Caddy as reverse proxy in docker refuses to connect to other containers

1. Caddy version (caddy version):

caddy:2-alpine

2. How I run Caddy:

i run caddy through docker-compose, but in different files for different project. Right now I try to run a portainer alongside it. Those are the compose files:

a. System environment:

docker on linux

b. Command:

docker-compose up -d

c. Service/unit/compose file:

Caddy

version: '3.9'

services:
  caddy:
    image: caddy:2-alpine
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - certs-volume:/data
      - caddy_config:/config

volumes:
  certs-volume:
  caddy_config:

networks:
  default:
    external:
      name: caddy

and the portainer file

version: '3.9'

services:
  portainer:
    image: portainer/portainer-ce
    container_name: portainer
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data portainer/portainer
    entrypoint: /portainer -p :80
    ports:
      - "1000:80"

volumes:
  portainer_data:

networks:
  default:
    external:
      name: caddy

d. My complete Caddyfile or JSON config:

Caddyfile

{
    email simonheiss87@gmail.com
    # acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

smallhetzi.fading-flame.com {
    reverse_proxy portainer:1000
}

3. The problem Iā€™m having:

The certificates are being generated fine, this is working, but when i call the url, I get a 502 because caddy can not connect to the portainer container.

4. Error messages and/or full log output:

{
	"level": "error",
	"ts": 1629873106.715402,
	"logger": "http.log.error",
	"msg": "dial tcp 172.20.0.2:1000: connect: connection refused",
	"request": {
		"remote_addr": "89.247.255.231:15146",
		"proto": "HTTP/2.0",
		"method": "GET",
		"host": "smallhetzi.fading-flame.com",
		"uri": "/",
		"headers": {
			"Accept-Encoding": [
				"gzip, deflate, br"
			],
			"Accept-Language": [
				"de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7"
			],
			"Cache-Control": [
				"max-age=0"
			],
			"User-Agent": [
				"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36"
			],
			"Sec-Fetch-Site": [
				"none"
			],
			"Accept": [
				"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
			],
			"Sec-Fetch-Mode": [
				"navigate"
			],
			"Sec-Fetch-User": [
				"?1"
			],
			"Sec-Fetch-Dest": [
				"document"
			],
			"Sec-Ch-Ua": [
				"\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"92\""
			],
			"Sec-Ch-Ua-Mobile": [
				"?0"
			],
			"Upgrade-Insecure-Requests": [
				"1"
			]
		},
		"tls": {
			"resumed": false,
			"version": 772,
			"cipher_suite": 4865,
			"proto": "h2",
			"proto_mutual": true,
			"server_name": "smallhetzi.fading-flame.com"
		}
	},
	"duration": 0.000580828,
	"status": 502,
	"err_id": "pq78d9hen",
	"err_trace": "reverseproxy.statusError (reverseproxy.go:857)"
}

5. What I already tried:

When I replace the Caddyfile with something like that:

Caddyfile

smallhetzi.fading-flame.com {
    reverse_proxy 65.21.139.246:1000
}

everything works fine, but I dont want to spread my IP over the Caddyfile. Is there something I am missing for docker environments? I also tried other versions, with http:// in front or making it in the same compose file, but that did not work either.

6. Links to relevant resources:

When proxying between containers, you need to use the port on which the containers listen to inside the docker network, not the one you bound to the host machine for that service. In this case, that would be port 80 instead of 1000, because portainer listens on port 80 by default.

1 Like

that is amazing, thanks a lot!

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.