camonne
(John Ginger)
August 29, 2021, 8:56pm
1
1. Caddy version (caddy version
):
v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=
2. How I run Caddy:
via docker compose
a. System environment:
ubuntu
c. Service/unit/compose file:
services:
caddy:
image: caddy:2
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./data/caddy/data:/data
- ./data/caddy/config:/config
- ./data/caddy/log:/var/log
3. The problem I’m having:
I want to secure my coturn server, it has to run in network mode host (too many ports to map from docker) so I don’t think I can proxy it directly from my caddy container (different networks). It has two options:
cert=/etc/letsencrypt/live/turn.example.org/fullchain.pem
pkey=/etc/letsencrypt/live/turn.example.org/privkey.pem
while caddy generates these files:
coturn.domain.crt
coturn.domain.json
coturn.domain.key
docker compose for coturn
coturn:
container_name: coturn
image: coturn/coturn
restart: unless-stopped
# ports:
## STUN/TURN
#- "3478:3478"
#- "3478:3478/udp"
#- "3479:3479"
#- "3479:3479/udp"
## STUN/TURN SSL
#- '5349:5349'
#- '5349:5349/udp'
#- '5350:5350'
#- '5350:5350/udp'
## Relay Ports
#- '64000-65535:64000-65535/udp'
network_mode: host
5. What I already tried:
I understand that since I can’t proxy the coturn server directly (unless someone knows how!) I’d need to use caddy only for renewing the certificates . I’m currently using a caddyfile so If I’m not wrong I can’t use this directly (not sure).
I’d also need to create them first so to recap:
create the certificates files
Convert them to pem if not already in that form
use caddy to keep them updated
??? profit.
Thanks anyone for their help
You can proxy to the host IP address.
If you’re using at least Docker v20.10.0 then you can add this to the Caddy docker-compose service to set up the hostname mapping:
extra_hosts:
- "host.docker.internal:host-gateway"
Then you can do reverse_proxy host.docker.internal:<port>
in your Caddyfile.
It’s historically been a different solution on Linux than on Windows/Mac, so that extra_hosts
line is necessary for Linux to have that hostname, since support for it was added in Merge pull request #40007 from arkodg/add-host-docker-internal · moby/moby@ca20bc4 · GitHub
opened 08:56AM - 31 Mar 18 UTC
closed 10:56PM - 09 Nov 21 UTC
<!--
This issue tracker is for *bug reports* and *feature requests*.
For quest… ions, and getting help on using docker:
- Docker documentation - https://docs.docker.com
- Docker Forums - https://forums.docker.com
- Docker community Slack - https://dockercommunity.slack.com/ (register here: http://dockr.ly/community)
- Post a question on StackOverflow, using the Docker tag
-->
* [ ] This is a bug report
* [x] This is a feature request
* [x] I searched existing issues before opening this one
<!--
DO NOT report security issues publicly! If you suspect you discovered
a security issue, send your report privately to security@docker.com.
-->
### Expected behavior
As in [docker-for-mac](https://docs.docker.com/docker-for-mac/release-notes/#stable-releases-of-2018) and docker-for-windows, inside a container, the DNS name `host.docker.internal` resolves to an IP address allowing network access to the host (roughly the output of `ip -4 route list match 0/0 | cut -d' ' -f3` inside the same container).
### Actual behavior
`host.docker.internal` resolves to nothing
### Steps to reproduce the behavior
Execute `docker run --rm alpine nslookup host.docker.internal`
See it returns `nslookup: can't resolve 'host.docker.internal': Name does not resolve`
<!--
Describe the exact steps to reproduce. If possible, provide a *minimum*
reproduction example; take into account that others do not have access
to your private images, source code, and environment.
REMOVE SENSITIVE DATA BEFORE POSTING (replace those parts with "REDACTED")
-->
**Output of `docker version`:**
```
Client:
Version: 18.03.0-ce
API version: 1.37
Go version: go1.9.4
Git commit: 0520e24
Built: Wed Mar 21 23:10:09 2018
OS/Arch: linux/amd64
Experimental: false
Orchestrator: swarm
Server:
Engine:
Version: 18.03.0-ce
API version: 1.37 (minimum version 1.12)
Go version: go1.9.4
Git commit: 0520e24
Built: Wed Mar 21 23:08:36 2018
OS/Arch: linux/amd64
Experimental: false
```
**Output of `docker info`:**
```
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 1
Server Version: 18.03.0-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: cfd04396dc68220d1cecbe686a6cc3aa5ce3667c
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.13.0-37-generic
Operating System: Ubuntu 17.10
OSType: linux
Architecture: x86_64
CPUs: 1
Total Memory: 1.947GiB
Name: rob-VirtualBox
ID: 3L2C:BTV3:TQO2:4SAG:XVW5:744G:MPWQ:62FK:56DP:KH3Z:EQ7Z:TBR5
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
```
**Additional environment details (AWS, VirtualBox, physical, etc.)**
Running Ubuntu in VirtualBox 5.2.8 on OS/X 10.13.4
1 Like
system
(system)
Closed
September 28, 2021, 8:56pm
3
This topic was automatically closed after 30 days. New replies are no longer allowed.