Docker Proxy + wildcard subdomains

Nojwe · January 1, 2024, 1:38pm

1. The problem I’m having:

I have built an image with Caddy Docker Proxy and DuckDNS, and it works as expected. However, I’d like to use a wildcard for my subdomains so I don’t need a unique certificate for each - I’ve hit some LE rate limits when deploying stacks.

I’m not sure how to do this with Docker Proxy though.

2. Error messages and/or full log output:

N/A

3. Caddy version:

2.7.5

4. How I installed and ran Caddy:

a. System environment:

Debian Bookworm, AMD64, Docker Compose

b. Command:

docker compose up -d

c. Service/unit/compose file:

Caddy Compose:

version: '3.8'

configs:
  caddy-basic-content:
    file: ./Caddyfile
    labels:
      caddy:

services:
  caddy:
    build:
      context: .
      dockerfile: Dockerfile
    restart: unless-stopped
    environment:
      - TZ=America/New_York
      - MY_DOMAIN=batcave89.duckdns.org
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - /mnt/docker/caddy/Caddyfile:/etc/caddy/Caddyfile
      - caddy:/data
      - caddy:/config
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - swarmoverlay

volumes:
  caddy:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.12.100,nfsvers=4"
      device: ":/volume3/docker/caddy"

networks:
  swarmoverlay:
    external: true

Example service:

version: '3.8'
services:
  homepage:
    image: ghcr.io/gethomepage/homepage:latest
    ports:
      - 3003:3000
    volumes:
      - homepage:/app/config
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - swarmoverlay
    deploy:
      labels:
        caddy: home.batcave89.duckdns.org
        caddy.reverse_proxy: "{{upstreams 3000}}"

volumes:
  homepage:
    driver_opts:
      type: "nfs"
      o: "addr=192.168.12.100,nfsvers=4"
      device: ":/volume3/docker/homepage"

networks:
  swarmoverlay:
    external: true

d. My complete Caddy config:

The above compose files result in this Caddyfile being generated:

{
        acme_dns duckdns mySuperSecretToken
        email mySuperSecretEmail@gmail.com
}
home.batcave89.duckdns.org {
        reverse_proxy 172.12.12.232:3000
}

However, I would like to generate a Caddyfile along the lines of this:


*.batcave89.duckdns.org {
	tls {
		dns duckdns mySuperSecretToken
	}

	@home host home.batcave89.duckdns.org
	handle @home {
		reverse_proxy 172.12.12.232:3000
	}
}

The issue as I see it is figuring how how to insert the individual domains and handle block into the *.domain brackets. I’m not sure if it’s possible.

5. Links to relevant resources:

Whitestrake · January 2, 2024, 3:40am

It’s not very difficult. You just need to remember that each dotted element in a label essentially creates a bracketed section - so, for single lines with a bunch of Caddyfile tokens, put them in the label contents, rather than making more dotted elements.

Everything at a certain level of nesting gets coalesced, so all of these will collapse into the one set of *.domain brackets by default.

Try something like:

      labels:
        caddy: "*.batcave89.duckdns.org"
        caddy.tls.dns: "duckdns mySuperSecretToken"
        caddy.@home: "host home.batcave89.duckdns.org"
        caddy.handle: "@home"
        caddy.handle.reverse_proxy: "{{upstreams 3000}}"

system · February 1, 2024, 3:41am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.