Open radokristof opened 2 months ago
francislavoie
commented
2 months ago You need to run docker compose up -d to have Docker recreate the containers that had labels changed. Labels are set at container creation time, they aren't changed if you just save your compose.yml.
If that's not the problem, then please share more about your setup and the steps you take. Can't help without more information, we're forced to make assumptions.
radokristof
commented
2 months ago Sorry, yes I was a vague about my setup. I actually do recreate the containers after changing the labels. I just can't see any logs/sign that the proxy even notices the change in the labels.
Caddy version: v2.7.6
My Dockerfile:
ARG CADDY_VERSION=latest
FROM caddy:builder AS builder
RUN xcaddy build \
--with github.com/lucaslorentz/caddy-docker-proxy/v2 \
--with github.com/caddy-dns/cloudflare \
--with github.com/greenpau/caddy-security \
--with github.com/WeidiDeng/caddy-cloudflare-ip
FROM caddy:${CADDY_VERSION}
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
CMD ["caddy", "docker-proxy"]An example docker-compose.yml:
services:
frontail:
container_name: frontail
build: .
command: /log/logger/logfile --ui-highlight --ui-highlight-preset /preset/basic.json --theme basic -l 5000 -n 500 --disable-usage-stats
volumes:
- ./preset:/preset
restart: always
networks:
- default
- caddy
labels:
caddy: test.example.com
caddy.reverse_proxy: "{{ upstreams 9001 }}"
caddy.basicauth.user: ${AUTH_KEY}
env_file:
- ./.env
environment:
TZ: Europe/Budapest
networks:
caddy:
name: caddy
external: trueHere is my redacted caddy-config, which is generated upon container restart:
{
order authenticate before respond
order authorize before reverse_proxy
acme_dns cloudflare REDACTED_API_KEY
email test@example.com
log access {
format json
include http.log.access http.handlers.reverse_proxy
level DEBUG
output file /var/log/caddy/access.log {
roll_keep 5
roll_keep_for 2160h
roll_size 1gb
}
}
log default {
exclude http.log.access
format json
level INFO
output file /var/log/caddy/runtime.log {
roll_keep 3
roll_keep_for 720h
roll_size 500mb
}
}
security {
authentication portal example_sso {
crypto default token lifetime 3600
enable identity provider generic
cookie domain example.hu
ui {
links {
Profile /auth/profile icon "las la-user-cog"
"Who Am I" /auth/whoami icon "las la-user"
}
meta author "Example"
meta description "Authentication Portal"
meta title "Web Authentication Portal"
static_asset assets/images/example.png images/png /assets/img/example.png
static_asset assets/images/example_logo.png images/png /assets/img/example_logo.png
template login /assets/templates/example/login.template
template portal /assets/templates/example/portal.template
template whoami /assets/templates/example/whoami.template
}
transform user {
action add role authp/admin
match realm generic
}
}
authorization policy logger_policy {
set auth url https://auth.example.com/auth
allow roles authp/admin
}
oauth identity provider generic {
realm generic
driver generic
client_id caddy_REDACTED
client_secret REDACTED_35cf5ab1e1c823d44d86ade590562fd4
scopes openid email profile
base_auth_url https://sso.example.com
metadata_url https://sso.example.com/.well-known/openid-configuration
}
authentication portal example_sso_cloud {
crypto default token lifetime 3600
enable identity provider generic
cookie domain example.cloud
ui {
links {
Profile /auth/profile icon "las la-user-cog"
"Who Am I" /auth/whoami icon "las la-user"
}
meta author "example"
meta description "Authentication Portal"
meta title "Web Authentication Portal"
static_asset assets/images/example.png images/png /assets/img/example.png
static_asset assets/images/example_logo.png images/png /assets/img/example_logo.png
template login /assets/templates/example/login.template
template portal /assets/templates/example/portal.template
template whoami /assets/templates/example/whoami.template
}
transform user {
action add role authp/admin
match realm generic
}
}
}
servers {
trusted_proxies cloudflare {
interval 12h
timeout 15s
}
}
}
:2019 {
metrics
}
auth.example.cloud {
route /auth* {
authenticate with example_sso_cloud
}
route /* {
redir https://auth.example.cloud/auth/ 302
}
}
auth.example.hu {
route /auth* {
authenticate with example_sso
}
route /* {
redir https://auth.example.hu/auth/ 302
}
}
automate.example.cloud {
reverse_proxy 192.168.5.10:8080
}
log.example.cloud {
authorize with logger_policy
reverse_proxy 192.168.5.2:9001
}
dev.phpadmin.example.cloud {
reverse_proxy 192.168.5.8:80
}
docs.example.cloud {
reverse_proxy 192.168.5.13:3000
}
drone.example.hu {
reverse_proxy 192.168.5.9:80
}
git.example.cloud {
reverse_proxy 192.168.5.22:80
}
graphs.example.cloud {
reverse_proxy 192.168.5.21:3000
}
influx.example.cloud {
reverse_proxy 192.168.5.18:8086
}
log.example.cloud {
authorize with logger_policy
reverse_proxy 192.168.5.5:9001
}
example.app, www.example.app {
redir * https://example.hu/
}
example.cloud, erp.example.cloud {
reverse_proxy 192.168.5.12:80 {
header_down Strict-Transport-Security max-age=15552000;
}
}@francislavoie Do you have any idea why it is not working like this? I have tried rebuilding, removing parts of config, etc... still no luck.
Most of the time, the config is not reloaded automatically, I need to restart the caddy-docker-proxy container to reload the config. For example, I had an already added domain, I added basicauth to that domain via
docker-composelabels. The change was not visible, until I restarted the proxy container.Where should I look, what is causing this issue?