search

lucaslorentz / caddy-docker-proxy

Caddy as a reverse proxy for Docker
MIT License
2.86k stars 168 forks source link

Removing invalid block in Caddyfile #563

Closed Nojwe closed 9 months ago

Nojwe commented 9 months ago

Caddy image has been build with Docker Proxy and DuckDNS module. Docker compose: 

version: '3.9'
services:
  caddy:
    build:
      context: .
      dockerfile: Dockerfile
    restart: unless-stopped
    environment:
      - TZ=America/New_York
      - MY_DOMAIN=domain.duckdns.org
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - /mnt/docker/caddy/Caddyfile:/etc/caddy/Caddyfile
      - caddy:/data
      - caddy:/config
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - swarmoverlay
    deploy:
      labels:
        caddy.acme_dns: duckdns 123456789

volumes:
  caddy:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.12.100,nfsvers=4"
      device: ":/volume3/docker/caddy"

networks:
  swarmoverlay:
    external: true

Docker compose for service I’m trying to proxy:

version: '3.9'
services:
  homepage:
    image: ghcr.io/gethomepage/homepage:latest
    ports:
      - 3003:3000
    volumes:
      - homepage:/app/config
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - swarmoverlay
    deploy:
      labels:
        caddy: "home.domain.duckdns.org"
        caddy.reverse_proxy: "{{upstreams 3000}}"
        caddy.dns.ca: https://acme-staging-v02.api.letsencrypt.org/directory

volumes:
  homepage:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.12.100,nfsvers=4"
      device: ":/volume3/docker/homepage"

networks:
  swarmoverlay:
    external: true

Every time I start up Caddy and Homepage, I get the following message repeated until I stop Caddy: level":"info","ts":1703621001.5702834,"logger":"docker-proxy","msg":"Process Caddyfile","logs":"[ERROR] Removing invalid block: Caddyfile:2: unrecognized directive: dns\nhome.domain.duckdns.org {\n\tdns {\n\t\tca https://acme-staging-v02.api.letsencrypt.org/directory\n\t}\n\treverse_proxy 172.12.12.5:3000\n}\n\n"}

That seems to point to something being incorrect in the labels I’m using, but I can’t find it. I do not have any additional configs in my Caddyfile at this time.

lucaslorentz commented 9 months ago

I'm not familiar with many caddy features/directives. Can you please share what the Caddyfile should look like for DNS configs?

Nojwe commented 9 months ago

DuckDNS is just used for a DNS challenge to get a valid cert. I’m not exposing any services. This is how I had the Caddyfile set up before:

{
          acme_dns duckdns 123456789
 }

@radarr host 
handle @radarr {
         reverse_proxy 192.168.12.110:7878
 }
lucaslorentz commented 9 months ago

Your labels for global settings looks good:

caddy.acme_dns: duckdns 123456789

will generate:

{
         acme_dns duckdns 123456789
}

But then the dns directive you added to your website is not supported, that's what the error message is about.

home.domain.duckdns.org {
    dns {
        ca https://acme-staging-v02.api.letsencrypt.org/directory
    }
    reverse_proxy 172.12.12.5:3000
}

Are you sure a dns directive should be allowed inside a website?

lucaslorentz commented 9 months ago

Found this: https://caddyserver.com/docs/caddyfile/directives/tls It is possible to configure a CA inside a TLS directive. Like:

home.domain.duckdns.org {
    tls {
        ca https://acme-staging-v02.api.letsencrypt.org/directory
    }
    reverse_proxy 172.12.12.5:3000
}

So, your label should be:

caddy.tls.ca: https://acme-staging-v02.api.letsencrypt.org/directory

Instead of:

caddy.dns.ca: https://acme-staging-v02.api.letsencrypt.org/directory
Nojwe commented 9 months ago

Thanks, that sorted it.