1. Caddy version (caddy version
):
$ caddy version
v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=
2. How I run Caddy:
a. System environment:
Debian 11, Podman, Docker Hub official image
b. Command:
caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
c. Service/unit/compose file:
# /etc/systemd/system/container-caddy_ingress.service
# container-caddy_ingress.service
# autogenerated by Podman 3.4.4
# Sun Jan 16 14:59:38 UTC 2022
[Unit]
Description=Podman container-caddy_ingress.service
Documentation=man:podman-generate-systemd(1)
Wants=network-online.target
After=network-online.target
RequiresMountsFor=%t/containers
[Service]
Environment=PODMAN_SYSTEMD_UNIT=%n
Restart=on-failure
TimeoutStopSec=70
ExecStartPre=/bin/rm -f %t/%n.ctr-id
ExecStart=/usr/bin/podman run --cidfile=%t/%n.ctr-id --cgroups=no-conmon --rm --sdnotify=conmon -d --replace \
--log-driver=journald \
--name=caddy_ingress \
--net=host \
--volume=/containers/caddy_ingress/config:/config \
--volume=/containers/caddy_ingress/data:/data \
--volume=/containers/caddy_ingress/Caddyfile:/etc/caddy/Caddyfile:ro \
docker.io/library/caddy@sha256:7da0f90273e1961d9c38d26809f84d4ef3cdc9b4fc330a9cab22015d7c9e8228
ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id
ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id
Type=notify
NotifyAccess=all
[Install]
WantedBy=default.target
d. My complete Caddyfile or JSON config:
{
admin off
auto_https off
}
http://*.example.net {
redir https://{host}{uri}
}
https://*.example.net {
bind 172.16.0.1
encode zstd gzip
tls /config/chain.pem /config/key.pem
@sub1 host sub1.example.net
handle @sub1 {
reverse_proxy 127.0.2.1:8080
}
@sub2 host sub2.example.net
handle @sub2 {
reverse_proxy 127.0.3.1:5000
}
handle {
abort
}
}
https://sub1.example.net {
bind 172.16.1.1
encode zstd gzip
tls /config/chain.pem /config/key.pem
reverse_proxy 127.0.2.1:8080
}
3. The problem I’m having:
- I would like Caddy to bind to two addresses (interfaces): 172.16.0.1 and 172.16.1.1.
- I would like any requests under
*.example.net
coming in on the first address to proceed through thehandle
directives shown in the first site block (if I understand correctly this will be based on theHost
header) - I would like any requests coming in on the second address to only have access to the
sub1.example.net
, even if, for example,Host: sub2.example.net
were set - I would like any HTTP requests coming in on either interface to be upgraded to HTTPS
- I would like to use Caddyfile best practices and have the most reasonable and readable configuration file
4. Error messages and/or full log output:
N/A
5. What I already tried:
I have written the Caddyfile above, but I am not sure if I am doing things correctly or in the most efficient manner.