1. The problem I’m having:
Hi,
I am using Caddy as reverse proxy and it works great. Now I want to add some modules to secure my services.
I want to add some GeoIP protection to block foreign traffic using the Maxmind database,
I am using Docker on Unraid. I downloaded the “GeoLite2-Country.mmdb” file and chmod 777 the file.
The problem:
It seems like Caddy can not open or even view the database. I also set the permission of the folder to 777.
I also tried to automaticaly update the database using the maxmind docker. The download of the database worked, but still the same error.
Thanks a lot in advance for your help!
2. Error messages and/or full log output:
{"level":"info","ts":1697533370.8660548,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1697533370.8669739,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1697533370.867428,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
{"level":"info","ts":1697533370.8675396,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1697533370.8675478,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1697533370.867623,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0002de500"}
{"level":"info","ts":1697533370.867636,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc0002de500"}
Error: loading initial config: loading new config: loading http app module: provision http: server srv0: setting up route handlers: route 0: loading handler modules: position 0: loading module 'subroute': provision http.handlers.subroute: setting up subroutes: route 1: loading matcher modules: module name 'maxmind_geolocation': provision http.matchers.maxmind_geolocation: cannot open database file /mnt/user/appdata/caddy/: open /mnt/user/appdata/caddy/: no such file or directory
3. Caddy version:
CaddyV2, 2.7.5-builder, Docker
4. How I installed and ran Caddy:
I build Caddy using a Dockerfile. I run the Docker container using the Unraid Docker UI and my prebuild Docker image.
a. Dockerfile:
FROM caddy:2.7.5-builder AS builder
RUN xcaddy build \
--with github.com/porech/caddy-maxmind-geolocation
FROM caddy:2.7.5
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
b. My complete Caddy config:
{
email mymail@email.com
}
service.example.com {
@mygeofilter {
maxmind_geolocation {
db_path /myfilepath/appdata/caddy/
allow_countries IT DE
}
}
header {
Permissions-Policy interest-cohort=()
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
X-Frame-Options DENY
}
reverse_proxy @mygeofilter Service:8080
}
5. Links to relevant resources:
Caddy Docker: Docker
Maxmind Module: GitHub - porech/caddy-maxmind-geolocation: Caddy v2 module to filter requests based on source IP geolocation