zzrotdesign / alpine-caddy Goto Github PK

caddyserver/caddy@f28af63

I'm contemplating enabling quic by default for this image. I'm not sure if that would make any problems arise for anybody as it should default to not using quic if it is not supported.

Any objections to this should be contained in this issue.

I'm using this on Kubernetes and I noticed that the Kube DNS doesn't work as expected. Would you know what needs to be done to get that working? /etc/resolv.conf doesn't exist on the image (see "troubleshooting tips" here).

I'm new to Kubernetes so it can certainly be the way I set things up - I'm taking the chance that you might know.

Currently trying to use caddy as a reverse proxy for a simple web application hosted on a digitalocean droplet.

Although caddy seems to be configured correctly, the only response I get when accessing mysite.com is a 301 to a bad https page.

Caddyfile:

mysite.com {

	proxy / web:8083 {
		header_upstream Host {host}
		header_upstream X-Real-IP {remote}
		header_upstream X-Forwarded-Proto {scheme}
	}

	tls [email protected]
}

docker-compose.yml:

version: '2'

services:
  caddy:
    build: ./caddy 
    ports:
      - 80:80
    networks:
      - frontend
  web:
    build: ./src/web
    container_name: web
    expose:
      - "8083"
    restart: "always"
    networks:
      - frontend

networks:
  frontend:

volumes:
  data: { }

I'm building the caddyfile myself because using docker-compose volumes doesn't seem to put the file on a remote host, or I'll get an 'oci error' (for which all issues in the docker repo just blame aufs).

The dockerfile for caddy looks like this:

FROM zzrot/alpine-caddy
COPY ./.caddy /root/.caddy
COPY ./Caddyfile /etc/Caddyfile
CMD ["caddy", "--conf", "/etc/Caddyfile"]

If I run docker-compose up with the remote machine set in docker-machine, it gives the following output:
caddy_1 | Activating privacy features... done.

Any request to mysite.com returns a 301 to https://mysite.com, but that request doesn't seem to go anywhere.

Curl gives the following output:

mysite master % curl -v mysite.com
* Rebuilt URL to: mysite.com/
*   Trying 138.197.4.182...
* Connected to mysite.com (138.197.4.182) port 80 (#0)
> GET / HTTP/1.1
> Host: mysite.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: https://mysite.com/
< Server: Caddy
< Date: Wed, 02 Nov 2016 17:04:53 GMT
< Content-Length: 57
< Content-Type: text/html; charset=utf-8
<
<a href="https://mysite.com/">Moved Permanently</a>.

* Connection #0 to host mysite.com left intact

And in a browser, chrome just displays:

This site can’t be reached

mysite.com refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED

Any ideas? Maybe I've misconfigured something. I've checked other issues here and in the caddy repo and can't find anything with quite the same problem.

Just to note if I add a port: "8083" to the web service, I can hit it fine with a curl request.

I want to use alpine-caddy to proxy to an external site with a self-signed cert that I can't change.

Previously I ran Caddy outside of a container and just added the cert to the hosts certstore. Now I think I have to add it somehow to the containers cert store. I could run with insecure_skip_verify but that would obviously be insecure.

Look into the potential of creating an init process to handle zombie processes and the PID 1 problem. Potential 3rd party init systems: yelp's Dumb_init

Would be interesting to see how we can refactor the Dockerfile to see if we can run caddy as non-root to keep up with security recommendations from docker.

When following the proxy example, I can only get the certificate for a top level node.

I get an error :

Activating privacy features...2016/06/27 21:33:40 [gitserver.www.xxx.yyy.zzz] failed to get certificate: acme: Error 400 - urn:acme:error:connection - DNS problem: NXDOMAIN looking up A for gitserver.www.xxx.yyy.zzz

And then the container crashes.

Any idea how to resolve this issue?

if you look at https://github.com/BlackGlory/caddy-proxy you'll see that his package automatically regenerates a Caddyfile every time a new docker container gets fired. it looks at the environment variable, which contains the name we want the container to answer to, and maps appropriately.

it'd be great if this package could do this. reason: this package has 100+K pulls whilst BlackGlory's has 385 and gets no support. I can't make it work (I've already spent too much time trying) but I love the functionality

would it be difficult to do?

Caddy 0.10 launched today, update in progress. Features here: https://github.com/mholt/caddy/releases

Add bats support for testing Alpine-Caddy as a Reverse Proxy and Proxying to multiple instances of Alpine-Caddy.

We need to transition the tests run on travis.yml to building the image in the bats test, and not building the image pre test by using docker-compose.

Might be my lack of experience, but cant get docker-compose up to start the proxy example.

I am using the Docker for Mac:
Version 1.12.0-rc2-beta17 (build: 9779)

Googling around for solution found a few red herrings. So posting here to see if anyone sees what i am doing wrong.

Heres my attempt:

x-MacBook-Pro:examples apple$ pwd
/Users/apple/workspace/go/src/bitbucket.org/joe/md-x/_docs/Tech/Docker/alpine-caddy/examples
x-MacBook-Pro:examples apple$ ls -al
total 24
drwxr-xr-x   5 apple  staff  170 Jul  5 14:18 .
drwxr-xr-x  19 apple  staff  646 Jul  5 14:18 ..
-rw-r--r--   1 apple  staff  727 Jul  5 14:18 Caddyfile.proxy.example
-rw-r--r--   1 apple  staff  240 Jul  5 14:18 docker-compose.example.yml
-rw-r--r--   1 apple  staff  597 Jul  5 14:18 docker-compose.proxy-example.yml
x-MacBook-Pro:examples apple$ docker-compose up ./docker-compose.proxy-example.yml
ERROR: 
        Can't find a suitable configuration file in this directory or any
        parent. Are you in the right directory?

        Supported filenames: docker-compose.yml, docker-compose.yaml

Double check if Caddy allows us to switch the root ports that caddy accepts, so that we can drop permissions on root and switch to user Caddy.

Hi guys,

I'm trying to configure docker-gen to template the Caddyfile to reverse proxy a few services.

I've noted that the caddy container does not seem to restart when sent a sighup. I have no idea if this is an issue with docker, caddy, or alpine-caddy.

Running Docker 1.11.2 on Ubuntu as well as 1.11.1-beta13.1 on a Mac, using docker kill -s hup <container> seems to restart any other given container in my docker-compose.yml, as expected, except for caddy which never comes back up again. docker restart caddy does restart the container properly, but I'm not sure I can achieve this from within the docker-gen container.

Edit: This appears to be caddy specific behaviour

Hi

Nice work you've done here. I wish you added a docker-compose example with a MySQL & phpfpm containers, but I can device that myself.

Cheers,

I'm using Kubernetes, and mounted a volume on /etc, which contains Caddyfile. DNS wasn't working as expected, and it's because I overwrote /etc/resolv.conf.

It's a minor thing but perhaps suggesting it be mounted on a more specific folder will make it less like that others fall into the same trap? Perhaps /etc/caddy.

I resolved mine by specifing the command to run to include -conf /path/to/my/Caddyfile

Hi,

so I have this setup https://gist.github.com/princemaple/276e27e135cd78c7d8ba26519bd39d69

When I tested it locally on boot2docker, I managed to get everything working as expected.
When I tested the same setup on a VPS with real linux, I got 502s from Caddy.
Funny thing is, I tried ping web and curl web:8080 in the running Caddy container, both worked perfectly.

Have you encountered anything similar before?

Thanks,
Po