Docker-proxy-plugin - can not connect to api

suchwerk · February 10, 2021, 6:51pm

1. Caddy version (`caddy version`):

2.3.0

2. How I run Caddy:

i use a custom build like:

ARG CADDY_VERSION=2.3.0
FROM caddy:${CADDY_VERSION}-builder AS builder

RUN xcaddy build \
    --with github.com/lucaslorentz/caddy-docker-proxy/plugin/v2 \
    --with github.com/caddy-dns/hetzner \
    --with github.com/caddy-dns/cloudflare

FROM caddy:${CADDY_VERSION}-alpine

# for certutil
RUN apk add nss-tools

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

CMD ["caddy", "docker-proxy"]

The Caddyfile looks like that

{
  debug
  admin :2019 {
    origins *
  }
}

version: "3.7"

services:
  caddy_server:
    image: caddy-cluster:2.3.0
    ports:
      - 80:80
      - 443:443
      - 2019:2019
    networks:
      - caddy_controller
      - caddy-public
    environment:
      - CADDY_DOCKER_MODE=server
      - CADDY_CONTROLLER_NETWORK=10.200.200.0/24
    volumes:
      - /shared-fs/caddy/Caddyfile:/etc/caddy/Caddyfile
      - /shared-fs/caddy/static:/static
      - /shared-fs/caddy/caddy_data:/data
      - /shared-fs/caddy/caddy_config:/config
      - /etc/timezone:/etc/timezone:ro
    deploy:
      replicas: ${CADDY_REPLICAS:-3}
      labels:
        caddy_controlled_server:
      placement:
        constraints:
          - node.role == manager
        preferences:
          - spread: node.id
      resources:
        limits:
          cpus: "1.00"
          memory: 512M
        reservations:
          cpus: "0.50"
          memory: 256M

  caddy_controller:
    image: caddy-cluster:2.3.0
    ports:
      - 2020:2019
    networks:
      - caddy_controller
      - caddy-public
    environment:
      - CADDY_DOCKER_MODE=controller
      - CADDY_CONTROLLER_NETWORK=10.200.200.0/24
      - CADDY_DOCKER_CADDYFILE_PATH=/etc/caddy/Caddyfile
      - CADDY_DOCKER_PROCESS_CADDYFILE=true
    volumes:
      - /shared-fs/caddy/Caddyfile:/etc/caddy/Caddyfile
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/timezone:/etc/timezone:ro
    deploy:
      replicas: ${CADDY_REPLICAS:-3}
      placement:
        constraints:
          - node.role == manager
        preferences:
          - spread: node.id
      resources:
        limits:
          cpus: "1.00"
          memory: 512M
        reservations:
          cpus: "0.50"
          memory: 256M

networks:
  caddy-public:
    driver: overlay
    external: true
  caddy_controller:
    driver: overlay
    ipam:
      driver: default
      config:
        - subnet: "10.200.200.0/24"

3. The problem I’m having:

I am not able to connect to the api from any node of a docker swarm cluster.

4. Error messages and/or full log output:

on any node

curl localhost:2019/config/                                                                curl: (7) Failed to connect to localhost port 2019: Connection refused

5. What I already tried:

if i do a netstat on a caddy_server container i see that the port 2019 is bind to the container itself. I tried several addresses in the Caddyfile…

/srv # netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 2d82f37c046f:2019       0.0.0.0:*               LISTEN

6. Links to relevant resources:

francislavoie · February 10, 2021, 8:40pm

I don’t use swarm, so I’m not sure I could be of much help.

@lucaslorentz do you have an idea what’s going on?

suchwerk · February 10, 2021, 9:06pm

If i add a reverse proxy config like this (…202 is the server service ip),

      labels:
        caddy_controlled_server:
        caddy: "xxx"
        caddy.reverse_proxy: 10.200.200.202:2019

i can connect, but caddy answers with {"error":"host not allowed: xxx"}

suchwerk · February 11, 2021, 7:32pm

@SvenDowideit may be you can help me out?

system · March 12, 2021, 6:52pm

This topic was automatically closed after 30 days. New replies are no longer allowed.