zzrotdesign / alpine-caddy Goto Github PK
View Code? Open in Web Editor NEWAlpine Linux Docker Container running Caddyserver
License: MIT License
Alpine Linux Docker Container running Caddyserver
License: MIT License
I'm contemplating enabling quic by default for this image. I'm not sure if that would make any problems arise for anybody as it should default to not using quic if it is not supported.
Any objections to this should be contained in this issue.
I'm using this on Kubernetes and I noticed that the Kube DNS doesn't work as expected. Would you know what needs to be done to get that working? /etc/resolv.conf
doesn't exist on the image (see "troubleshooting tips" here).
I'm new to Kubernetes so it can certainly be the way I set things up - I'm taking the chance that you might know.
Currently trying to use caddy as a reverse proxy for a simple web application hosted on a digitalocean droplet.
Although caddy seems to be configured correctly, the only response I get when accessing mysite.com
is a 301 to a bad https page.
Caddyfile:
mysite.com {
proxy / web:8083 {
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-Proto {scheme}
}
tls [email protected]
}
docker-compose.yml:
version: '2'
services:
caddy:
build: ./caddy
ports:
- 80:80
networks:
- frontend
web:
build: ./src/web
container_name: web
expose:
- "8083"
restart: "always"
networks:
- frontend
networks:
frontend:
volumes:
data: { }
I'm building the caddyfile myself because using docker-compose volumes doesn't seem to put the file on a remote host, or I'll get an 'oci error' (for which all issues in the docker repo just blame aufs).
The dockerfile for caddy looks like this:
FROM zzrot/alpine-caddy
COPY ./.caddy /root/.caddy
COPY ./Caddyfile /etc/Caddyfile
CMD ["caddy", "--conf", "/etc/Caddyfile"]
If I run docker-compose up
with the remote machine set in docker-machine
, it gives the following output:
caddy_1 | Activating privacy features... done.
Any request to mysite.com
returns a 301 to https://mysite.com
, but that request doesn't seem to go anywhere.
Curl gives the following output:
mysite master % curl -v mysite.com
* Rebuilt URL to: mysite.com/
* Trying 138.197.4.182...
* Connected to mysite.com (138.197.4.182) port 80 (#0)
> GET / HTTP/1.1
> Host: mysite.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: https://mysite.com/
< Server: Caddy
< Date: Wed, 02 Nov 2016 17:04:53 GMT
< Content-Length: 57
< Content-Type: text/html; charset=utf-8
<
<a href="https://mysite.com/">Moved Permanently</a>.
* Connection #0 to host mysite.com left intact
And in a browser, chrome just displays:
This site can’t be reached
mysite.com refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
Any ideas? Maybe I've misconfigured something. I've checked other issues here and in the caddy repo and can't find anything with quite the same problem.
Just to note if I add a port: "8083"
to the web
service, I can hit it fine with a curl request.
I want to use alpine-caddy to proxy to an external site with a self-signed cert that I can't change.
Previously I ran Caddy outside of a container and just added the cert to the hosts certstore. Now I think I have to add it somehow to the containers cert store. I could run with insecure_skip_verify
but that would obviously be insecure.
Look into the potential of creating an init process to handle zombie processes and the PID 1 problem. Potential 3rd party init systems: yelp's Dumb_init
Would be interesting to see how we can refactor the Dockerfile to see if we can run caddy as non-root to keep up with security recommendations from docker.
When following the proxy example, I can only get the certificate for a top level node.
I get an error :
Activating privacy features...2016/06/27 21:33:40 [gitserver.www.xxx.yyy.zzz] failed to get certificate: acme: Error 400 - urn:acme:error:connection - DNS problem: NXDOMAIN looking up A for gitserver.www.xxx.yyy.zzz
And then the container crashes.
Any idea how to resolve this issue?
if you look at https://github.com/BlackGlory/caddy-proxy you'll see that his package automatically regenerates a Caddyfile every time a new docker container gets fired. it looks at the environment variable, which contains the name we want the container to answer to, and maps appropriately.
it'd be great if this package could do this. reason: this package has 100+K pulls whilst BlackGlory's has 385 and gets no support. I can't make it work (I've already spent too much time trying) but I love the functionality
would it be difficult to do?
Caddy 0.10 launched today, update in progress. Features here: https://github.com/mholt/caddy/releases
caddy_1 | WARNING: Tini has been relocated to /sbin/tini.
caddy_1 | Please update your scripts to use /sbin/tini going forward.
caddy_1 | /usr/bin/tini has been preserved for backwards compatibility in Alpine 3.4,
caddy_1 | but WILL BE REMOVED in Alpine 3.5.
Add bats support for testing Alpine-Caddy as a Reverse Proxy and Proxying to multiple instances of Alpine-Caddy.
We need to transition the tests run on travis.yml to building the image in the bats test, and not building the image pre test by using docker-compose.
Might be my lack of experience, but cant get docker-compose up to start the proxy example.
I am using the Docker for Mac:
Version 1.12.0-rc2-beta17 (build: 9779)
Googling around for solution found a few red herrings. So posting here to see if anyone sees what i am doing wrong.
Heres my attempt:
x-MacBook-Pro:examples apple$ pwd
/Users/apple/workspace/go/src/bitbucket.org/joe/md-x/_docs/Tech/Docker/alpine-caddy/examples
x-MacBook-Pro:examples apple$ ls -al
total 24
drwxr-xr-x 5 apple staff 170 Jul 5 14:18 .
drwxr-xr-x 19 apple staff 646 Jul 5 14:18 ..
-rw-r--r-- 1 apple staff 727 Jul 5 14:18 Caddyfile.proxy.example
-rw-r--r-- 1 apple staff 240 Jul 5 14:18 docker-compose.example.yml
-rw-r--r-- 1 apple staff 597 Jul 5 14:18 docker-compose.proxy-example.yml
x-MacBook-Pro:examples apple$ docker-compose up ./docker-compose.proxy-example.yml
ERROR:
Can't find a suitable configuration file in this directory or any
parent. Are you in the right directory?
Supported filenames: docker-compose.yml, docker-compose.yaml
Double check if Caddy allows us to switch the root ports that caddy accepts, so that we can drop permissions on root and switch to user Caddy.
Hi guys,
I'm trying to configure docker-gen to template the Caddyfile to reverse proxy a few services.
I've noted that the caddy container does not seem to restart when sent a sighup. I have no idea if this is an issue with docker, caddy, or alpine-caddy.
Running Docker 1.11.2 on Ubuntu as well as 1.11.1-beta13.1 on a Mac, using docker kill -s hup <container>
seems to restart any other given container in my docker-compose.yml
, as expected, except for caddy which never comes back up again. docker restart caddy
does restart the container properly, but I'm not sure I can achieve this from within the docker-gen container.
Edit: This appears to be caddy specific behaviour
Hi
Nice work you've done here. I wish you added a docker-compose example with a MySQL & phpfpm containers, but I can device that myself.
Cheers,
I'm using Kubernetes, and mounted a volume on /etc
, which contains Caddyfile
. DNS wasn't working as expected, and it's because I overwrote /etc/resolv.conf
.
It's a minor thing but perhaps suggesting it be mounted on a more specific folder will make it less like that others fall into the same trap? Perhaps /etc/caddy
.
I resolved mine by specifing the command to run to include -conf /path/to/my/Caddyfile
Hi,
so I have this setup https://gist.github.com/princemaple/276e27e135cd78c7d8ba26519bd39d69
When I tested it locally on boot2docker, I managed to get everything working as expected.
When I tested the same setup on a VPS with real linux, I got 502s from Caddy.
Funny thing is, I tried ping web
and curl web:8080
in the running Caddy container, both worked perfectly.
Have you encountered anything similar before?
Thanks,
Po
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.