1. Caddy version (caddy version
): 2.4.1
2. How I run Caddy:
a. System environment:
Docker 20.10.7 on Ubuntu 18.04
b. Command:
docker-compose -f docker-compose.yml -f docker-compose.azurevm-highperf-caddy.yml up
c. Service/unit/compose file:
docker-compose.yml
:
version: "2"
services:
elasticsearch:
build:
context: elasticsearch/
volumes:
- elasticsearch-data:/usr/share/elasticsearch/data
- ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
environment:
node.name: elasticsearch
cluster.initial_master_nodes: elasticsearch
ES_CLUSTER_NAME: search-cluster
ES_DATA_DIR: /usr/share/elasticsearch/data
networks:
- elk
volumes:
elasticsearch-data:
driver: local
networks:
elk:
driver: bridge
docker-compose.azurevm-highperf-caddy.yml
:
version: "2"
services:
elasticsearch:
restart: always
environment:
ES_JAVA_OPTS: "-Xmx4000m -Xms4000m"
caddy:
image: caddy:2.4.1
container_name: caddy
restart: always
volumes:
- ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy-config:/config
- ./caddy-data:/data
environment:
- DOMAIN=adv-es-https-test-1.westeurope.cloudapp.azure.com
- EMAIL=a@skwar.me
- LOG_FILE=/data/access.log
ports:
- 80:80
- 443:443
networks:
- elk
depends_on:
- elasticsearch
d. My complete Caddyfile or JSON config:
{$DOMAIN}:443
handle_path /elasticsearch* {
basicauth bcrypt Elasticsearch {
Bob JDJhJDEwJEVCNmdaNEg2Ti5iejRMYkF3MFZhZ3VtV3E1SzBWZEZ5Q3VWc0tzOEJwZE9TaFlZdEVkZDhX
}
reverse_proxy http://elasticsearch:9200
}
3. The problem I’m having:
With the above configuration, changing/adding/removing usernames/passwords for basic auth would require a change of the Caddyfile
and a restart or reload of caddy.
In nginx or Apache, the authentication data (usernames/passwords) is read from external htpasswd files. No restart/reload of server daemon is needed. It’s also easier to change the auth data by simply executing something along the lines of htpasswd -Bb /etc/nginx/htpasswd Secret "${password}"
Note: I’m not talking about adding htpasswd compatability. It’s fine if there’s a different tool or format. I’m talking about having the auth data (in whatever format) in an external file.
4. Error messages and/or full log output:
n/a
5. What I already tried:
n/a
6. Links to relevant resources:
n/a