search

lucaslorentz / caddy-docker-proxy

Caddy as a reverse proxy for Docker
MIT License
2.61k stars 163 forks source link

[Q] Moving from plain Caddy #579

Closed wsw70 closed 4 months ago

wsw70 commented 5 months ago

I am considering moving from plain Caddy to caddy-docker-proxy because it ultimately makes more sense in my case: I have a wildcard search for Caddyfiles in my Caddy configuration and the service-specific configuration is kept next to the docker-compose.yml file. It will be easier to just merge both.

I have, however, some global configurations in the main Caddyfile (and since the service-specifc Caddyfiles get ultimately merged with it I can refer to these global settings in snippets).

Where should I define them? In the caddy-docker-proxy docker-compose.yml? (← I do not yet understand how the label-based definitions get merged and turned into the final configuration that is actually executed via caddy-docker-proxy).

To take a practical example, this is my main Caddyfile (the one for the "caddy" container that does the reverse proxying):

{
    admin 0.0.0.0:2015
    email XX@YY
    # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
    log {
        level ERROR
    }
}

# first import authelia config
import /etc/docker/authelia/caddy-authelia.conf

# import other config files
import /etc/docker/*/Caddyfile

Then /etc/docker/authelia/caddy-authelia.conf defines a snipped used in other configurations:

https://authelia.XX {
    reverse_proxy authelia:9091 {
        trusted_proxies private_ranges
    }
}

(authenticate-with-authelia) {
    @forceAuth {
        not remote_ip private_ranges
        not header x-authelia-token XX
        }
    forward_auth @forceAuth authelia:9091 {
        uri /api/verify?rd=https://authelia.XX/
        copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
        trusted_proxies private_ranges
    }
}

And finally the snippets are used as

https://grafana.XX {
    import authenticate-with-authelia
    reverse_proxy grafana-grafana-1:3000
}

My concerns are about where to define

francislavoie commented 5 months ago

You can provide a base Caddyfile which CDP adds label-generated config to. Or yes, you can put global options labels on your CDP container (because it will always be running when you need it)

wsw70 commented 4 months ago

Thank you @francislavoie (I will be therefore moving to CDP in a few days). My initial concern raised mostly from the introduction the docs (emphasis mine)

This plugin enables Caddy to be used as a reverse proxy for Docker containers via labels.

All the examples point to CDP being an actual reverse proxy, and not merely a plugin to something (caddy, I guess). Now I understand that this is, in practical terms, a drop-in replacement

francislavoie commented 4 months ago

Yeah just think of CDP as a Docker-aware config generator. That's all it is.