Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung		 Vorhergehende Überarbeitung
content:serverbasics:docker-caddy [2024/01/12 20:41] – [Create Caddy Yaml] Danielcontent:serverbasics:docker-caddy [2024/01/18 14:45] (aktuell) – [Create Caddy Yaml] Daniel
Zeile 11: Zeile 11:
 ===== DNS- Records ===== ===== DNS- Records =====
  
-You will also need a domainname like ''my.domain.tld'' and hostnames, that are resolvable for each service, so that ''service.my.domain.tld'' can be resolved from out of - and in the internet to point to your Server. If you do not have them already, this is how to get them.+You will also need a domainname like ''my.domain.tld'' and hostnames, that are resolvable for each service, so that ''service.my.domain.tld'' can be resolved from out of - and in the internet to point to your Server. If you do not have them already, read further, which descripbes how to get them. 
 + 
 ==== Register some Domain ==== ==== Register some Domain ====
  
Zeile 52: Zeile 54:
       - NET_ADMIN       - NET_ADMIN
     healthcheck:     healthcheck:
-      test: "wget --no-verbose --tries=1 --spider https://obel1x.dynv6.net || exit 1"+      test: "wget --no-verbose --tries=1 --spider https://www.servername.domainname.tld || exit 1"
       interval: "60s"       interval: "60s"
       timeout: "3s"       timeout: "3s"
       start_period: "5s"       start_period: "5s"
       retries: 3       retries: 3
-initially i wanted to make networkmode host to acces ports on locahost directly +Be sure, that docker daemon has access to unprivileged ports (beneath 1024) 
-it turned out not to work in rootless- mode for security reasons +This can be archived by: 
-so don't use host- mode. to access local services take the hostname directly, maybe define it static and add it to /etc/hosts +setcap cap_net_bind_service=+ep /usr/bin/rootlesskit 
-e.g. pcserver:9000 - mind, that the port must be pubilshed by the other containers to the host +
-# NOT localhost:9000 - this is prevented by docker in rootless- mode !+# To access local servicestake the hostname directly, maybe define it static and add it to /etc/hosts on the host 
 +Mind, that the ports must be pubilshed by the other containers to the host via ports or expose, or add them to the network 
 +e.g. pcserver:9000 !!! NOT: !!! localhost:9000 - this is prevented by docker in rootless- mode 
 +#Do NOT use networkmode: "host", this will fail (Acme: Connection refused)!
 #    network_mode: "host" #    network_mode: "host"
-# set /etc/sysctl.conf to allow Port 80 and 443 with 
-# net.ipv4.ip_unprivileged_port_start = 80 
-# net.ipv4.ip_unprivileged_port_start = 443 
-# can also be set without booting: sysctl key = value 
     ports:     ports:
       - "80:80"       - "80:80"
Zeile 114: Zeile 115:
 </file> </file>
  
-replace mylocalhostname with your actual hostname (can be found out by calling hostname in your terminal).+replace //mylocalhostname// with your actual hostname (can be found out by calling hostname in your terminal).
  
 Don't use localhost - see above. If you do not have a clue which hostname you have, better specify some fixed one which you can freely chose and edit ''/etc/hosts'' to have that name point to your local ip. Don't use localhost - see above. If you do not have a clue which hostname you have, better specify some fixed one which you can freely chose and edit ''/etc/hosts'' to have that name point to your local ip.
 +
 +
 ===== Fetch and run the Caddy Container ===== ===== Fetch and run the Caddy Container =====
  
  • content/serverbasics/docker-caddy.1705092100.txt.gz
  • Zuletzt geändert: 2024/01/12 20:41
  • von Daniel