1. The problem I’m having:
Hey, I am running caddy in a docker container as a proxy for several other containers.
Now I want to reverse proxy an application which is NOT in docker.
Using localhost in the Caddyfile wont work since it refers to the localhost of that caddy container.
I found this directive in order to add an entry to the /etc/hosts
extra_hosts:
- host.docker.internal:host-gateway
Now my application needs to listen to the docker IP which it does:
./writefreely
2023/12/11 13:29:56 Starting WriteFreely 0.14.0...
2023/12/11 13:29:56 Loading config.ini configuration...
2023/12/11 13:29:56 Loading templates...
2023/12/11 13:29:56 Loading pages...
2023/12/11 13:29:56 Loading user pages...
2023/12/11 13:29:56 Loading encryption keys...
2023/12/11 13:29:56 Connecting to sqlite3 database...
2023/12/11 13:29:56 Adding {domain} routes (single user)...
2023/12/11 13:29:56 Going to serve...
2023/12/11 13:29:56 Serving on http://172.17.0.1:8080
2023/12/11 13:29:56 ---
However, I get a 502 and I am not sure what I am missing:
> curl -vL https://writing.ajfriesen.com
* Trying 116.203.153.211:443...
* Connected to writing.ajfriesen.com (116.203.153.211) port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: CN=writing.ajfriesen.com
* start date: Dec 11 10:42:20 2023 GMT
* expire date: Mar 10 10:42:19 2024 GMT
* subjectAltName: host "writing.ajfriesen.com" matched cert's "writing.ajfriesen.com"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: writing.ajfriesen.com]
* h2 [:path: /]
* h2 [user-agent: curl/8.1.2]
* h2 [accept: */*]
* Using Stream ID: 1 (easy handle 0x12880bc00)
> GET / HTTP/2
> Host: writing.ajfriesen.com
> User-Agent: curl/8.1.2
> Accept: */*
>
< HTTP/2 502
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< content-length: 0
< date: Mon, 11 Dec 2023 12:33:38 GMT
<
* Connection #0 to host writing.ajfriesen.com left intact
I also double-checked the /etc/hosts file in the caddy container:
docker exec -it blog_caddy_1 /bin/sh
/srv # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.1 host.docker.internal
172.22.0.6 d90189e4a837
Any hint on what I am missing?
2. Error messages and/or full log output:
caddy_1 | {"level":"error","ts":1702297969.3458736,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8080: connect: connection refused","request":{"remote_ip":"91.39.173.185","remote_port":"55953","client_ip":"91.39.173.185","proto":"HTTP/2.0","method":"GET","host":"writing.ajfriesen.com","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"],"Sec-Fetch-Site":["none"],"Sec-Ch-Ua":["\"Not_A Brand\";v=\"8\", \"Chromium\";v=\"120\", \"Google Chrome\";v=\"120\""],"Dnt":["1"],"Sec-Ch-Ua-Mobile":["?0"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Accept-Language":["en-US,en;q=0.9,de-DE;q=0.8,de;q=0.7,en-DE;q=0.6"],"Cache-Control":["max-age=0"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua-Platform":["\"macOS\""]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"writing.ajfriesen.com"}},"duration":0.000907213,"status":502,"err_id":"g9xv73f2c","err_trace":"reverseproxy.statusError (reverseproxy.go:1267)"}
3. Caddy version:
see docker compose
4. How I installed and ran Caddy:
a. System environment:
Docker
b. Command:
c. Service/unit/compose file:
caddy:
image: caddy:2.7
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "9000:9000"
volumes:
- $PWD/Caddyfile:/etc/caddy/Caddyfile
- caddy-data:/data
networks:
- docker-network
extra_hosts:
- host.docker.internal:host-gateway
d. My complete Caddy config:
{
# debug
# Global options block. Entirely optional, https is on by default
# Optional email key for lets encrypt
email $MYMAIL
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
######
www.ajfriesen.com {
reverse_proxy ghost:2368 {
lb_try_duration 30s
}
}
writing.ajfriesen.com {
reverse_proxy host.docker.internal:8080
}