Hmm, so there would not be a way to instruct Caddy to ‘listen’ for the IP address of the server itself?
I know I could use network_mode: "host" to force the docker container to assume the IP address (and other network properties) of the host, but I’d prefer not to do so.
I did try to add the docker IP to the caddyfile:
{
debug
}
https://redacted.com https://172.19.0.12:8012 https://simon.local:8012 {
reverse_proxy home_assistant:8123
}
While this works, it does present a warning message: SSL_ERROR_BAD_CERT_DOMAIN on Firefox.
Understandable, because Firefox requested 192.168.1.25, but received a certificate for 172.19.0.12 instead.
This is okay for now, as connecting to the local IP is only a fallback for me. I would only need to use it if MDNS, and thus the .local domain name would not resolve for some reason.
The problem with listing the docker container’s IP address in the Caddyfile is that it could change. The IP address of the container stated in post 7 has since changed from 172.19.0.8 to 172.19.0.12, simply by restarting.
I was trying to resolve the IP randomness by something like setting an environment variable to the current docker container address somehow. While searching on google I ‘accidentally’ stumbled upon this thread:
It could provide a solution, but I’m scratching my head configuring it.
The problem is that I know where the request is coming from; a .com or .local domain, ór a random docker IP. How do I combine both known and unknown sites, while enforcing HTTPS everywhere?
What I’m currently using:
https://redacted.com {
reverse_proxy home_assistant:8123
}
:8012 {
tls internal {
on_demand
}
reverse_proxy home_assistant:8123
}
But this results in HTTP also working, something which I was trying to prevent with this new configuration.