Caddy / NetMaker / Dockerized access ip in host level

themudhilmi · August 14, 2023, 8:32am

1. The problem I’m having:

I have installed Caddy in Docker Container
I also installed NetMaker

When I read forums it said that ways to reverse proxy a docker is by using
in this case I use portainer port*

domainhere {
       reverse_proxy localhost:9000
}

But above solutions aren’t working,
so I tried another solutions

domainhere  {
       reverse_proxy 127.0.0.1:9000
}

Above solutions also are not working
so I tried another solutions

I Do some experiment, I when I run ifconfig I got this prompt :

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:26ff:fef0:a145  prefixlen 64  scopeid 0x20<link>
        ether 02:42:26:f0:a1:45  txqueuelen 0  (Ethernet)

From above I see docker0, then I use 172.17.0.1 for the reverse proxy IP. and it worked!

domainhere  {
       reverse_proxy 172.17.0.1:9000
}

So above is what happened to me,
Here come the question.

How can I access host level IP for me to reverse proxy it?
I want to reverse proxy IPs inside my VPN tunnels.

below is the wg of tunnels connected to my server.



  allowed ips: 10.125.13.2/32
  latest handshake: 30 seconds ago
  transfer: 7.47 KiB received, 2.06 KiB sent
  persistent keepalive: every 20 seconds

2. Error messages and/or full log output:

None

3. Caddy version:

v2.6.2

4. How I installed and ran Caddy:

I use netmaker express installation.

a. System environment:

Ubuntu 20, Docker.

b. Command:

c. Service/unit/compose file:

d. My complete Caddy config:

  GNU nano 4.8                                                                                           Caddyfile                                                                                           Modified  
# Dashboard
https://dashboard.{$NM_DOMAIN} {
        tls /root/certs/fullchain.pem /root/certs/privkey.pem
        # Apply basic security headers
        header {
                # Enable cross origin access to *.{$NM_DOMAIN}
                Access-Control-Allow-Origin *.{$NM_DOMAIN}
                # Enable HTTP Strict Transport Security (HSTS)
                Strict-Transport-Security "max-age=31536000;"
                # Enable cross-site filter (XSS) and tell browser to block detected attacks
                X-XSS-Protection "1; mode=block"
                # Disallow the site to be rendered within a frame on a foreign domain (clickjacking protection)
                X-Frame-Options "SAMEORIGIN"
                # Prevent search engines from indexing
                X-Robots-Tag "none"
                # Remove the server name
                -Server
        }

        reverse_proxy http://netmaker-ui
}

# API
https://api.{$NM_DOMAIN} {
        tls /root/certs/fullchain.pem /root/certs/privkey.pem
        reverse_proxy http://netmaker:8081
}

# TURN
https://turn.{$NM_DOMAIN} {
        tls /root/certs/fullchain.pem /root/certs/privkey.pem
        reverse_proxy host.docker.internal:3479
}

# TURN API
https://turnapi.{$NM_DOMAIN} {
        tls /root/certs/fullchain.pem /root/certs/privkey.pem
        reverse_proxy http://host.docker.internal:8089
}

# MQ
wss://broker.{$NM_DOMAIN} {
        tls /root/certs/fullchain.pem /root/certs/privkey.pem
        reverse_proxy ws://mq:8883 # For EMQX websockets use `reverse_proxy ws://mq:8083`
}

# Portainer
docker.gementar.com {
        reverse_proxy portainer:9000 #This is not working but working when use the ip I stated above
}

5. Links to relevant resources:

francislavoie · August 14, 2023, 9:20pm

In what way is it not working?

You didn’t show any of your Caddy logs, nor any errors or example curl -v requests, as asked by the help topic template.

This isn’t valid, ws:// is a scheme only understood by browsers.

Same here, wss:// is not a valid scheme in servers. Remove it.

system · September 13, 2023, 9:20pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.