Coder Social home page Coder Social logo

alpine-caddy's Introduction

Caddy Server on Alpine Linux

Build Status Docker Pulls

This is a Docker image for Caddyserver. This image runs with a base of Alpine-Linux making it extremely small, secure and fast.

This image can also be found on Docker Hub.

Usage

We recommend using our images in conjunction with Docker-Compose. This allows for easier creation of containers with the proper volumes and ports enabled.

We have included an example docker-compose file for use in a real project.

This image works with two defaults

  1. A default Caddyfile
  2. A default location inside the container for static files: /var/www/html

In order to use this image, we recommend running it with a volume connecting your static files to the root location of the docker file:

docker run -d -p 80:80 -v $(pwd)/public:/var/www/html zzrot/alpine-caddy

The server will be available at your.docker.machine.ip.

This is the bare minimum needed to use this image. Although further customization is made easier with a docker-compose file.

The benefits of building an image with a overrideable Caddyfile are that you can include your own by including another volume. To see a fully configured docker-compose file see this example.

For writing a custom Caddyfile please read this.

Middleware

Alpine-Caddy includes all Caddy Middleware and features. You can read more on these specific features in the Caddy User Guide.

Caddy as a reverse proxy

This image can also effectively be used as a reverse proxy. Included in the examples/ folder is an example Caddyfile.

The example docker-compose shows how to include your custom Caddyfile as a volume as well as an example proxy set up with containers.

Volumes

Alpine-Caddy has three locations where volumes can be linked to.

Static Files

In order to serve static content, alpine-caddy needs to be able to access your static files from inside of the container. To do this, link the directory of your static files with /var/www/html inside of the container.

For docker-compose.yml files, under the volumes declaration, include:

-  ./public:/var/www/html

or

docker run -v $(pwd)/public:/var/www/html

Custom Caddyfile

To upload a custom Caddyfile, link your Caddyfile to the directory /etc/Caddyfile in the container. For docker-compose.yml files, under the volumes declaration, include:

-  ./Caddyfile:/etc/Caddyfile

or

docker run -v $(pwd)/Caddyfile:/etc/Caddyfile zzrot/alpine-caddy

Certificate Persistance

If you use alpine-caddy to generate SSL certificates from Let's Encrypt, you should persist those certificates outside of the container. In the instance of a container failure, this allows the container to reuse the same certificates, instead of generating new ones from Let's Encrypt.

For information on including this into your Caddyfile see the Caddyfile tls specification.

The certificates are stored in /root/.caddy inside of the container, and thus you must connect an outside directory to that directory to allow persistance. For docker-compose.yml files, under the volumes declaration, include:

-  ./.caddy:/root/.caddy

or

docker run -v $(pwd)/.caddy:/root/.caddy

Contributing to Alpine-Caddy

Team members

Don't hesitate to get in contact with either one of us with problems, questions, etc.

Adding new features

  • Fork it!
  • Create your feature branch: git checkout -b my-new-feature
  • Commit your changes: git commit -am 'Add some feature'
  • Push to the branch: git push origin my-new-feature
  • Submit a pull request :D

Don’t get discouraged! We estimate that the response time from the maintainers is around: 24 hours.

Reporting Security Issues

If you discover a security issue in this Docker image, please report it by sending an email to [email protected]

This will allow us to assess the risk, and make a fix available before we add a bug report to the GitHub repository.

Thanks for helping make this image safe for everyone!

License

The code is available under the MIT License.

alpine-caddy's People

Contributors

killianbrackey avatar kilpatty avatar princemaple avatar stp-ip avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar

alpine-caddy's Issues

Can't get certificates when using proxy

When following the proxy example, I can only get the certificate for a top level node.

I get an error :

Activating privacy features...2016/06/27 21:33:40 [gitserver.www.xxx.yyy.zzz] failed to get certificate: acme: Error 400 - urn:acme:error:connection - DNS problem: NXDOMAIN looking up A for gitserver.www.xxx.yyy.zzz

And then the container crashes.

Any idea how to resolve this issue?

Feature request: VIRTUAL_HOST

if you look at https://github.com/BlackGlory/caddy-proxy you'll see that his package automatically regenerates a Caddyfile every time a new docker container gets fired. it looks at the environment variable, which contains the name we want the container to answer to, and maps appropriately.

it'd be great if this package could do this. reason: this package has 100+K pulls whilst BlackGlory's has 385 and gets no support. I can't make it work (I've already spent too much time trying) but I love the functionality

would it be difficult to do?

Add Reverse Proxy Testing

Add bats support for testing Alpine-Caddy as a Reverse Proxy and Proxying to multiple instances of Alpine-Caddy.

Run as Non-Root

Would be interesting to see how we can refactor the Dockerfile to see if we can run caddy as non-root to keep up with security recommendations from docker.

Drop Permissions on Root User

Double check if Caddy allows us to switch the root ports that caddy accepts, so that we can drop permissions on root and switch to user Caddy.

How to hook into the cert store of alpine-caddy

I want to use alpine-caddy to proxy to an external site with a self-signed cert that I can't change.

Previously I ran Caddy outside of a container and just added the cert to the hosts certstore. Now I think I have to add it somehow to the containers cert store. I could run with insecure_skip_verify but that would obviously be insecure.

Init Process

Look into the potential of creating an init process to handle zombie processes and the PID 1 problem. Potential 3rd party init systems: yelp's Dumb_init

Container not restarting on docker-gen notify-sighup

Hi guys,

I'm trying to configure docker-gen to template the Caddyfile to reverse proxy a few services.

I've noted that the caddy container does not seem to restart when sent a sighup. I have no idea if this is an issue with docker, caddy, or alpine-caddy.

Running Docker 1.11.2 on Ubuntu as well as 1.11.1-beta13.1 on a Mac, using docker kill -s hup <container> seems to restart any other given container in my docker-compose.yml, as expected, except for caddy which never comes back up again. docker restart caddy does restart the container properly, but I'm not sure I can achieve this from within the docker-gen container.

Edit: This appears to be caddy specific behaviour

Suggest placing Caddyfile in a folder other than `/root`

I'm using Kubernetes, and mounted a volume on /etc, which contains Caddyfile. DNS wasn't working as expected, and it's because I overwrote /etc/resolv.conf.

It's a minor thing but perhaps suggesting it be mounted on a more specific folder will make it less like that others fall into the same trap? Perhaps /etc/caddy.

I resolved mine by specifing the command to run to include -conf /path/to/my/Caddyfile

Binary moved: tini

caddy_1        | WARNING: Tini has been relocated to /sbin/tini.
caddy_1        | Please update your scripts to use /sbin/tini going forward.
caddy_1        | /usr/bin/tini has been preserved for backwards compatibility in Alpine 3.4,
caddy_1        | but WILL BE REMOVED in Alpine 3.5.

Kubernetes DNS

I'm using this on Kubernetes and I noticed that the Kube DNS doesn't work as expected. Would you know what needs to be done to get that working? /etc/resolv.conf doesn't exist on the image (see "troubleshooting tips" here).

I'm new to Kubernetes so it can certainly be the way I set things up - I'm taking the chance that you might know.

Unable to get a working configuration in docker-compose

Currently trying to use caddy as a reverse proxy for a simple web application hosted on a digitalocean droplet.

Although caddy seems to be configured correctly, the only response I get when accessing mysite.com is a 301 to a bad https page.

Caddyfile:

mysite.com {

	proxy / web:8083 {
		header_upstream Host {host}
		header_upstream X-Real-IP {remote}
		header_upstream X-Forwarded-Proto {scheme}
	}

	tls [email protected]
}

docker-compose.yml:

version: '2'

services:
  caddy:
    build: ./caddy 
    ports:
      - 80:80
    networks:
      - frontend
  web:
    build: ./src/web
    container_name: web
    expose:
      - "8083"
    restart: "always"
    networks:
      - frontend

networks:
  frontend:

volumes:
  data: { }

I'm building the caddyfile myself because using docker-compose volumes doesn't seem to put the file on a remote host, or I'll get an 'oci error' (for which all issues in the docker repo just blame aufs).

The dockerfile for caddy looks like this:

FROM zzrot/alpine-caddy
COPY ./.caddy /root/.caddy
COPY ./Caddyfile /etc/Caddyfile
CMD ["caddy", "--conf", "/etc/Caddyfile"]

If I run docker-compose up with the remote machine set in docker-machine, it gives the following output:
caddy_1 | Activating privacy features... done.

Any request to mysite.com returns a 301 to https://mysite.com, but that request doesn't seem to go anywhere.

Curl gives the following output:

mysite master % curl -v mysite.com
* Rebuilt URL to: mysite.com/
*   Trying 138.197.4.182...
* Connected to mysite.com (138.197.4.182) port 80 (#0)
> GET / HTTP/1.1
> Host: mysite.com
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: https://mysite.com/
< Server: Caddy
< Date: Wed, 02 Nov 2016 17:04:53 GMT
< Content-Length: 57
< Content-Type: text/html; charset=utf-8
<
<a href="https://mysite.com/">Moved Permanently</a>.

* Connection #0 to host mysite.com left intact

And in a browser, chrome just displays:

This site can’t be reached

mysite.com refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED

Any ideas? Maybe I've misconfigured something. I've checked other issues here and in the caddy repo and can't find anything with quite the same problem.

Just to note if I add a port: "8083" to the web service, I can hit it fine with a curl request.

should we enable quic by default?

I'm contemplating enabling quic by default for this image. I'm not sure if that would make any problems arise for anybody as it should default to not using quic if it is not supported.

Any objections to this should be contained in this issue.

Add PHP / MySQL example

Hi

Nice work you've done here. I wish you added a docker-compose example with a MySQL & phpfpm containers, but I can device that myself.

Cheers,

Docker for mac fails on: docker-compose up ./docker-compose.proxy-example.yml

Might be my lack of experience, but cant get docker-compose up to start the proxy example.

I am using the Docker for Mac:
Version 1.12.0-rc2-beta17 (build: 9779)

Googling around for solution found a few red herrings. So posting here to see if anyone sees what i am doing wrong.

Heres my attempt:

x-MacBook-Pro:examples apple$ pwd
/Users/apple/workspace/go/src/bitbucket.org/joe/md-x/_docs/Tech/Docker/alpine-caddy/examples
x-MacBook-Pro:examples apple$ ls -al
total 24
drwxr-xr-x   5 apple  staff  170 Jul  5 14:18 .
drwxr-xr-x  19 apple  staff  646 Jul  5 14:18 ..
-rw-r--r--   1 apple  staff  727 Jul  5 14:18 Caddyfile.proxy.example
-rw-r--r--   1 apple  staff  240 Jul  5 14:18 docker-compose.example.yml
-rw-r--r--   1 apple  staff  597 Jul  5 14:18 docker-compose.proxy-example.yml
x-MacBook-Pro:examples apple$ docker-compose up ./docker-compose.proxy-example.yml
ERROR: 
        Can't find a suitable configuration file in this directory or any
        parent. Are you in the right directory?

        Supported filenames: docker-compose.yml, docker-compose.yaml

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.