How to disable HTTPS and configure custom ports for Nginx proxy usage

[Arthur-LDH]

I'm trying to configure FrankenPHP/Caddy to work behind an Nginx proxy server to host multiple Docker projects on a single server.

Current issue:

• The container keeps listening on port 443 (HTTPS)
• Need to disable automatic HTTPS redirection from Caddy
• Want to configure custom ports for each project

Thanks !

[7-zete-7]

Hi @Arthur-LDH!

Make FrankenPHP are HTTP-only

To make FrankenPHP (Caddy) listen only to TCP port 80 (and disable auto SSL), it is enough to use :80 as the value of the environment variable SERVER_NAME. In this case, it is also important to fill the environment variable CADDY_MERCURE_PUBLIC_URL with the correct value (so that Mercure works correctly).

Example

SERVER_NAME=":80" CADDY_MERCURE_PUBLIC_URL="https://example.com/.well-known/mercure" docker compose up

This value can also be written explicitly in the compose.yaml file, if this is a more convenient option (in this case, there will be no need to change other environment variables).

 services:
   php:
     image: ${IMAGES_PREFIX:-}app-php
     restart: unless-stopped
     environment:
-      SERVER_NAME: ${SERVER_NAME:-localhost}, php:80
+      SERVER_NAME: :80
       MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
       MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}

Use custom port for FrankenPHP

To get a container with FrankenPHP on a different port in the host, it is enough to set the value of the required port for the environment variable HTTP_PORT.

Example (using TCP port 8080)

HTTP_PORT=8080 docker compose up

Similarly to the previous one, this value can be written explicitly in the compose.yaml file (at the same time disabling unnecessary, in the context of this issue, port forwarding).

 services:
   php:
     # ...
     ports:
       # HTTP
       - target: 80
-        published: ${HTTP_PORT:-80}
+        published: 8080
         protocol: tcp
-      # HTTPS
-      - target: 443
-        published: ${HTTPS_PORT:-443}
-        protocol: tcp
-      # HTTP/3
-      - target: 443
-        published: ${HTTP3_PORT:-443}
-        protocol: udp

[Arthur-LDH]

Current Configuration

My current compose.yaml has the following PHP service configuration:

# compose.yaml
services:
  php:
    image: ${IMAGES_PREFIX:-}app-php
    restart: unless-stopped

    environment:
      # Server Configuration
      SERVER_NAME: ':80'
      MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
      MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
      TRUSTED_PROXIES: ${TRUSTED_PROXIES:-127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16}
      TRUSTED_HOSTS: ^${SERVER_NAME:-example\.com|localhost}|php$$
      DATABASE_URL: mysql://${MYSQL_USER:-app}:${MYSQL_PASSWORD:-!ChangeMe!}@database:3306/${MYSQL_DATABASE:-app}?serverVersion=${MARIADB_VERSION:-11.2.2}&charset=${MYSQL_CHARSET:-utf8mb4}
      MERCURE_URL: https://${SERVER_NAME:-localhost}/.well-known/mercure
      MERCURE_PUBLIC_URL: https://${SERVER_NAME:-localhost}/.well-known/mercure
      MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
      SYMFONY_VERSION: ${SYMFONY_VERSION:-}
      STABILITY: ${STABILITY:-stable}
    volumes:
      - caddy_data:/data
      - caddy_config:/config
      - app_data:/app

    ports:
      # HTTP
      - target: 80
        published: 80
        protocol: tcp

      # HTTPS (Commented)
      #- target: 443
      #  published: ${HTTPS_PORT:-443}
      #  protocol: tcp

      # HTTP/3 (Commented)
      #- target: 443
      #  published: ${HTTP3_PORT:-443}
      #  protocol: udp

Despite having HTTPS and HTTP/3 ports commented out in the configuration, docker ps shows unexpected port mappings:

443/tcp, 0.0.0.0:80->80/tcp, :::80->80/tcp, 2019/tcp, 443/udp

[7-zete-7]

Thanks for detailed information, @Arthur-LDH!

The docker ps (docker container ls) command shows both published ports and exposed ports.

The information 443/tcp, 0.0.0.0:80->80/tcp, :::80->80/tcp, 2019/tcp, 443/udp means the following:

• 443/tcp: TCP port 433 is exposed
• 0.0.0.0:80->80/tcp: TCP port 80 is published on the 0.0.0.0:80 host's port
• :::80->80/tcp: TCP port 80 is published on the [::]:80 host's port
• 2019/tcp: TCP port 2019 is exposed
• 443/udp: UDP port 433 is exposed

See also:

• https://docs.docker.com/reference/cli/docker/container/ls/#publish-and-expose
• https://docs.docker.com/get-started/docker-concepts/running-containers/publishing-ports/