1. Caddy version (caddy version
):
$ docker exec -it caddy /bin/sh
/srv # caddy version
v2.5.0-rc.1 h1:d/ivzqaW+ht8J4yD+XI9omgCDIbQCDOD5AzKPTwkwWk=
2. How I run Caddy:
$ cat tmp/Dockerfile
FROM caddy:2.5.0-rc.1-builder-alpine AS builder
RUN xcaddy build --with github.com/caddy-dns/cloudflare
FROM caddy:2.5.0-rc.1-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
$ cat docker-compose.yml
version: "3.7"
services:
caddy:
build: ./tmp
hostname: caddy
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- $PWD/Caddyfile:/etc/caddy/Caddyfile
- $PWD/sites:/srv
- caddy_data:/data
- caddy_config:/config
volumes:
caddy_data:
name: caddy_caddy_data
external: true
caddy_config:
networks:
default:
name: caddy_net
external: true
$ docker-compose up -d
$ cat Caddyfile
{
acme_ca https://acme-v02.api.letsencrypt.org/directory
}
(cloudflare) {
tls user@hotmail.com {
dns cloudflare <credentials>
}
}
(vips_only) {
@fuck_off_world {
not remote_ip <my_IP_during_tests>
}
respond @fuck_off_world 403
}
ldap.example.com {
import cloudflare
import vips_only
respond "LDAP host for EXAMPLE.COM here!"
# later - reverse_proxy phpldapadmin
}
a. System environment:
-` admin@vps.example.com
.o+` ----------------------
`ooo/ OS: Arch Linux x86_64
`+oooo: Host: KVM/QEMU (Standard PC (i440FX + PIIX, 1996) pc-i440fx-5.2)
`+oooooo: Kernel: 5.15.35-1-lts
-+oooooo+: Uptime: 2 hours, 12 mins
`/:-:++oooo+: Packages: 207 (pacman)
`/++++/+++++++: Shell: bash 5.1.16
`/++++++++++++++: Resolution: 1024x768
`/+++ooooooooooooo/` Terminal: /dev/pts/1
./ooosssso++osssssso+` CPU: AMD EPYC 7282 (6) @ 2.794GHz
.oossssso-````/ossssss+` GPU: 00:02.0 Vendor 1234 Device 1111
-osssssso. :ssssssso. Memory: 259MiB / 16001MiB
:osssssss/ osssso+++.
/ossssssss/ +ssssooo/-
`/ossssso+/:- -:/+osssso+-
`+sso+:-` `.-/+oso:
`++:. `-/+/
.` `/
$ docker --version
Docker version 20.10.14, build a224086349
$ docker-compose --version
Docker Compose version 2.4.1
3. The problem Iâm having:
Itâs possible another docker container access (read only, preferably) the certificates that Caddy maintains on volume âcaddy_dataâ (on the host, â/var/lib/docker/volumes/caddy_caddy_data/_data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/â).
I would like to run GitHub - osixia/docker-openldap: A docker image to run OpenLDAP đł and use the certificate that Caddy obtained.
I need to âshareâ or âaccessâ the volume âcaddy_dataâ to map some environment variables:
LDAP_TLS_CRT_FILENAME
LDAP_TLS_KEY_FILENAME
and maybe
LDAP_TLS_CA_CRT_FILENAME (this one when I used Lego to get certificates there was a file â*issuer.crtâ together with .crt and .key. In Caddy, I donât knowâŚ
Tried to do some configuration on docker-compose.yml of docker-openldap but without success.
version: '2'
services:
openldap:
image: osixia/openldap:1.5.0
hostname: ldap
container_name: openldap
restart: unless-stopped
ports:
#- "389:389"
- "636:636"
volumes:
- ldap_data:/var/lib/ldap
- ldap_config:/etc/ldap/slapd.d
- certs:/caddy/certificates/acme-v02.api.letsencrypt.org-directory/ldap.example.com:/container/service/slapd/assets/certs
...
LDAP_TLS_CRT_FILENAME: "ldap.example.com.crt"
LDAP_TLS_KEY_FILENAME: "ldap.example.com.key"
# ??? LDAP_TLS_CA_CRT_FILENAME: "ldap.example.com.issuer.crt"
...
volumes:
ldap_data:
ldap_config:
certs:
name: caddy_caddy_data
external: true
...
I see that isnât working because OpenLDAP do not âseeâ the certificate on Caddy and generates a self-signed.
*** INFO | 2022-04-24 23:44:01 | Running /container/run/startup/:ssl-tools...
*** INFO | 2022-04-24 23:44:01 | Running /container/run/startup/slapd...
*** INFO | 2022-04-24 23:44:01 | openldap user and group adjustments
*** INFO | 2022-04-24 23:44:01 | get current openldap uid/gid info inside container
*** INFO | 2022-04-24 23:44:01 | -------------------------------------
*** INFO | 2022-04-24 23:44:01 | openldap GID/UID
*** INFO | 2022-04-24 23:44:01 | -------------------------------------
*** INFO | 2022-04-24 23:44:01 | User uid: 911
*** INFO | 2022-04-24 23:44:01 | User gid: 911
*** INFO | 2022-04-24 23:44:01 | uid/gid changed: false
*** INFO | 2022-04-24 23:44:01 | -------------------------------------
*** INFO | 2022-04-24 23:44:01 | updating file uid/gid ownership
*** INFO | 2022-04-24 23:44:01 | No certificate file and certificate key provided, generate:
*** INFO | 2022-04-24 23:44:01 | /container/service/slapd/assets/certs/ldap.setic.poa.br.crt and /container/service/slapd/assets/certs/ldap.setic.poa.br.key
Any ideas?