Different Subdomains Accessible via Different Interfaces

scolby33 · January 26, 2022, 6:57am

1. Caddy version (`caddy version`):

$ caddy version
v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=

2. How I run Caddy:

a. System environment:

Debian 11, Podman, Docker Hub official image

b. Command:

caddy run --config /etc/caddy/Caddyfile --adapter caddyfile

c. Service/unit/compose file:

# /etc/systemd/system/container-caddy_ingress.service
# container-caddy_ingress.service
# autogenerated by Podman 3.4.4
# Sun Jan 16 14:59:38 UTC 2022

[Unit]
Description=Podman container-caddy_ingress.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers

[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --replace \
          --log-driver=journald \
          --name=caddy_ingress \
          --net=host \
          --volume=/containers/caddy_ingress/config:/config \
          --volume=/containers/caddy_ingress/data:/data \
          --volume=/containers/caddy_ingress/Caddyfile:/etc/caddy/Caddyfile:ro \
          docker.io/library/caddy@sha256:7da0f90273e1961d9c38d26809f84d4ef3cdc9b4fc330a9cab22015d7c9e8228
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all

[Install]
WantedBy=default.target

d. My complete Caddyfile or JSON config:

{
        admin off
        auto_https off
}

http://*.example.net {
        redir https://{host}{uri}
}

https://*.example.net {
        bind 172.16.0.1
        encode zstd gzip
        tls /config/chain.pem /config/key.pem

        @sub1 host sub1.example.net
        handle @sub1 {
                reverse_proxy 127.0.2.1:8080
        }

        @sub2 host sub2.example.net
        handle @sub2 {
                reverse_proxy 127.0.3.1:5000
        }

        handle {
                abort
        }
}

https://sub1.example.net {
        bind 172.16.1.1
        encode zstd gzip
        tls /config/chain.pem /config/key.pem

        reverse_proxy 127.0.2.1:8080
}

3. The problem I’m having:

I would like Caddy to bind to two addresses (interfaces): 172.16.0.1 and 172.16.1.1.
I would like any requests under *.example.net coming in on the first address to proceed through the handle directives shown in the first site block (if I understand correctly this will be based on the Host header)
I would like any requests coming in on the second address to only have access to the sub1.example.net, even if, for example, Host: sub2.example.net were set
I would like any HTTP requests coming in on either interface to be upgraded to HTTPS
I would like to use Caddyfile best practices and have the most reasonable and readable configuration file

4. Error messages and/or full log output:

N/A

5. What I already tried:

I have written the Caddyfile above, but I am not sure if I am doing things correctly or in the most efficient manner.

6. Links to relevant resources:

francislavoie · January 26, 2022, 7:29am

Your Caddyfile looks fine.

Are you having any specific issue with this?

scolby33 · January 29, 2022, 9:49pm

Thanks for the reply! I was not having a problem with this config, but with some other earlier attempts, I was able to access domains from other interfaces than I was intending and was looking for confirmation that I hadn’t missed anything here. It sounds like I haven’t! Thanks!

system · February 25, 2022, 6:58am

This topic was automatically closed after 30 days. New replies are no longer allowed.