Can not access application running locally while Caddy runs in docker

1. The problem I’m having:

Hey, I am running caddy in a docker container as a proxy for several other containers.
Now I want to reverse proxy an application which is NOT in docker.
Using localhost in the Caddyfile wont work since it refers to the localhost of that caddy container.
I found this directive in order to add an entry to the /etc/hosts

extra_hosts:
      - host.docker.internal:host-gateway

Now my application needs to listen to the docker IP which it does:

./writefreely
2023/12/11 13:29:56 Starting WriteFreely 0.14.0...
2023/12/11 13:29:56 Loading config.ini configuration...
2023/12/11 13:29:56 Loading templates...
2023/12/11 13:29:56 Loading pages...
2023/12/11 13:29:56 Loading user pages...
2023/12/11 13:29:56 Loading encryption keys...
2023/12/11 13:29:56 Connecting to sqlite3 database...
2023/12/11 13:29:56 Adding {domain} routes (single user)...
2023/12/11 13:29:56 Going to serve...
2023/12/11 13:29:56 Serving on http://172.17.0.1:8080
2023/12/11 13:29:56 ---

However, I get a 502 and I am not sure what I am missing:

> curl -vL https://writing.ajfriesen.com
*   Trying 116.203.153.211:443...
* Connected to writing.ajfriesen.com (116.203.153.211) port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=writing.ajfriesen.com
*  start date: Dec 11 10:42:20 2023 GMT
*  expire date: Mar 10 10:42:19 2024 GMT
*  subjectAltName: host "writing.ajfriesen.com" matched cert's "writing.ajfriesen.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: writing.ajfriesen.com]
* h2 [:path: /]
* h2 [user-agent: curl/8.1.2]
* h2 [accept: */*]
* Using Stream ID: 1 (easy handle 0x12880bc00)
> GET / HTTP/2
> Host: writing.ajfriesen.com
> User-Agent: curl/8.1.2
> Accept: */*
>
< HTTP/2 502
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< content-length: 0
< date: Mon, 11 Dec 2023 12:33:38 GMT
<
* Connection #0 to host writing.ajfriesen.com left intact

I also double-checked the /etc/hosts file in the caddy container:

docker exec -it blog_caddy_1 /bin/sh
/srv # cat /etc/hosts
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.17.0.1	host.docker.internal
172.22.0.6	d90189e4a837

Any hint on what I am missing?

2. Error messages and/or full log output:

caddy_1  | {"level":"error","ts":1702297969.3458736,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:8080: connect: connection refused","request":{"remote_ip":"91.39.173.185","remote_port":"55953","client_ip":"91.39.173.185","proto":"HTTP/2.0","method":"GET","host":"writing.ajfriesen.com","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"],"Sec-Fetch-Site":["none"],"Sec-Ch-Ua":["\"Not_A Brand\";v=\"8\", \"Chromium\";v=\"120\", \"Google Chrome\";v=\"120\""],"Dnt":["1"],"Sec-Ch-Ua-Mobile":["?0"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Accept-Language":["en-US,en;q=0.9,de-DE;q=0.8,de;q=0.7,en-DE;q=0.6"],"Cache-Control":["max-age=0"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua-Platform":["\"macOS\""]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"writing.ajfriesen.com"}},"duration":0.000907213,"status":502,"err_id":"g9xv73f2c","err_trace":"reverseproxy.statusError (reverseproxy.go:1267)"}

3. Caddy version:

see docker compose

4. How I installed and ran Caddy:

a. System environment:

Docker

b. Command:

c. Service/unit/compose file:

  caddy:
    image: caddy:2.7
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "9000:9000"
    volumes:
      - $PWD/Caddyfile:/etc/caddy/Caddyfile
      - caddy-data:/data
    networks:
      - docker-network
    extra_hosts:
      - host.docker.internal:host-gateway

d. My complete Caddy config:

{
	# debug
	# Global options block. Entirely optional, https is on by default
	# Optional email key for lets encrypt
	email $MYMAIL
	# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

######

www.ajfriesen.com {
	reverse_proxy ghost:2368 {
		lb_try_duration 30s
	}
}

writing.ajfriesen.com {
	reverse_proxy host.docker.internal:8080

}

5. Links to relevant resources:

In the end, I converted the setup to run caddy locally without docker.

Have to add ports to my containers now, but the setup now is a bit easier.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.