1. Caddy version (caddy version
):
xcaddy build v2.4.6 --with github.com/baldinof/caddy-supervisor
2. How I run Caddy:
Caddyfile and caddy run
inside a podman container
a. System environment:
MacOS 12.3 Monterey
Running a container with podman using podman run -it --rm -p 127.0.0.1:8097:8097 --network slirp4netns
b. Command:
caddy run
c. Service/unit/compose file:
FROM caddy:2.4.6-builder AS caddybuilder
RUN xcaddy build \
--with github.com/baldinof/caddy-supervisor
FROM caddy:2.4.6
RUN apk add --update sudo
RUN adduser -D portal \
&& echo "portal ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/portal \
&& chmod 0440 /etc/sudoers.d/portal
ARG application_env
ARG memcache_save_path
ENV APPLICATION_ENV=$application_env
ENV MEMCACHED_SESSION_STORAGE_SAVE_PATH=$memcache_save_path
run apk --no-cache add git openssh-client
# https://github.com/nunomaduro/phpinsights/issues/43#issuecomment-917389852
RUN apk --no-cache add php7-mbstring php7-iconv
RUN apk --no-cache add php7-fpm php7-phar php7-json php7-openssl php7-simplexml php7-pdo
COPY --from=caddybuilder /usr/bin/caddy /usr/bin/caddy
COPY --from=composer:latest /usr/bin/composer /usr/bin/composer
ADD webserver /project/webserver
WORKDIR /project/webserver
RUN composer install --no-dev --optimize-autoloader --no-scripts --no-plugins --prefer-dist --no-interaction
ADD tools/runtime_config /project/runtime_config
run mkdir /project/runtime /project/logs
WORKDIR /project/runtime_config
run chown portal /project/runtime /project/logs
USER portal
CMD ["/usr/bin/env", "caddy", "run"]
d. My complete Caddyfile or JSON config:
{
admin off
auto_https off
supervisor {
./php-fpm -p . -c . -y fpm.conf -F {
redirect_stdout stdout
redirect_stderr stderr
}
}
}
:8087 {
@trailing-slash {
path_regexp dir (.+)/$
}
@not-trailing-slash {
path_regexp dir (.+)[^/]$
}
root * ../../webserver/portal
php_fastcgi unix/../runtime/fpm.sock {
try_files @trailing-slash {re.dir.1}.php {re.dir.1}/index.php
try_files @not-trailing-slash {path}.php {path}/index.php =404
}
log
encode zstd gzip
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /not-found.php
reverse_proxy @404 unix/../runtime/fpm.sock {
transport fastcgi {
split .php
}
}
}
}
3. The problem I’m having:
It appears caddy binds to localhost in the podman container and so when I curl from the host I get refused
I can’t work out how to make it so that caddy binds to 0.0.0.0:8087 and nothing else. In dev use I’ll use this outside of podman locally but I’m trying to test it on my mac before I push it up to google cloud run and not being able to reach it from outside is frustrating.
5. What I already tried:
if I try
0.0.0.0:8087 {
...
}
Then caddy complains
2022/04/04 05:30:44 [WARNING] Site block has unspecified IP address 0.0.0.0 which only matches requests having that Host header; you probably want the 'bind' directive to configure the socket
and curl continues to be refused from the host
so I try
bind 0.0.0.0:8087 {
...
}
but then
run: loading initial config: loading new config: http app module: start: tcp: listening on :443: listen tcp :443: bind: permission denied
and I don’t know how to tell caddy I don’t want it to use 443.