Closed f1amy closed 11 months ago
You can add http://caddy
as a site address (comma separated) to allow requests from another container.
If you add that, depending on the level of paranoia, you may want to reject requests with that hostname from non-private IP ranges.
@francislavoie, I don't quite understand where should I add this site address, let me add an example:
services:
proxy:
image: lucaslorentz/caddy-docker-proxy:alpine
ports:
- 80
environment:
- CADDY_INGRESS_NETWORKS=docker-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- docker-proxy
service-a:
image: nginx:alpine
labels:
caddy: http://*.service-a.localhost
caddy.reverse_proxy: "{{upstreams 80}}"
networks:
- docker-proxy
service-b:
image: nginx:alpine
labels:
caddy: http://service-b.localhost
caddy.reverse_proxy: "{{upstreams 80}}"
networks:
- docker-proxy
networks:
docker-proxy:
If I'm on host, I can curl -X GET http://anything.service-a.localhost
.
But if I'm inside service-b, I get unknown host error.
caddy: http://*.service-a.localhost
becomes caddy: "http://*.service-a.localhost, http://proxy"
and then make your services request http://proxy/something
(where proxy
is the name of your Caddy docker service)
The problem you have is that localhost
while inside a container means "this same container", so you can't use localhost
to route between container.
@francislavoie Thanks for the reply, using http://caddy does seem to work for one service, however, this does not solve my problem entirely.
I want to be able to use dynamic hosts to call the service that I need.
The example:
services:
proxy:
image: lucaslorentz/caddy-docker-proxy
ports:
- 80:80
environment:
- CADDY_INGRESS_NETWORKS=caddy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- caddy_data:/data
networks:
- caddy
service-a:
image: nginx:alpine
ports:
- 8081:80
networks:
- caddy
labels:
caddy: http://*.service-a.localhost, http://*.service-a.proxy
caddy.reverse_proxy: "{{upstreams 80}}"
service-b:
image: nginx:alpine
ports:
- 8082:80
networks:
- caddy
labels:
caddy: http://service-b.localhost, http://service-b.proxy
caddy.reverse_proxy: "{{upstreams 80}}"
volumes:
caddy_data:
networks:
caddy:
Doing curl -I http://service-b.proxy
from service-a results in:
curl: (6) Could not resolve host: service-b.proxy
I don't know how to make it work.
You'd need to add extra_hosts
to your proxy service for Docker to know how to route that hostname. Unfortunately Docker doesn't offer a way to do wildcard aliases https://github.com/moby/moby/issues/43442 https://github.com/moby/moby/pull/43444
Oh, that's a shame. I had the feeling that this is not possible without workarounds.
Speaking of workarounds, will caddy docker proxy respect X-Forwarded-Host
header to do dynamic routing?
Like curl -X GET http://proxy -H "X-Forwarded-Host: any-wildcard.service-a.caddy"
?
Anyway, this issue could be closed I guess.
No, only Host
. The X-Forwarded-Host
header is an application layer thing. Host
is HTTP layer.
FWIW your other option is you can run a DNS server in your stack like dnsmasq or CoreDNS which could get around those Docker DNS limitations.
@f1amy did you managed to solve this?
@annas-atchia-bocasay open a new issue if you need help.
I added caddy docker proxy to my docker-compose file and configured services with labels to be accessible via proxy. It is working great when making requests from the host system (I use localhost as base domain).
The question is, how to make requests to my services from inside the docker network? For a hypothetical service A with configured caddy-docker-proxy label
caddy: https://service-a.something.localhost
, if I'm inside hypothetical service B, how do I make a request like this:curl -X GET https://service-a.something.localhost/something
?