Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- content:serverbasics:docker-caddy [2024/01/14 21:17] – [Create Caddy Yaml] Daniel
+++ content:serverbasics:docker-caddy [2025/02/08 14:12] (aktuell) – Daniel
@@ Zeile 3: / Zeile 3: @@
 Caddy is a powerful full featured webserver, which is also easy to use and setup.
-In this guide i will show how to use Caddy as SSL- Proxy for your services to deliver them to the internet via name- based virtual hosting.
+In this guide i will show how to use Caddy as SSL- Reverse- Proxy for your services to deliver them to the internet via name- based virtual hosting.
 ===== Prerequisites =====
@@ Zeile 11: / Zeile 11: @@
 ===== DNS- Records =====
-You will also need a domainname like ''my.domain.tld'' and hostnames, that are resolvable for each service, so that ''service.my.domain.tld'' can be resolved from out of - and in the internet to point to your Server. If you do not have them already, read further, which descripbes how to get them.
+You will also need a domainname like ''my.domain.tld'' and hostnames, that are resolvable for each service, so that ''service.my.domain.tld'' can be resolved from out of - and in the internet to point to your Server. If you do not have them already, read here: [[.:network-dyndns|]]
+When your service sucessfully resolves, you can use it in Caddy as written beneath.
-==== Register some Domain ====
-There are many free Domainproviders out there. I chose dynv6 ( [[https://dynv6.com|https://dynv6.com]] ), but this should work with any of them.
-bla (not ready) blah - setup IPV4 , setup IPV6, bla link to [[.:network-dyndns|https://obel1x.de/dokuwiki/doku.php?id=content:serverbasics:network-dyndns|]]
-==== Define services ====
-After that, create an A-Name record (or AAAA- Name for ipv6) per service without specifying the ip, som that the dynamic ip of the domain will be taken. Only paste the servicename, dynv6 will automagically append your domain (service → service.my.domain.tld)
-In our example this would be nice:
-''portainer'' → ''portainer.my.domain.tld''
 ===== Create Caddy Yaml =====
@@ Zeile 35: / Zeile 23: @@
 For me, this would be ''mkdir /srv/docker-compose/caddy'' \\
 Change to that directory and create the following docker-compose.yml file in it, putting in the following:
 <file>
-version: "3.8"
 services:
@@ Zeile 53: / Zeile 39: @@
     cap_add:
       - NET_ADMIN
     healthcheck:
       test: "wget --no-verbose --tries=1 --spider https://www.servername.domainname.tld || exit 1"
@@ Zeile 69: / Zeile 54: @@
 #Do NOT use networkmode: "host", this will fail (Acme: Connection refused)!
 #    network_mode: "host"
-   ports:
+    ports:
-     - "80:80"
+      - "80:80"
-     - "443:443"
+      - "443:443"
-     - "443:443/udp"
+      - "443:443/udp"
 volumes:
   caddy_data:
-    driver: local
-    driver_opts:
-      device: ""
-      type: ""
-      o: "umask=0007"
   caddy_config:
-    driver: local
-    driver_opts:
-      device: ""
-      type: ""
-      o: "umask=0007"
   caddy_certs:
-    driver: local
-    driver_opts:
-      device: ""
-      type: ""
-      o: "umask=0007"
   caddy_sites:
-    driver: local
-    driver_opts:
-      device: ""
-      type: ""
-      o: "umask=0007"
 </file>
-Also, check that your Firewall has those Ports open on your hosts and that Port Forwarding in your Router is enabled for ipv4 and for ipv6 that the host+ports are not blocked.
+Also, check that your Firewall has those Port 80 + 443 open on your host and that Port Forwarding in your Router is enabled for ipv4 and for ipv6.
 ===== Caddy Configuration =====
@@ Zeile 109: / Zeile 73: @@
 if you omit the Caddyfile, the server will already work, but we can directly Skip those tests and create the file ''Caddyfile'' in that folder too with the following content:
 <file>
 https://portainer.my.domain.tld:443 {
         header Strict-Transport-Security max-age=31536000;
@@ Zeile 116: / Zeile 81: @@
 </file>
-replace mylocalhostname with your actual hostname (can be found out by calling hostname in your terminal).
+replace //mylocalhostname// with your actual hostname (can be found out by calling hostname in your terminal).
 Don't use localhost - see above. If you do not have a clue which hostname you have, better specify some fixed one which you can freely chose and edit ''/etc/hosts'' to have that name point to your local ip.
@@ Zeile 123: / Zeile 88: @@
 Thats all - use ''docker-compose up -d'' to start your container. In the Container- Logs you will see Caddy automagically create SSL- Certificates from lets encrypt if everything was setup the right way. Caddy will take care of renewal without the need to configure anything.
-You now have a powerful proxy, that can transparently deliver your Dockers to the world with SSL- encryption enabled.
+If the Caddy doe not return any Errors, you now have a powerful proxy, that can transparently deliver your Dockers to the world with SSL- encryption enabled.