1. Caddy version (caddy version
):
v2.5.0
2. How I run Caddy:
Revers Proxy
a. System environment:
caddy runs as docker container on
Sles 15 wiht docker version: 20.10.12-ce
b. Command:
docker-compose up -d
c. Service/unit/compose file:
version: "3"
services:
caddy:
container_name: caddy
build:
context: .
dockerfile: Dockerfile
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./data/caddy:/data
- ./config:/config
ports:
- 80:80
- 443:443
network_mode: "host"
Promtail docker-compose file:
version: "3"
services:
grafana:
container_name: grafana
user: "0:0"
image: /grafana/grafana:latest
restart: always
depends_on:
- prometheus
- promtail
volumes:
- ./conf/grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
- ./conf/grafana/provisioning/dashboards:/etc/grafana/provisioning/dashboards
- ./data/grafana:/var/lib/grafana
environment:
GF_SECURITY_ADMIN_USER: ${GF_SECURITY_ADMIN_USER}
GF_SECURITY_ADMIN_PASSWORD: ${GF_SECURITY_ADMIN_PASSWORD}
GF_USERS_VIEWERS_EDIT: "true"
# GF_SERVER_ROOT_URL: {{ gf_server_root_url }}
GF_SERVER_DOMAIN: example.com
GF_SERVER_ROOT_URL: https://example.com/grafana/
GF_SERVER_SERVE_FROM_SUB_PATH: "true"
network_mode: "host"
promtail:
container_name: promtail
image: /grafana/promtail:latest
restart: always
environment:
- TZ=Europe/Berlin
command: -config.file=/etc/promtail-config/promtail.yml
volumes:
- ./conf/promtail/promtail.yml:/etc/promtail-config/promtail.yml
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- /var/log/:/var/log/:ro
network_mode: "host"
prometheus:
container_name: prometheus
user: "0"
image: prom/prometheus:latest
network_mode: "host"
volumes:
- ./conf/prometheus:/etc/prometheus
- ./data/prometheus:/prometheus
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
command:
- '--storage.tsdb.retention.time=1w'
- '--storage.tsdb.retention.size=800MB'
- '--log.level=error'
- '--storage.tsdb.wal-compression'
- '--config.file=/etc/prometheus/prometheus.yml'
- '--web.enable-lifecycle'
- '--web.enable-admin-api'
- '--storage.tsdb.path=data/'
# - '--web.config.file=/etc/prometheus/web.yml'
d. My complete Caddyfile config:
example.com {
handle /grafana* {
reverse_proxy 127.0.0.1:3000
}
handle /promtail* {
reverse_proxy 127.0.0.1:9080
}
handle /prometheus* {
reverse_proxy 127.0.0.1:9000
}
}
3. The problem I’m having:
I want to run the containers behind the reverse proxy, and encrypt the connection to individual services via HTTPS. I have a domain e.g. "example.com" and my services should be reached via the domain. e.g.
example.com/grafana
example.com/promtail
example.com/prometheus
With the attached caddyfile I can only reach Grafana, all other services are returned with 404.
4. Error messages and/or full log output:
{"level":"warn","ts":1652266503.1458752,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [example.com]: no OCSP server specified in certificate","identifiers":["example.com"]}
5. What I already tried:
If I configure so denn Caddyfile, then it works.
example.com
reverse_proxy /grafana* 127.0.0.1:3000