Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
content:serverbasics:docker-caddy [2024/01/08 19:26] – angelegt Daniel | content:serverbasics:docker-caddy [2024/01/18 14:45] (aktuell) – [Create Caddy Yaml] Daniel | ||
---|---|---|---|
Zeile 11: | Zeile 11: | ||
===== DNS- Records ===== | ===== DNS- Records ===== | ||
- | You will also need a domainname like '' | + | You will also need a domainname like '' |
+ | |||
==== Register some Domain ==== | ==== Register some Domain ==== | ||
Zeile 20: | Zeile 22: | ||
==== Define services ==== | ==== Define services ==== | ||
- | After that, create an A-Name record (or AAAA- Name for ipv6) per service without specifying the ip, som that the dynamic ip of the domain will be taken. | + | After that, create an A-Name record (or AAAA- Name for ipv6) per service without specifying the ip, som that the dynamic ip of the domain will be taken. |
+ | |||
+ | In our example this would be nice: | ||
+ | '' | ||
===== Create Caddy Yaml ===== | ===== Create Caddy Yaml ===== | ||
Zeile 30: | Zeile 35: | ||
For me, this would be '' | For me, this would be '' | ||
Change to that directory and create the following docker-compose.yml file in it, putting in the following: | Change to that directory and create the following docker-compose.yml file in it, putting in the following: | ||
- | < | ||
+ | < | ||
version: " | version: " | ||
Zeile 48: | Zeile 53: | ||
cap_add: | cap_add: | ||
- NET_ADMIN | - NET_ADMIN | ||
- | # initially i wanted | + | healthcheck: |
- | # it turned out not to work in rootless- mode for security reasons | + | test: "wget --no-verbose --tries=1 --spider https:// |
- | # so don't use host- mode. to access local services take the hostname directly, maybe define it static and add it to / | + | interval: " |
- | # e.g. pcserver: | + | timeout: " |
- | # NOT localhost: | + | start_period: |
+ | retries: 3 | ||
+ | # Be sure, that docker daemon has access | ||
+ | # This can be archived by: | ||
+ | # setcap cap_net_bind_service=+ep / | ||
+ | # | ||
+ | # To access local services, take the hostname directly, maybe define it static and add it to / | ||
+ | # Mind, that the ports must be pubilshed by the other containers to the host via ports or expose, or add them to the network | ||
+ | # e.g. pcserver: | ||
+ | #Do NOT use networkmode: | ||
# network_mode: | # network_mode: | ||
- | # set / | ||
- | # net.ipv4.ip_unprivileged_port_start = 80 | ||
- | # net.ipv4.ip_unprivileged_port_start = 443 | ||
ports: | ports: | ||
- " | - " | ||
Zeile 89: | Zeile 100: | ||
</ | </ | ||
+ | |||
+ | Also, check that your Firewall has those Ports open on your hosts and that Port Forwarding in your Router is enabled for ipv4 and for ipv6 that the host+ports are not blocked. | ||
+ | |||
+ | |||
===== Caddy Configuration ===== | ===== Caddy Configuration ===== | ||
if you omit the Caddyfile, the server will already work, but we can directly Skip those tests and create the file '' | if you omit the Caddyfile, the server will already work, but we can directly Skip those tests and create the file '' | ||
< | < | ||
- | https:// | + | https:// |
header Strict-Transport-Security max-age=31536000; | header Strict-Transport-Security max-age=31536000; | ||
- | reverse_proxy | + | reverse_proxy |
} | } | ||
</ | </ | ||
+ | |||
+ | replace // | ||
+ | |||
+ | Don't use localhost - see above. If you do not have a clue which hostname you have, better specify some fixed one which you can freely chose and edit ''/ | ||
+ | |||
+ | |||
+ | ===== Fetch and run the Caddy Container ===== | ||
+ | |||
+ | Thats all - use '' | ||
+ | |||
+ | You now have a powerful proxy, that can transparently deliver your Dockers to the world with SSL- encryption enabled. | ||