Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung		 Vorhergehende Überarbeitung
Nächste ÜberarbeitungBeide Seiten der Revision
content:serverbasics:docker-caddy [2024/01/08 19:39] Danielcontent:serverbasics:docker-caddy [2024/01/14 14:19] – [Create Caddy Yaml] Daniel
Zeile 11: Zeile 11:
 ===== DNS- Records ===== ===== DNS- Records =====
  
-You will also need a domainname like ''my.domain.tld'' and hostnames, that are resolvable for each service, so that ''service.my.domain.tld'' can be resolved from out of - and in the internet to point to your Server. If you do not have them already, this is how to get them.+You will also need a domainname like ''my.domain.tld'' and hostnames, that are resolvable for each service, so that ''service.my.domain.tld'' can be resolved from out of - and in the internet to point to your Server. If you do not have them already, read further, which descripbes how to get them. 
 + 
 ==== Register some Domain ==== ==== Register some Domain ====
  
Zeile 33: Zeile 35:
 For me, this would be ''mkdir /srv/docker-compose/caddy'' \\ For me, this would be ''mkdir /srv/docker-compose/caddy'' \\
 Change to that directory and create the following docker-compose.yml file in it, putting in the following: Change to that directory and create the following docker-compose.yml file in it, putting in the following:
-<file> 
  
 +<file>
 version: "3.8" version: "3.8"
  
Zeile 51: Zeile 53:
     cap_add:     cap_add:
       - NET_ADMIN       - NET_ADMIN
-initially i wanted to make networkmode host to acces ports on locahost directly +    healthcheck: 
-it turned out not to work in rootless- mode for security reasons +      test: "wget --no-verbose --tries=1 --spider https://obel1x.dynv6.net || exit 1" 
-so don't use host- mode. to access local services take the hostname directly, maybe define it static and add it to /etc/hosts +      interval: "60s" 
-e.g. pcserver:9000 - mind, that the port must be pubilshed by the other containers to the host +      timeout: "3s" 
-# NOT localhost:9000 - this is prevented by docker in rootless- mode ! +      start_period: "5s" 
-   network_mode: "host" +      retries: 3 
-set /etc/sysctl.conf to allow Port 80 and 443 with +Be sure, that docker daemon has access to unprivileged ports (beneath 1024) 
-# net.ipv4.ip_unprivileged_port_start = 80 +Thiscan be done by: 
-# net.ipv4.ip_unprivileged_port_start = 443 +setcap cap_net_bind_service=+ep /usr/bin/rootlesskit 
-# can also be set without booting: sysctl key = value +
-    ports: +# To access local services take the hostname directly, maybe define it static and add it to /etc/hosts 
-      - "80:80" +Mind, that the port must be pubilshed by the other containers to the host via ports or expose, or add them to the network 
-      - "443:443" +e.g. pcserver:9000 !!! NOT !!! localhost:9000 - this is prevented by docker in rootless- mode ! 
-      - "443:443/udp"+    network_mode: "host" 
 +#    ports: 
 +     - "80:80" 
 +     - "443:443" 
 +     - "443:443/udp"
  
 volumes: volumes:
Zeile 95: Zeile 101:
  
 Also, check that your Firewall has those Ports open on your hosts and that Port Forwarding in your Router is enabled for ipv4 and for ipv6 that the host+ports are not blocked. Also, check that your Firewall has those Ports open on your hosts and that Port Forwarding in your Router is enabled for ipv4 and for ipv6 that the host+ports are not blocked.
 +
  
 ===== Caddy Configuration ===== ===== Caddy Configuration =====
  • content/serverbasics/docker-caddy.txt
  • Zuletzt geändert: 2024/01/18 14:45
  • von Daniel