Connect caddy to container on host network

Bamboozilla · July 9, 2020, 12:44am

1. Caddy version (`caddy version`): 2.1.1-alpine

2. How I run Caddy:

Actually I don’t have a working configuration so far.

a. System environment:

Hardware: Raspberry pi 4,
raspberry os: 4.19.118-v71+
Systemd: 241
Docker: 18.09.01

b. Command:

No command so far

c. Service/unit/compose file:

My current docker-compose configuration with traefik

(it works fine except for the adguardhome part: see below)

networks:
  default:
    driver: bridge

services:
  traefik:
    container_name: traefik
    image: traefik:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.fructose`)"
      - "traefik.http.services.traefik-svc.loadbalancer.server.port=8080"
    networks:
      - default
    ports:
      - "80:80"
      - "443:443"
    restart: always
    volumes:
      - ./traefik/traefik.toml:/etc/traefik/traefik.toml
      - ./traefik/dynamic_conf.toml:/etc/traefik/dynamic_conf.toml
      - /var/run/docker.sock:/var/run/docker.sock:ro

  portainer:
    container_name: portainer
    image: portainer/portainer:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer-rtr.rule=Host(`portainer.fructose`)"
      - "traefik.http.services.portainer-svc.loadbalancer.server.port=9000"
    networks:
      - default
    restart: always
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/opt/portainer:/data

  adguard:
    container_name: adguard
    image: adguard/adguardhome:armhf-edge
    ports:
      - "53:53"
      - "67:67/udp"
      - "68:68/udp"
      - "6443:443/tcp"
      - "8201:80/tcp"
      - "853:853/tcp"
      - "3000:3000/tcp"
    #labels:
    #  - "traefik.enable=true"
    #  - "traefik.http.routers.adguard-rtr.rule=Host(`adguard.fructose`)"
    #  - "traefik.http.services.adguard-svc.loadbalancer.server.port=80"
    network_mode: host
    #networks:
    #  - default
    restart: always
    volumes:
      - /etc/opt/adguardhome:/opt/adguardhome/conf
      - /opt/adguardhome/work:/opt/adguardhome/work

  deconz:
    image: marthoc/deconz
    container_name: deconz
    network_mode: host
    restart: always
    volumes:
      - /opt/deconz:/root/.local/share/dresden-elektronik/deCONZ
    devices:
      - /dev/ttyACM0
    environment:
      - TZ=Europe/Paris
      - DECONZ_WEB_PORT=8600
      - DECONZ_WS_PORT=8601
      - DEBUG_INFO=0
      - DEBUG_APS=0
      - DEBUG_ZCL=0
      - DEBUG_ZDP=0
      - DEBUG_OTAU=0


  nodered:
    container_name: nodered
    image: nodered/node-red:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nodered-rtr.rule=Host(`nodered.fructose`)"
      - "traefik.http.services.nodered-svc.loadbalancer.server.port=1880"
    networks:
      - default
    restart: always
    volumes:
      - /etc/opt/nodered:/data

  mosquito:
    container_name: mosquito
    image: eclipse-mosquitto:latest
    networks:
      - default
    restart: always
    volumes:
      - /etc/opt/mosquitto/mosquito.conf:/mosquito/config/mosquito.conf


  grafana:
    container_name: grafana
    image: grafana/grafana:latest
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.grafana-rtr.rule=Host(`grafana.fructose`)"
      - "traefik.http.services.grafana-svc.loadbalancer.server.port=3000"
    networks:
      - default
    restart: always

  influxdb:
    container_name: influxdb
    image: influxdb:latest
    networks:
      - default

  homeassistant:
    container_name: homeassistant
    environment:
      - TZ=Europe/Paris
    image: homeassistant/raspberrypi4-homeassistant
    network_mode: host
    restart: always
    volumes:
      - /etc/opt/homeassistant:/config

d. My complete Caddyfile or JSON config:

No config so far

3. The problem I’m having:

I want to run some container on my host network.

adguardhome as I need the dhcp server because of my isp router not allowing dns server selection
(this link explains my problem as it’s the same with pie hole on docker Docker DHCP and Network Modes - Pi-hole documentation)
deconz as it need to communicate with home assistant
homeassistant as it needs the home network in order to have auto discovery working

I have some other containers which don’t need host network, the bridge would be enough

Could you help me getting a working caddy configuration with like homeassistant on network-mode: host, an other container on bridge and the both of them accessibles throw caddy?

Also I have an other problem regarding docker if any of you have any idea :
Running adguardhome in network_mode: host will make it grab the port 80 for itself and caddy will not be able to use it.

As it’s not possible to map ports when using host mode, I am running out of clues there…

I know I could just add caddy and all my containers to the host network but I would really like to have a clean configuration and to learn how to do things cleanly with caddy as I could use it at work.

Anyhow, I am hopping That my use case is not too specific and that some of the docker experts will have some ideas.

Thank you for the help!

4. Error messages and/or full log output:

No error as I don’t have a working config

5. What I already tried:

I tried solving my with traefik but I haven’t find anyone running a reverse proxy outside the host network and managing to communicate with the containers connected to the host network

6. Links to relevant resources:

francislavoie · July 9, 2020, 3:05am

Looks to me like AdGuardHome has ports config so you can change the default port for the HTTP server. I’d recommend switching it to something like 8080 if that doesn’t conflict with anything else on your host.

Caddy can proxy to a container that uses the host network if you use the IP address of the host machine. This is something that Docker makes harder than it should be, frankly. There’s plenty of answers relevant in this SO question here:

After doing that, you should be able to let Caddy take port 80 and 443 on the host using port mapping in your docker-compose file.

Bamboozilla · July 9, 2020, 8:00am

Well, last time I tried to remap the port 80 of the container, it was still grabbing the port 80 for itself.

I think the behavior is linked to the host network usage.

Could you show me a small example of caddy running in bridge mode and connecting to a container on host network?

francislavoie · July 9, 2020, 12:51pm

You misunderstood, I mean AdGuardHome itself has configuration options, unrelated to docker. Use that to change the port it tries to bind to. It doesn’t look like you even clicked on the links I posted.

There’s no such thing as bridge mode for Caddy. You just reverse_proxy to the host IP address.

system · August 8, 2020, 12:44am

This topic was automatically closed after 30 days. New replies are no longer allowed.