@@ -93,9 +93,9 @@ ping-able by their hostnames.
9393
9494### - Create docker-compose.yml and .env file
9595
96- Basic simple docker compose.<br >
97- Official caddy image is used. Ports 80 and 443 are pusblished/mapped
98- on to docker host as Caddy is the one in charge of any traffic coming there.<br >
96+ Basic simple docker compose, using the official caddy image .<br >
97+ Ports 80 and 443 are pusblished/mapped on to docker host as Caddy
98+ is the one in charge of any traffic coming there.<br >
9999
100100` docker-compose.yml `
101101``` yml
@@ -123,8 +123,10 @@ networks:
123123
124124` .env`
125125` ` ` php
126- MY_DOMAIN=example.com
126+ # GENERAL
127+ TZ=Europe/Bratislava
127128DOCKER_MY_NETWORK=caddy_net
129+ MY_DOMAIN=example.com
128130` ` `
129131
130132You obviously want to change `example.com` to your domain.
@@ -134,10 +136,6 @@ You obviously want to change `example.com` to your domain.
134136
135137` Caddyfile`
136138```
137- {
138- # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
139- }
140-
141139a.{$MY_DOMAIN} {
142140 reverse_proxy whoami:80
143141}
@@ -160,7 +158,6 @@ So every docker container you spin should have hostname definied and be on
160158`caddy_net`, or some other named custom network, as the default bridge docker network
161159[does not provide](https://docs.docker.com/network/bridge/)
162160automatic DNS resolution between containers.<br>
163- Commented out is the staging url for let's encrypt, used for testing.
164161
165162<details>
166163<summary><h3>Setup some docker containers</h3></summary>
@@ -226,19 +223,19 @@ So just [edit](https://support.rackspace.com/how-to/modify-your-hosts-file/)
226223adding whatever is the local IP of the docker host and the hostname :
227224
228225` ` `
229- 192.168.1.222 a.{$MY_DOMAIN}
230- 192.168.1.222 b.{$MY_DOMAIN}
226+ 192.168.1.222 a.example.com
227+ 192.168.1.222 b.example.com
231228` ` `
232229
233230You can test what are the replies for DNS requests with the command
234231` nslookup a.example.com` , works in linux and windows.
235232
236233If it is just quick testing one can use Opera browser
237- and enable the build in VPN.<br>
234+ and enable its build in VPN.<br>
238235
239- This edit of a host file affects only that one machine on the network .
236+ This edit of a host file works only on that one machine.
240237To solve it for all devices theres need to to run dns server on the network,
241- or running a tier higher firewall/router.
238+ or running a higher tier firewall/router.
242239* [Here's](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/dnsmasq)
243240 a guide-by-example for dnsmasq.
244241* [Here's](https://github.com/DoTheEvo/selfhosted-apps-docker/tree/master/opnsense)
@@ -253,7 +250,7 @@ or running a tier higher firewall/router.
253250
254251Run all the containers.
255252
256- Give it time to get certificates, checking `docker logs caddy` as it goes,
253+ Give Caddy time to get certificates, checking `docker logs caddy` as it goes,
257254then visit the urls. It should lead to the services with https working.
258255
259256If something is fucky use `docker logs caddy` to see what is happening.<br>
@@ -262,7 +259,8 @@ Or investigate inside `docker exec -it caddy /bin/sh`.
262259For example trying to ping hosts that are suppose to be reachable,
263260` ping nginx` should work.
264261
265- There's also other possible issues, like bad port forwarding towards docker host.
262+ There's also other possible issues, like bad port forwarding towards docker host,
263+ or ISP not providing you with publicly reachable IP.
266264
267265*extra info:*<br>
268266` docker exec -w /etc/caddy caddy caddy reload` reloads config
@@ -306,56 +304,6 @@ violet.{$MY_DOMAIN} {
306304}
307305```
308306
309- ### Reverse proxy without domain and https
310-
311- You can always just use localhost, which will translates in to docker hosts IP address.
312-
313- ```
314- localhost:55414 {
315- reverse_proxy urbackup:55414
316- }
317-
318- :9090 {
319- reverse_proxy prometheus:9090
320- }
321- ```
322-
323- Prometheus entry uses short-hand notation.<br>
324- TLS is automatically disabled in localhost use.
325-
326- But for this to work Caddy's compose file needs to have those ports **published** too.
327-
328- `docker-compose.yml`
329- ```yml
330- services:
331-
332- caddy:
333- image: caddy
334- container_name: caddy
335- hostname: caddy
336- restart: unless-stopped
337- ports:
338- - "80:80"
339- - "443:443"
340- - "55414:55414"
341- - "9090:9090"
342- environment:
343- - MY_DOMAIN
344- volumes:
345- - ./Caddyfile:/etc/caddy/Caddyfile:ro
346- - ./data:/data
347- - ./config:/config
348-
349- networks:
350- default:
351- name: $DOCKER_MY_NETWORK
352- external: true
353- ```
354-
355- With this setup, and assuming docker host at: ` 192.168.1.222 ` ,
356- writing ` 192.168.1.222:55414 ` in to browser will go to to urbackup,
357- and ` 192.168.1.222:9090 ` gets to prometheus.
358-
359307### Named matchers and IP filtering
360308
361309Caddy has [matchers](https://caddyserver.com/docs/caddyfile/matchers)
@@ -480,8 +428,8 @@ nextcloud.{$MY_DOMAIN} {
480428
481429### Headers and gzip
482430
483- This example is with bitwarden_rs password manager, which comes with its reverse proxy
484- [ recommendations] ( https://github.com/dani-garcia/bitwarden_rs /wiki/Proxy-examples ) .
431+ This example is with vaultwarden password manager, which comes with its reverse proxy
432+ [recommendations](https://github.com/dani-garcia/vaultwarden /wiki/Proxy-examples).
485433
486434`encode gzip` enables compression.<br>
487435This lowers the bandwith use and speeds up loading of the sites.
@@ -494,11 +442,11 @@ By default, Caddy passes through Host header and adds X-Forwarded-For
494442for the client IP. This means that 90% of the time a simple config
495443is all that is needed but sometimes some extra headers might be desired.
496444
497- Here we see bitwarden make use of some extra headers.<br >
445+ Here we see vaultwarden make use of some extra headers.<br>
498446We can also see its use of websocket protocol for notifications at port 3012.
499447
500448```
501- bitwarden .{$MY_DOMAIN} {
449+ vault .{$MY_DOMAIN} {
502450 encode gzip
503451
504452 header {
@@ -513,10 +461,10 @@ bitwarden.{$MY_DOMAIN} {
513461 }
514462
515463 # Notifications redirected to the websockets server
516- reverse_proxy /notifications/hub bitwarden :3012
464+ reverse_proxy /notifications/hub vaultwarden :3012
517465
518466 # Proxy the Root directory to Rocket
519- reverse_proxy bitwarden :80
467+ reverse_proxy vaultwarden :80
520468}
521469```
522470
0 commit comments