1. Caddy version (caddy version):
2.5.0
2. How I run Caddy:
Basic kubernetes deployment of official caddy:2.5.0 docker image with caddyfile in configmap.
a. System environment:
Google kubernetes engine.
b. Command:
kubectl apply -f deployment.yml
c. Service/unit/compose file:
apiVersion: apps/v1
kind: Deployment
metadata:
name: caddy2
spec:
replicas: 1
selector:
matchLabels:
app: caddy2
template:
metadata:
labels:
app: caddy2
spec:
containers:
- name: caddy
image: caddy:2.5.0
resources:
requests:
memory: 0.2G
cpu: 0.2
limits:
memory: 0.5G
cpu: 0.6
ports:
- containerPort: 80
- containerPort: 443
- containerPort: 2015
volumeMounts:
- name: caddyfile
mountPath: /etc/caddy/Caddyfile
subPath: Caddyfile
- name: caddy-certstore
mountPath: /data/caddy/
- name: caddyfile-snippets
mountPath: /etc/caddy/includes/caddyfile-snippets
subPath: caddyfile-snippets
terminationGracePeriodSeconds: 15
volumes:
- name: caddy-certstore
nfs:
server: nfs-slow.kube-system.svc.cluster.local
path: /caddy2
readOnly: false
- name: caddyfile
configMap:
name: caddyfile2
- name: caddyfile-snippets
configMap:
name: caddyfile-snippets
d. My complete Caddyfile or JSON config:
Sorry I had to replace the exact domain names, but the editor won’t let me post the exact domain since its apparently banned word. Its not really relevant for this issue I’m having though, it does not work for me with any domain.
includes/Caddyfile-snippets:
(global) {
@blacklistheaders {
header Referer https://malicious.com/
}
route @blacklistheaders {
respond " " 401 {
close
}
}
@blacklistips {
remote_ip 10.0.1.24
}
route @blacklistips {
respond " " 401 {
close
}
}
log {
output stdout
}
}
(basicproxy) {
{args.0} {
import global
reverse_proxy {args.1}
}
}
Caddyfile:
import includes/*
import basicproxy "frontend1.macs-cloud.com, frontend2.macs-cloud.com" backend:80
3. The problem I’m having:
I expected that the list of domains can be used in snippet via {args.0}. I wanted to make more snippets such as the mentioned one for future use, being able to proxy varying number of domains in one go.
It does interpret comma-space separated list in string as one domain though.
This would be the result I was looking for:
frontend1.macs-cloud.com, frontend2.macs-cloud.com {
@blacklistheaders {
header Referer https://malicious.com/
}
route @blacklistheaders {
respond " " 401 {
close
}
}
@blacklistips {
remote_ip 10.0.1.24
}
route @blacklistips {
respond " " 401 {
close
}
}
log {
output stdout
}
reverse_proxy backend:80
}
4. Error messages and/or full log output:
I get:
Error during parsing: Site addresses cannot contain a comma ',': 'frontend1.macs-cloud.com, frontend2.macs-cloud.com' - put a space after the comma to separate site addresses
5. What I already tried:
Some searching, but no luck.