Fallback rule taking precedence over specific rules and how to avoid port definition

1. Caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I installed, and run Caddy:

I am using lucaslorentz / caddy-docker-proxy (GitHub - lucaslorentz/caddy-docker-proxy: Caddy as a reverse proxy for Docker)

a. System environment:

Ubuntu HOST using Docker swarm

b. Command:

docker swarm starts caddy

c. Service/unit/compose file:

  caddy:
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    ports:
      - 80:80
    networks:
      - app_network
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - caddy_data:/data
    deploy:
      placement:
        constraints:
          - node.role == manager
      replicas: 1
      restart_policy:
        condition: any

d. My complete Caddy config:


healthcheck.phppointofsale.com:80, http:// {
        reverse_proxy 10.0.1.32 10.0.1.33 {
		trusted_proxies private_ranges
	}
}

*.phppointofsale.com:80, *.phppos.com:80 {
        reverse_proxy 10.0.1.30 10.0.1.29 {
		trusted_proxies private_ranges
	}
}
*.phppointofsalestaging.com:80 {
	reverse_proxy 10.0.1.18 10.0.1.17 {
		trusted_proxies private_ranges
	}
}
custom.phppointofsale.com:80, custom.phppos.com:80 {
	reverse_proxy 10.0.1.25 10.0.1.24 {
		trusted_proxies private_ranges
	}
}
feedback.phppointofsale.com:80, feedback.phppos.com:80 {
	reverse_proxy 10.0.1.51 10.0.1.52 {
		trusted_proxies private_ranges
	}
}
help.phppointofsale.com:80, help.phppos.com:80 {
	reverse_proxy 10.0.1.39 10.0.1.40 {
		trusted_proxies private_ranges
	}
}
mysql.phppointofsale.com:80, mysql.phppos.com:80 {
	reverse_proxy 10.0.1.15 10.0.1.14 {
		trusted_proxies private_ranges
	}
}
www.phppointofsale.com:80, www.phppos.com:80, phppointofsale.com:80, phppos.com:80 {
	reverse_proxy 10.0.1.45 10.0.1.46 {
		trusted_proxies private_ranges
	}
}
www.phppointofsalestaging.com:80, phppointofsalestaging.com:80 {
	reverse_proxy 10.0.1.4 10.0.1.3 {
		trusted_proxies private_ranges
	}
}
zatca.phppointofsale.com:80, zatca.phppos.com:80 {
	reverse_proxy 10.0.1.57 10.0.1.54 {
		trusted_proxies private_ranges
	}
}

3. The problem I’m having:

  1. I am trying to make a default fall back if it doesn’t match any other sites. All traffic routes to healthcheck.phppointofsale.com no matter the domain.

  2. Is there a way to avoid putting :80? I have to do this because my server sites behind cloudflare and load balancer and load balancer is ssl terminated

I just want it to look clean with port. I know I can also do http://, but then I can’t do wildcards.

4. Error messages and/or full log output:

All traffic routes to healthcheck.phppointofsale.com

5. What I already tried:

  1. Removing healthcheck.phppointofsale.com. I believe it doesn’t like http://

If I remove entire healthcheck, http it routes to other sites well, but then I cannot have a default site

  1. Tried doing http:// for each site but doesn’t let me did wildcards

6. Links to relevant resources:

Prefix them all with http:// instead, if you want.

Caddy is HTTPS by default, by design. So if you want to only serve HTTP, you need to explicitly tell it to do so.

Yes you can. http://*.example.com works just fine.

You used http:// in that site block:

That is your fallback site.

If you want your fallback to be separate, then remove http:// from there and move it to its own site.

Wildcards did not work when I had http://*.phppointofsale.com

When I mean fallback I want all non matches to route to it

It definitely works.

http://*.example.com generates identical config to *.example.com:80.

How did you test it?

Understood. That’s what a site address of http:// will do. It’ll catch any request that isn’t otherwise matched by another host matcher.

I tested it live then reverted back

Well, I can guarantee it’s exactly the same.

You probably changed other things at the same time, breaking it inadvertently.

I will give it a try again Monday, but I am pretty sure I didn’t as I had to search a lot to find the:80 solution that worked with *. Domains

If you doubt it, run caddy adapt --config Caddyfile --pretty and compare before/after. You’ll see the JSON is the same with http:// versus with :80.

Could it have something to do with me running it with

?

I am viewing the file in config/caddy in docker image

No, it works the same way.

CDP just generates config from docker labels. It doesn’t fundamentally change how Caddy works.

I seemd to have found issue. The rule below takes priority over the wildcard rule

Below takes priority over the following rule

 production_healthcheck:
    logging:
      driver: "local"
    deploy:
      restart_policy:
        condition: any
      mode: global
      labels:
        caddy: "http://healthcheck.phppointofsale.com, http://"
        caddy.reverse_proxy.trusted_proxies: "private_ranges"
        caddy.reverse_proxy: "{{upstreams}}"
    image: phppointofsale/production-healthcheck
    build:
      context: "production_healthcheck"
    restart: always
    networks:
      - app_network
      - mail
  production_php_point_of_sale_app:
    logging:
      driver: "local"
    deploy:
      restart_policy:
        condition: any
      mode: global
      labels:
        caddy: "http://*.phppointofsale.com, http://*.phppos.com"
        caddy.reverse_proxy.trusted_proxies: "private_ranges"
        caddy.reverse_proxy: "{{upstreams}}"
    image: phppointofsale/production-app
    build:
      context: "production_php_point_of_sale_app"
    restart: always
    env_file:
      - production_php_point_of_sale_app/.env
      - .env
    networks:
      - app_network
      - mail

It does appear if I JUST make the rule http:// without healthcheck.phppointofsale.com it DOES work

Yes, that’s exactly what I was saying.

1 Like