search

lucaslorentz / caddy-docker-proxy

Caddy as a reverse proxy for Docker
MIT License
2.86k stars 168 forks source link

Ignore services in other networks #660

Closed pikeas closed 1 week ago

pikeas commented 2 weeks ago

I have two Caddy instances:

services:
    public-ingress:
        ...
        networks: [public]
    intranet-ingress:
        ...
        networks: [intranet]

And a bunch of services:

services:
    service-a:
        ...
        networks: [intranet]
        deploy:
            labels:
                caddy: service-a.internal-corp.company.com
                caddy.reverse_proxy: "{{upstreams 1111}}"
    service-b:
        ...
        networks: [public]
        deploy:
            labels:
                caddy: api.company.com
                caddy.reverse_proxy: "{{upstreams 2222}}"

The issue is that the intranet Caddy sees the public labels, and vice versa:

{"level":"warn","logger":"docker-proxy","msg":"Service is not in same network as caddy","service":"service-b","serviceId":"1234"}

Everything is configured as intended, service-b attaches to only the public network and can't see the intranet Caddy. Because Caddy has a Docker socket from a management node, it sees the labels for every Swarm service and thinks service-b is misconfigured.

Possible changes:

lucaslorentz commented 1 week ago

For your use case, you can configure each caddy to use a different label prefix. See --label-prefix or CADDY_DOCKER_LABEL_PREFIXin the readme.

If you configure for example one caddy to monitor labels with prefix "caddy-p", and the other to monitor labels with "caddy-i". Then you can choose which caddy instance containers should target by defining labels like:

caddy-p: service-a.internal-corp.company.com
caddy-p.reverse_proxy: "{{upstreams 1111}}"

Or even expose a service on both caddy by writing labels twice.

lucaslorentz commented 1 week ago

That will not only reduce the warn messages, but will reduce the overhead of processing unnecessary labels.

pikeas commented 1 week ago

This is exactly what I'm looking for, thank you!

The README mentions --label-prefix in a code block under the Caddy CLI section, which is easy to miss. Please consider adding a "Running multiple Caddies" section to the docs.