Skip to content

Commit 7cc6eee

Browse files
committed
update
1 parent 0abafdf commit 7cc6eee

1 file changed

Lines changed: 20 additions & 72 deletions

File tree

caddy_v2/readme.md

Lines changed: 20 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -93,9 +93,9 @@ ping-able by their hostnames.
9393

9494
### - Create docker-compose.yml and .env file
9595

96-
Basic simple docker compose.<br>
97-
Official caddy image is used. Ports 80 and 443 are pusblished/mapped
98-
on to docker host as Caddy is the one in charge of any traffic coming there.<br>
96+
Basic simple docker compose, using the official caddy image.<br>
97+
Ports 80 and 443 are pusblished/mapped on to docker host as Caddy
98+
is the one in charge of any traffic coming there.<br>
9999

100100
`docker-compose.yml`
101101
```yml
@@ -123,8 +123,10 @@ networks:
123123
124124
`.env`
125125
```php
126-
MY_DOMAIN=example.com
126+
# GENERAL
127+
TZ=Europe/Bratislava
127128
DOCKER_MY_NETWORK=caddy_net
129+
MY_DOMAIN=example.com
128130
```
129131

130132
You obviously want to change `example.com` to your domain.
@@ -134,10 +136,6 @@ You obviously want to change `example.com` to your domain.
134136

135137
`Caddyfile`
136138
```
137-
{
138-
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
139-
}
140-
141139
a.{$MY_DOMAIN} {
142140
reverse_proxy whoami:80
143141
}
@@ -160,7 +158,6 @@ So every docker container you spin should have hostname definied and be on
160158
`caddy_net`, or some other named custom network, as the default bridge docker network
161159
[does not provide](https://docs.docker.com/network/bridge/)
162160
automatic DNS resolution between containers.<br>
163-
Commented out is the staging url for let's encrypt, used for testing.
164161
165162
<details>
166163
<summary><h3>Setup some docker containers</h3></summary>
@@ -226,19 +223,19 @@ So just [edit](https://support.rackspace.com/how-to/modify-your-hosts-file/)
226223
adding whatever is the local IP of the docker host and the hostname:
227224

228225
```
229-
192.168.1.222 a.{$MY_DOMAIN}
230-
192.168.1.222 b.{$MY_DOMAIN}
226+
192.168.1.222 a.example.com
227+
192.168.1.222 b.example.com
231228
```
232229

233230
You can test what are the replies for DNS requests with the command
234231
`nslookup a.example.com`, works in linux and windows.
235232

236233
If it is just quick testing one can use Opera browser
237-
and enable the build in VPN.<br>
234+
and enable its build in VPN.<br>
238235

239-
This edit of a host file affects only that one machine on the network.
236+
This edit of a host file works only on that one machine.
240237
To solve it for all devices theres need to to run dns server on the network,
241-
or running a tier higher firewall/router.
238+
or running a higher tier firewall/router.
242239
* [Here's](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/dnsmasq)
243240
a guide-by-example for dnsmasq.
244241
* [Here's](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/opnsense)
@@ -253,7 +250,7 @@ or running a tier higher firewall/router.
253250

254251
Run all the containers.
255252

256-
Give it time to get certificates, checking `docker logs caddy` as it goes,
253+
Give Caddy time to get certificates, checking `docker logs caddy` as it goes,
257254
then visit the urls. It should lead to the services with https working.
258255

259256
If something is fucky use `docker logs caddy` to see what is happening.<br>
@@ -262,7 +259,8 @@ Or investigate inside `docker exec -it caddy /bin/sh`.
262259
For example trying to ping hosts that are suppose to be reachable,
263260
`ping nginx` should work.
264261

265-
There's also other possible issues, like bad port forwarding towards docker host.
262+
There's also other possible issues, like bad port forwarding towards docker host,
263+
or ISP not providing you with publicly reachable IP.
266264

267265
*extra info:*<br>
268266
`docker exec -w /etc/caddy caddy caddy reload` reloads config
@@ -306,56 +304,6 @@ violet.{$MY_DOMAIN} {
306304
}
307305
```
308306
309-
### Reverse proxy without domain and https
310-
311-
You can always just use localhost, which will translates in to docker hosts IP address.
312-
313-
```
314-
localhost:55414 {
315-
reverse_proxy urbackup:55414
316-
}
317-
318-
:9090 {
319-
reverse_proxy prometheus:9090
320-
}
321-
```
322-
323-
Prometheus entry uses short-hand notation.<br>
324-
TLS is automatically disabled in localhost use.
325-
326-
But for this to work Caddy's compose file needs to have those ports **published** too.
327-
328-
`docker-compose.yml`
329-
```yml
330-
services:
331-
332-
caddy:
333-
image: caddy
334-
container_name: caddy
335-
hostname: caddy
336-
restart: unless-stopped
337-
ports:
338-
- "80:80"
339-
- "443:443"
340-
- "55414:55414"
341-
- "9090:9090"
342-
environment:
343-
- MY_DOMAIN
344-
volumes:
345-
- ./Caddyfile:/etc/caddy/Caddyfile:ro
346-
- ./data:/data
347-
- ./config:/config
348-
349-
networks:
350-
default:
351-
name: $DOCKER_MY_NETWORK
352-
external: true
353-
```
354-
355-
With this setup, and assuming docker host at: `192.168.1.222`,
356-
writing `192.168.1.222:55414` in to browser will go to to urbackup,
357-
and `192.168.1.222:9090` gets to prometheus.
358-
359307
### Named matchers and IP filtering
360308
361309
Caddy has [matchers](https://caddyserver.com/docs/caddyfile/matchers)
@@ -480,8 +428,8 @@ nextcloud.{$MY_DOMAIN} {
480428
481429
### Headers and gzip
482430
483-
This example is with bitwarden_rs password manager, which comes with its reverse proxy
484-
[recommendations](https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples).
431+
This example is with vaultwarden password manager, which comes with its reverse proxy
432+
[recommendations](https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples).
485433
486434
`encode gzip` enables compression.<br>
487435
This lowers the bandwith use and speeds up loading of the sites.
@@ -494,11 +442,11 @@ By default, Caddy passes through Host header and adds X-Forwarded-For
494442
for the client IP. This means that 90% of the time a simple config
495443
is all that is needed but sometimes some extra headers might be desired.
496444
497-
Here we see bitwarden make use of some extra headers.<br>
445+
Here we see vaultwarden make use of some extra headers.<br>
498446
We can also see its use of websocket protocol for notifications at port 3012.
499447
500448
```
501-
bitwarden.{$MY_DOMAIN} {
449+
vault.{$MY_DOMAIN} {
502450
encode gzip
503451

504452
header {
@@ -513,10 +461,10 @@ bitwarden.{$MY_DOMAIN} {
513461
}
514462

515463
# Notifications redirected to the websockets server
516-
reverse_proxy /notifications/hub bitwarden:3012
464+
reverse_proxy /notifications/hub vaultwarden:3012
517465

518466
# Proxy the Root directory to Rocket
519-
reverse_proxy bitwarden:80
467+
reverse_proxy vaultwarden:80
520468
}
521469
```
522470

0 commit comments

Comments
 (0)