• Stars
    star
    242
  • Rank 167,048 (Top 4 %)
  • Language
    Dockerfile
  • License
    MIT License
  • Created about 7 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Automated Caddy reverse proxy for docker containers

caddy-gen

wemake.services test Dockerhub

A perfect mix of Caddy, docker-gen, and forego. Inspired by nginx-proxy.


Why

Using Caddy as your primary web server is super simple. But when you need to scale your application Caddy is limited to its static configuration.

To overcome this issue we are using docker-gen to generate configuration everytime a container spawns or dies. Now scaling is easy!

Configuration / Options

caddy-gen is configured with labels.

The main idea is simple. Every labeled service exposes a virtual.host to be handled. Then, every container represents a single upstream to serve requests.

NOTE: Caddy2 was introduced in version 0.3.0 causing BREAKING CHANGES.

Main configuration options:

  • virtual.host (required) domain name, don't pass http:// or https://, you can separate them with spaces.
  • virtual.alias domain alias, useful for www prefix with redirect. For example www.myapp.com. Alias will always redirect to the host above.
  • virtual.port port exposed by container, e.g. 3000 for React apps in development.
  • virtual.tls-email the email address to use for the ACME account managing the site's certificates (required to enable HTTPS).
  • virtual.tls alias of virtual.tls-email.
  • virtual.host.directives set custom Caddyfile directives for the host. These will be inlined into the site block.
  • virtual.host.import include Caddyfile directives for the host from a file on the container's filesystem. See Caddy import.

Basic authentication options:

Reverse proxy options:

  • virtual.proxy.matcher have the reverse proxy only match certain paths.
  • virtual.proxy.lb_policy specify load balancer policy, defaults to round_robin.
  • virtual.proxy.directives include any reverse_proxy directives. These will be inlined into the reverse proxy block.
  • virtual.proxy.import include any reverse_proxy directives from a file on the container's filesystem. See Caddy import.

To include a custom template:

  • mount a volume containing your custom template and/or snippet (they both may be Go templates and will be loaded by docker-gen).
  • set the environment variable CADDY_TEMPLATE to the mounted file containining your custom Caddyfile template. This will replace the default template.
  • set the environment variable CADDY_SNIPPET to the mounted file containining your custom Caddyfile snippet. This will be prepended to the caddy template, so you may use it to set Global Options, define snippet blocks, or add custom address blocks.
  • See example "Use a custom Caddy template for docker-gen"

Version build-time arguments

This image supports two build-time arguments:

  • FOREGO_VERSION to change the current version of forego
  • DOCKER_GEN_VERSION to change the current version of docker-gen

Usage

Caddy-gen is created to be used in a single container. It will act as a reverse proxy for the whoami service.

version: "3"
services:
  caddy-gen:
    container_name: caddy-gen
    image: "wemakeservices/caddy-gen:latest"
    restart: always
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro # needs socket to read events
      - ./caddy-info:/data/caddy # needs volume to back up certificates
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - whoami

  whoami: # this is your service
    image: "katacoda/docker-http-server:v2"
    labels:
      - "virtual.host=myapp.com" # your domain
      - "virtual.alias=www.myapp.com" # alias for your domain (optional)
      - "virtual.port=80" # exposed port of this container
      - "[email protected]" # ssl is now on
      - "virtual.auth.path=/secret/*" # path basic authentication applies to
      - "virtual.auth.username=admin" # Optionally add http basic authentication
      - "virtual.auth.password=JDJ5JDEyJEJCdzJYM0pZaWtMUTR4UVBjTnRoUmVJeXQuOC84QTdMNi9ONnNlbDVRcHltbjV3ME1pd2pLCg==" # By specifying both username and password hash

See docker-compose.yml example file.

Backing up certificates

To backup certificates make a volume:

services:
  caddy:
    volumes:
      - ./caddy-info:/data/caddy

Add or modify reverse_proxy headers

With the following settings, the upstream host will see its own address instead of the original incoming value. See Headers.

version: "3"
services:
  caddy-gen:
    image: "wemakeservices/caddy-gen:latest"
    restart: always
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro # needs socket to read events
      - ./caddy-info:/data/caddy # needs volume to back up certificates
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - whoami

  whoami:
    image: "katacoda/docker-http-server:v2"
    labels:
      virtual.host: myapp.com
      virtual.port: 80
      virtual.tls: [email protected]
      virtual.proxy.directives: |
        header_up Host {http.reverse_proxy.upstream.hostport}

Set up a static file server for a host

With the following settings, myapp.com will serve files from directory www and only requests to /api/* will be routed to the whoami service. See file_server.

version: "3"
services:
  caddy-gen:
    image: "wemakeservices/caddy-gen:latest"
    restart: always
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro # needs socket to read events
      - ./caddy-info:/data/caddy # needs volume to back up certificates
      - ./www:/srv/myapp/www # files served by myapp.com
    ports:
      - "80:80"
      - "443:443"
    depends_on:
      - whoami

  whoami:
    image: "katacoda/docker-http-server:v2"
    labels:
      virtual.host: myapp.com
      virtual.port: 80
      virtual.tls: [email protected]
      virtual.proxy.matcher: /api/*
      virtual.host.directives: |
        root * /srv/myapp/www
        templates
        file_server

Use a custom Caddy template for docker-gen

With this custom template, Caddy-gen will act as a reverse proxy for service containers and store their logs under the appropriate host folder in /var/logs.

# file: ./caddy/template
(redirectHttps) {
  @http {
    protocol http
  }
  redir @http https://{host}{uri}
}

(logFile) {
  log {
    output file /var/caddy/{host}/logs {
      roll_keep_for 7
    }
  }
}

{{ $hosts := groupByLabel $ "virtual.host" }}
{{ range $h, $containers := $hosts }}
{{ range $t, $host := split (trim (index $c.Labels "virtual.host")) " " }}
{{ $tls = trim (index $c.Labels "virtual.tls") }}
{{ $host }} {
  {{ if $tls }}
  tls {{ $tls }}
  import redirectHttps
  {{ end }}
  reverse_proxy {
    lb_policy round_robin
    {{ range $i, $container := $containers }}
    {{ range $j, $net := $container.Networks }}
    to {{ $net.IP}}:{{ or (trim (index $container.Labels "virtual.port")) "80" }}
    {{ end }}
    {{ end }}
  }
  encode zstd gzip
  import logFile
}
# file: docker-compose.yml
services:
  caddy-gen:
    volumes:
      # mount the template file into the container
      - ./caddy/template:/tmp/caddy/template
    environment:
      # CADDY_TEMPLATE will replace the default caddy template
      CADDY_TEMPLATE: /tmp/caddy/template

Set global options for Caddy

With this snippet, Caddy will request SSL certificates from the Let's Encrypt staging environment. This is useful for testing without running up against rate limits when you want to deploy.

# file: ./caddy/global_options
{
  acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
# file: docker-compose.yml
services:
  caddy-gen:
    volumes:
      # mount the template file into the container
      - ./caddy/global_options:/tmp/caddy/global_options
    environment:
      # CADDY_SNIPPET will prepend to the default caddy template
      CADDY_SNIPPET: /tmp/caddy/global_options

See also

Changelog

Full changelog is available here.

License

MIT. See LICENSE for more details.

More Repositories

1

wemake-python-styleguide

The strictest and most opinionated python linter ever!
Python
2,507
star
2

wemake-django-template

Bleeding edge django template focused on code quality and security.
Python
1,969
star
3

django-split-settings

Organize Django settings into multiple files and directories. Easily override and modify settings. Use wildcards and optional settings files.
Python
1,031
star
4

wemake-vue-template

Bleeding edge vue template focused on code quality and developer happiness.
TypeScript
730
star
5

django-test-migrations

Test django schema and data migrations, including migrations' order and best practices.
Python
521
star
6

wemake-python-package

Bleeding edge cookiecutter template to create new python packages
Python
395
star
7

flake8-eradicate

Flake8 plugin to find commented out or dead code
Python
304
star
8

dotenv-linter

☺️ Linting dotenv files like a charm!
Python
274
star
9

recase

♻️ Convert strings to any case.
Elixir
215
star
10

nuxt-imagemin

Nuxt module to minify your images. Works with: png, jpeg, gif, and svg
JavaScript
178
star
11

ecto_autoslug_field

Automatically create slugs for Ecto schemas.
Elixir
152
star
12

jekyll-theme-hackcss

Dead simple CSS framework now with Jekyll.
HTML
123
star
13

docker-image-size-limit

🐳 Keep an eye on your docker image size and prevent it from growing too big
Python
113
star
14

flake8-broken-line

🚨 Flake8 plugin to forbid backslashes (\) for line breaks
Python
108
star
15

kira-dependencies

🐿 Kira's micro-bot to update project dependencies
Ruby
102
star
16

dump-env

A utility tool to create .env files
Python
102
star
17

wemake-frontend-styleguide

Set of the strictest linters for your next frontend app
JavaScript
74
star
18

kira

🐿️ Project management framework with deep philosophy underneath
Elixir
70
star
19

coverage-conditional-plugin

Conditional coverage based on any rules you define!
Python
63
star
20

meta

Home of Repeatable Software Development Process
HTML
51
star
21

pravda

Python type-checker written in Rust
Makefile
33
star
22

nuxt-babel

Use normal .babelrc file with your Nuxt app
JavaScript
33
star
23

asyncio-redis-rate-limit

Rate limiter for async functions using Redis as a backend.
Python
30
star
24

vue-material-input

Simple implementation of Material Input with no dependencies
Vue
24
star
25

vue-analytics-facebook-pixel

A small wrapper around Facebook Pixel API
JavaScript
23
star
26

mypy-extras

A collection of extra types and features for mypy
Python
22
star
27

caddy-docker

Docker image for Caddy
Dockerfile
19
star
28

awesome-microtasking

List of awesome resources and companies that practice microtasking
15
star
29

jinja2-git

Jinja2 extension to handle git-specific things
Python
15
star
30

safe-assert

Safe and composable assert for Python that can be used together with optimised mode
Python
13
star
31

kira-stale

🐿️ Kira's micro-bot to fight with stale GitLab issues and merge requests
Procfile
13
star
32

pytest-modified-env

Pytest plugin to fail a test if it leaves modified `os.environ` afterwards.
Python
11
star
33

vue-material-ripple

Simple material ripple effect wrapped in a component
Vue
11
star
34

remark-lint-are-links-valid

This package allows to perform multiple checks on your links
JavaScript
11
star
35

wemake-django-rest

Create Django REST APIs the right way, no magic intended
HTML
11
star
36

wemake-dind

Our docker-in-docker image with Python
Dockerfile
10
star
37

stylelint-config-strict-scss

Deprecated, use wemake-frontend-styleguide instead
JavaScript
8
star
38

kira-review

🐿️ Kira's micro-bot to review merge requests before real humans
Ruby
7
star
39

django-pre-deploy-checks

Django checks that you should run on application deploy
Python
5
star
40

mimesis-cloud

Python
5
star
41

kira-release

🐿️ Kira's micro-bot to release your code and track changes
JavaScript
5
star
42

vue-material-radio

Simple implementation of Material Radio Button with no dependencies
Vue
4
star
43

eslint-config-flowtype-essential

Deprecated, use wemake-frontend-styleguide instead
JavaScript
4
star
44

kira-setup

🐿 Kira's micro-bot to setup new projects
Python
3
star
45

remark-lint-list-item-punctuation

This package allows to check either a list item ends with a period.
JavaScript
3
star
46

eslint-config-jsdoc-essential

Deprecated, use wemake-frontend-styleguide instead
JavaScript
2
star
47

.github

GitHub metadata
1
star
48

wemake-services.github.io

Company's website. As minimal as possible.
JavaScript
1
star