Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- content:serverbasics:docker-caddy [2024/01/08 19:39] – Daniel
+++ content:serverbasics:docker-caddy [2024/09/08 18:48] (aktuell) – [Create Caddy Yaml] Daniel
@@ Zeile 11: / Zeile 11: @@
 ===== DNS- Records =====
-You will also need a domainname like ''my.domain.tld'' and hostnames, that are resolvable for each service, so that ''service.my.domain.tld'' can be resolved from out of - and in the internet to point to your Server. If you do not have them already, this is how to get them.
+You will also need a domainname like ''my.domain.tld'' and hostnames, that are resolvable for each service, so that ''service.my.domain.tld'' can be resolved from out of - and in the internet to point to your Server. If you do not have them already, read further, which descripbes how to get them.
 ==== Register some Domain ====
@@ Zeile 33: / Zeile 35: @@
 For me, this would be ''mkdir /srv/docker-compose/caddy'' \\
 Change to that directory and create the following docker-compose.yml file in it, putting in the following:
 <file>
-version: "3.8"
 services:
   caddy:
@@ Zeile 51: / Zeile 51: @@
     cap_add:
       - NET_ADMIN
-# initially i wanted to make networkmode host to acces ports on locahost directly
+    healthcheck:
-# it turned out not to work in rootless- mode for security reasons
+      test: "wget --no-verbose --tries=1 --spider https://www.servername.domainname.tld || exit 1"
-# so don't use host- mode. to access local services take the hostname directly, maybe define it static and add it to /etc/hosts
+      interval: "60s"
-# e.g. pcserver:9000 - mind, that the port must be pubilshed by the other containers to the host
+      timeout: "3s"
-# NOT localhost:9000 - this is prevented by docker in rootless- mode !
+      start_period: "5s"
+      retries: 3
+# Be sure, that docker daemon has access to unprivileged ports (beneath 1024)
+# This can be archived by:
+# setcap cap_net_bind_service=+ep /usr/bin/rootlesskit
+#
+# To access local services, take the hostname directly, maybe define it static and add it to /etc/hosts on the host
+# Mind, that the ports must be pubilshed by the other containers to the host via ports or expose, or add them to the network
+# e.g. pcserver:9000 !!! NOT: !!! localhost:9000 - this is prevented by docker in rootless- mode !
+#Do NOT use networkmode: "host", this will fail (Acme: Connection refused)!
 #    network_mode: "host"
-# set /etc/sysctl.conf to allow Port 80 and 443 with
-# net.ipv4.ip_unprivileged_port_start = 80
-# net.ipv4.ip_unprivileged_port_start = 443
-# can also be set without booting: sysctl key = value
     ports:
       - "80:80"
@@ Zeile 68: / Zeile 73: @@
 volumes:
   caddy_data:
-    driver: local
-    driver_opts:
-      device: ""
-      type: ""
-      o: "umask=0007"
   caddy_config:
-    driver: local
-    driver_opts:
-      device: ""
-      type: ""
-      o: "umask=0007"
   caddy_certs:
-    driver: local
-    driver_opts:
-      device: ""
-      type: ""
-      o: "umask=0007"
   caddy_sites:
-    driver: local
-    driver_opts:
-      device: ""
-      type: ""
-      o: "umask=0007"
 </file>
-Also, check that your Firewall has those Ports open on your hosts and that Port Forwarding in your Router is enabled for ipv4 and for ipv6 that the host+ports are not blocked.
+Also, check that your Firewall has those Port 80 + 443 open on your host and that Port Forwarding in your Router is enabled for ipv4 and for ipv6.
 ===== Caddy Configuration =====
@@ Zeile 107: / Zeile 93: @@
 </file>
-replace mylocalhostname with your actual hostname (can be found out by calling hostname in your terminal).
+replace //mylocalhostname// with your actual hostname (can be found out by calling hostname in your terminal).
 Don't use localhost - see above. If you do not have a clue which hostname you have, better specify some fixed one which you can freely chose and edit ''/etc/hosts'' to have that name point to your local ip.
 ===== Fetch and run the Caddy Container =====