caddy && \
+  apk add mailcap && \
+  rm -rf /var/cache/apk/*
+
+COPY --from=build /srv/app/caddy /usr/sbin/caddy
+COPY ./overlay /
diff --git a/v2.7/overlay/etc/caddy/browse.tmpl b/v2.7/overlay/etc/caddy/browse.tmpl
new file mode 100644
index 00000000..fd43b546
--- /dev/null
+++ b/v2.7/overlay/etc/caddy/browse.tmpl
@@ -0,0 +1,179 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<title>{{ .Name }} | {{.Host}}</title>
+
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1">
+		<meta http-equiv="X-UA-Compatible" content="IE=edge">
+
+		<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.6/css/bootstrap.min.css">
+		<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/flat-ui/2.3.0/css/flat-ui.min.css">
+
+		<style>
+			body {
+				cursor: default;
+			}
+
+			.navbar {
+				margin-bottom: 20px;
+			}
+
+			.credits {
+				padding-left: 15px;
+				padding-right: 15px;
+			}
+
+			h1 {
+				font-size: 20px;
+				margin: 0;
+			}
+
+			th .glyphicon {
+				font-size: 15px;
+			}
+
+			table .icon {
+				width: 30px;
+			}
+		</style>
+	</head>
+	<body>
+		<nav class="navbar navbar-inverse navbar-static-top">
+			<div class="container-fluid">
+				<div class="navbar-header">
+					<a class="navbar-brand" href="/">
+						{{ .Host }}
+					</a>
+				</div>
+
+				<div class="navbar-text navbar-right hidden-xs credits">
+					Powered by <a href="https://caddyserver.com">Caddy</a>
+				</div>
+			</div>
+		</nav>
+
+		<div class="container-fluid">
+			<ol class="breadcrumb">
+				{{ range .Breadcrumbs }}
+					<li>
+						<a href="{{ html .Link }}">
+							{{ if eq .Text "/" }}
+								<span class="glyphicon glyphicon-home" aria-hidden="true"></span>
+							{{ else }}
+								{{ html .Text }}
+							{{ end }}
+						</a>
+					</li>
+				{{ end }}
+			</ol>
+
+			<div class="panel panel-default">
+				<table class="table table-hover table-striped">
+					<thead>
+						<tr>
+							<th class="icon"></th>
+							<th class="name">
+								{{ if and (eq .Sort "name") (ne .Order "desc") }}
+									<a href="?sort=name&order=desc">
+										Name
+										<span class="glyphicon glyphicon-sort" aria-hidden="true"></span>
+									</a>
+								{{ else if and (eq .Sort "name") (ne .Order "asc") }}
+									<a href="?sort=name&order=asc">
+										Name
+										<span class="glyphicon glyphicon-sort" aria-hidden="true"></span>
+									</a>
+								{{ else }}
+									<a href="?sort=name&order=asc">
+										Name
+										<span class="glyphicon glyphicon-sort" aria-hidden="true"></span>
+									</a>
+								{{ end }}
+							</th>
+							<th class="size col-sm-2">
+								{{ if and (eq .Sort "size") (ne .Order "desc") }}
+									<a href="?sort=size&order=desc">
+										Size
+										<span class="glyphicon glyphicon-sort" aria-hidden="true"></span>
+									</a>
+								{{ else if and (eq .Sort "size") (ne .Order "asc") }}
+									<a href="?sort=size&order=asc">
+										Size
+										<span class="glyphicon glyphicon-sort" aria-hidden="true"></span>
+									</a>
+								{{ else }}
+									<a href="?sort=size&order=asc">
+										Size
+										<span class="glyphicon glyphicon-sort" aria-hidden="true"></span>
+									</a>
+								{{ end }}
+							</th>
+							<th class="modified col-sm-2">
+								{{ if and (eq .Sort "time") (ne .Order "desc") }}
+									<a href="?sort=time&order=desc">
+										Modified
+										<span class="glyphicon glyphicon-sort" aria-hidden="true"></span>
+									</a>
+								{{ else if and (eq .Sort "time") (ne .Order "asc") }}
+									<a href="?sort=time&order=asc">
+										Modified
+										<span class="glyphicon glyphicon-sort" aria-hidden="true"></span>
+									</a>
+								{{ else }}
+									<a href="?sort=time&order=asc">
+										Modified
+										<span class="glyphicon glyphicon-sort" aria-hidden="true"></span>
+									</a>
+								{{ end }}
+							</th>
+						</tr>
+					</thead>
+
+					<tbody>
+						{{ if .CanGoUp }}
+							<tr>
+								<td>
+									<span class="glyphicon glyphicon-arrow-left" aria-hidden="true"></span>
+								</td>
+								<td>
+									<a href="..">
+										Go up
+									</a>
+								</td>
+								<td>
+									&mdash;
+								</td>
+								<td>
+									&mdash;
+								</td>
+							</tr>
+						{{ end }}
+						{{ range .Items }}
+							<tr>
+								<td class="icon">
+									{{ if .IsDir }}
+										<span class="glyphicon glyphicon-folder-close" aria-hidden="true"></span>
+									{{ else }}
+										<span class="glyphicon glyphicon-file" aria-hidden="true"></span>
+									{{ end }}
+								</td>
+								<td class="name">
+									<a href="{{ html .URL }}">
+										{{ html .Name }}
+									</a>
+								</td>
+								<td class="size">
+									{{ .HumanSize }}
+								</td>
+								<td class="modified">
+									{{ .HumanModTime "01/02/2006 03:04:05 PM" }}
+								</td>
+							</tr>
+						{{ end }}
+					</tbody>
+				</table>
+			</div>
+		</div>
+	</body>
+</html>
diff --git a/v2.7/overlay/etc/caddy/caddyfile b/v2.7/overlay/etc/caddy/caddyfile
new file mode 100644
index 00000000..e69de29b
diff --git a/v2.7/overlay/etc/container.d/00-user.sh b/v2.7/overlay/etc/container.d/00-user.sh
new file mode 100755
index 00000000..89d33c45
--- /dev/null
+++ b/v2.7/overlay/etc/container.d/00-user.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+if [[ ! "$(id -g caddy)" =~ "${PGID}" ]]; then
+    echo "> enforcing group id"
+    groupmod -o -g ${PGID} caddy
+fi
+
+if [[ ! "$(id -u caddy)" =~ "${PGID}" ]]; then
+    echo "> enforcing user id"
+    usermod -o -u ${PUID} caddy
+fi
+
+true
diff --git a/v2.7/overlay/etc/container.d/05-config.sh b/v2.7/overlay/etc/container.d/05-config.sh
new file mode 100755
index 00000000..ab48cb6a
--- /dev/null
+++ b/v2.7/overlay/etc/container.d/05-config.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+if [[ "${CADDY_SKIP_TEMPLATES}" != "true" ]]; then
+    echo "> writing caddy config"
+    gomplate -V \
+        -o ${CADDY_CONFIG} \
+        -f /etc/templates/caddyfile.tmpl || exit 1
+fi
+
+true
diff --git a/v2.7/overlay/etc/container.d/10-chown.sh b/v2.7/overlay/etc/container.d/10-chown.sh
new file mode 100755
index 00000000..50447277
--- /dev/null
+++ b/v2.7/overlay/etc/container.d/10-chown.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+if [[ "${CADDY_SKIP_CHOWN}" != "true" ]]; then
+    echo "> chown webroot files"
+    find ${CADDY_WEBROOT} \( \! -user caddy -o \! -group caddy \) -print0 | xargs -0 -r chown caddy:caddy
+
+    echo "> chown home files"
+    find /home/caddy \( \! -user caddy -o \! -group caddy \) -print0 | xargs -0 -r chown caddy:caddy
+fi
+
+true
diff --git a/v2.7/overlay/etc/container.d/15-index.sh b/v2.7/overlay/etc/container.d/15-index.sh
new file mode 100755
index 00000000..8b3f3ccb
--- /dev/null
+++ b/v2.7/overlay/etc/container.d/15-index.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+if [[ "${CADDY_DROP_INDEX_FILE}" != "false" ]]; then
+    echo "> dropping index file"
+    rm -f ${CADDY_WEBROOT}/index.html
+fi
+
+true
diff --git a/v2.7/overlay/etc/entrypoint.d/00-user.sh b/v2.7/overlay/etc/entrypoint.d/00-user.sh
new file mode 100755
index 00000000..c095f43c
--- /dev/null
+++ b/v2.7/overlay/etc/entrypoint.d/00-user.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+declare -x PUID
+[[ -z "${PUID}" ]] && PUID="1000"
+
+declare -x PGID
+[[ -z "${PGID}" ]] && PGID="1000"
+
+true
diff --git a/v2.7/overlay/etc/entrypoint.d/05-caddy.sh b/v2.7/overlay/etc/entrypoint.d/05-caddy.sh
new file mode 100755
index 00000000..022acf6d
--- /dev/null
+++ b/v2.7/overlay/etc/entrypoint.d/05-caddy.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+declare -x CADDY_ADAPTER
+[[ -z "${CADDY_ADAPTER}" ]] && CADDY_ADAPTER="caddyfile"
+
+declare -x CADDY_CONFIG
+[[ -z "${CADDY_CONFIG}" ]] && CADDY_CONFIG="/etc/caddy/caddyfile"
+
+declare -x CADDY_ENVFILE
+[[ -z "${CADDY_ENVFILE}" ]] && CADDY_ENVFILE=""
+
+declare -x CADDY_ENVIRON
+[[ -z "${CADDY_ENVIRON}" ]] && CADDY_ENVIRON="false"
+
+declare -x CADDY_PIDFILE
+[[ -z "${CADDY_PIDFILE}" ]] && CADDY_PIDFILE=""
+
+declare -x CADDY_PINGBACK
+[[ -z "${CADDY_PINGBACK}" ]] && CADDY_PINGBACK=""
+
+declare -x CADDY_PINGBACK
+[[ -z "${CADDY_PINGBACK}" ]] && CADDY_PINGBACK=""
+
+declare -x CADDY_RESUME
+[[ -z "${CADDY_RESUME}" ]] && CADDY_RESUME="false"
+
+declare -x CADDY_WATCH
+[[ -z "${CADDY_WATCH}" ]] && CADDY_WATCH="false"
+
+declare -x CADDY_WEBROOT
+[[ -z "${CADDY_WEBROOT}" ]] && CADDY_WEBROOT="/srv/www"
+
+declare -x CADDY_SKIP_TEMPLATES
+[[ -z "${CADDY_SKIP_TEMPLATES}" ]] && CADDY_SKIP_TEMPLATES="false"
+
+declare -x CADDY_SKIP_CHOWN
+[[ -z "${CADDY_SKIP_CHOWN}" ]] && CADDY_SKIP_CHOWN="false"
+
+declare -x CADDY_HEALTHCHECK_URL
+[[ -z "${CADDY_HEALTHCHECK_URL}" ]] && CADDY_HEALTHCHECK_URL="http://localhost:8080/"
+
+declare -x CADDY_HEALTHCHECK_CODE
+[[ -z "${CADDY_HEALTHCHECK_CODE}" ]] && CADDY_HEALTHCHECK_CODE="200"
+
+declare -x CADDY_DROP_INDEX_FILE
+[[ -z "${CADDY_DROP_INDEX_FILE}" ]] && CADDY_DROP_INDEX_FILE="false"
+
+true
diff --git a/v2.7/overlay/etc/templates/caddyfile.tmpl b/v2.7/overlay/etc/templates/caddyfile.tmpl
new file mode 100644
index 00000000..bf4f6660
--- /dev/null
+++ b/v2.7/overlay/etc/templates/caddyfile.tmpl
@@ -0,0 +1,10 @@
+:8080
+root * {{ getenv "CADDY_WEBROOT" }}
+
+file_server {
+	browse /etc/caddy/browse.tmpl
+}
+
+log {
+	output stdout
+}
diff --git a/v2.7/overlay/srv/www/index.html b/v2.7/overlay/srv/www/index.html
new file mode 100644
index 00000000..e69de29b
diff --git a/v2.7/overlay/usr/bin/container b/v2.7/overlay/usr/bin/container
new file mode 100755
index 00000000..9c5bf283
--- /dev/null
+++ b/v2.7/overlay/usr/bin/container
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+set -eo pipefail
+source /usr/bin/entrypoint
+
+for FILE in $(find /etc/container.d -type f -iname \*.sh | sort); do
+    source ${FILE}
+done
+
+pushd ${CADDY_WEBROOT} >/dev/null
+    STARTCMD="su-exec caddy caddy run"
+
+    [[ -n "${CADDY_ADAPTER}" ]] && STARTCMD="${STARTCMD} --adapter=${CADDY_ADAPTER}"
+    [[ -n "${CADDY_CONFIG}" ]] && STARTCMD="${STARTCMD} --config=${CADDY_CONFIG}"
+    [[ -n "${CADDY_ENVFILE}" ]] && STARTCMD="${STARTCMD} --envfile=${CADDY_ENVFILE}"
+    [[ "${CADDY_ENVIRON}" == "true" || "${CADDY_ENVIRON}" == "1" ]] && STARTCMD="${STARTCMD} --environ"
+    [[ -n "${CADDY_PIDFILE}" ]] && STARTCMD="${STARTCMD} --pidfile=${CADDY_PIDFILE}"
+    [[ -n "${CADDY_PINGBACK}" ]] && STARTCMD="${STARTCMD} --pingback=${CADDY_PINGBACK}"
+    [[ "${CADDY_RESUME}" == "true" || "${CADDY_RESUME}" == "1" ]] && STARTCMD="${STARTCMD} --resume"
+    [[ "${CADDY_WATCH}" == "true" || "${CADDY_WATCH}" == "1" ]] && STARTCMD="${STARTCMD} --watch"
+
+    echo "> starting caddy service"
+    exec ${STARTCMD}
+popd >/dev/null
diff --git a/v2.7/overlay/usr/bin/healthcheck b/v2.7/overlay/usr/bin/healthcheck
new file mode 100755
index 00000000..f3006626
--- /dev/null
+++ b/v2.7/overlay/usr/bin/healthcheck
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -eo pipefail
+source /usr/bin/entrypoint
+
+CHECK="$(curl -sL -w %{http_code} -o /dev/null ${CADDY_HEALTHCHECK_URL})"
+
+if [[ "${CHECK}" == "${CADDY_HEALTHCHECK_CODE}" ]]; then
+    exit 0
+fi
+
+exit 1