Change ports for usage inside a Container

1. My Caddy version (caddy -version):

(devel)

Should be v2, I am using the Container from Docker Hub “caddy/caddy:alpine”

2. How I run Caddy:

I am starting Caddy with podman on a ArchLinux machine.

a. System environment:

OS, relevant versions, systemd? docker? etc.
ArchLinux, Podman not Docker.

b. Command:

podman run --name web_server -d -p 80:8080 -v ./caddy/Caddyfile:/etc/caddy/Caddyfile -v /var/server/web:/var/server/web caddy/caddy:alpine

d. My complete Caddyfile:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace the line below with your
# domain name.
# Before it was :8080, that works. But i want to use the automatic HTTPS
www.mydomain.com 

# Set this path to your site's directory.
root * /var/server/web

# Enable the static file server.
file_server

# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8888

# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000

# Refer to the Caddy docs for more information:
# https://github.com/caddyserver/caddy/wiki/v2:-Documentation

3. The problem I’m having:

I would like to set my domain in the Caddyfile, but I dont want Caddy to bind port 80 or 443 inside the Container. I would like to forward port 80 to 8080 and port 443 to 8081.

So the external ports are 80 and 443, but I don’t want Caddy to bind them. Why not? Because of Security restrictions to the containers I am using.

So Caddy should be able to bind use my Domain for HTTPS with Let’s Encrypt because would be available at port 80 and 443, but should not bind that ports! I would love to set the HTTP and HTTPS ports which are used on my own AND use the automatic HTTPS stuff. :slight_smile:

4. Error messages and/or full log output:

Just the errors that my container is not allowed to bind lower ports like 80 or 443.

5. What I already tried:

I read the documentation and the forum and could not find a solution for my environment.

6. Links to relevant resources:

None

Hi Simon! Welcome around.

This seems to be a shortcoming of rootless containers in general, and rootless Podman in particular. The page I’ve linked lists solutions.

1 Like

Hey Mohammed,

thank you for the answer.
I know about the restrictions of podman and I think they are good and useful. That’s the reason I don’t want to change the behavior of podman. I would prefer to configure Caddy to bind ports which I want to use and still start the automatic HTTPS procedure because for the outside world the ports 80 and 443 are available.

I would like to say: Caddy use 8081 for HTTPS and 8080 for HTTP, I will take care that the correct requests are forwarded to you.

Is that possible with a Caddyfile, or maybe with a Json configuration?

With JSON, use http_port and https_port parameters: https://caddyserver.com/docs/json/apps/http/

With Caddyfile, use http_port and https_port options: https://caddyserver.com/docs/caddyfile/options

2 Likes

Thank you Matt!

I somehow missed that global options block! Works like a charme now! Even http2 is there! Thank you! :grinning:

Regards
Simon

2 Likes