Local proxy address works on all devices except host

1. Caddy version (caddy version):

2.4

2. How I run Caddy:

Caddy-Docker-Proxy

a. System environment:

Manjaro Gnome clean install with docker compose

b. Command:

docker-compose up -d

c. Service/unit/compose file:

version: "2.4"
services:
  portainer:
    container_name: portainer
    image: portainer/portainer-ce
    restart: always
    networks: 
      - web-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - $DOCKERDIR/portainer/data:/data
    ports:
      - 9000:9000
    labels:
      caddy: http://docker.o
      caddy.reverse_proxy: "{{upstreams 9000}}"
  caddy:
    container_name: web-proxy
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    restart: always
    networks: 
      - web-proxy
    environment:
      - CADDY_INGRESS_NETWORKS=web-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - $DOCKERDIR/caddy/caddy_data:/data
      - $DOCKERDIR/caddy/config:/config
    labels:
      caddy.email: $EMAIL
      #caddy.log.output: file /data/access.log
    ports:
      - 443:443
      - 80:80
  adguard:
    container_name: adguard
    image: adguard/adguardhome
    restart: always
    network_mode: host
    volumes:
       - $DOCKERDIR/adguardhome/work:/opt/adguardhome/work
       - $DOCKERDIR/adguardhome//conf:/opt/adguardhome/conf
    labels:
      caddy: http://adguard.o
      caddy.reverse_proxy: "{{upstreams 3000}}"

3. The problem I’m having:

I use AdGuard Home as my LAN’s DNS provider. In my router, the only DNS provider is the IP address of my server (192.168.88.2 that runs Docker Compose.

In AdGuard Home, I have also set a few DNS rewrites such as: 192.168.88.2 docker.o

Now I can access Portainer via http://docker.o because Caddy-Docker-Proxy is Proxying the docker.o to the Portainer container. Fantastic! No need for me to type IP addresses and portnumbers :slight_smile:

However this only works on other devices such as my laptop or my phone.
Problem: on my server itself, http://docker.o gives a page not found. On the server I can still access Portainer via localhost:9000 and 192.168.88.2:9000 but not via http://docker.o.

I often use my server as my desktop workstation and like to use the domain, just like I use it on my phone, laptop when I am at home.
Is there a way for me to configure caddy-docker-proxy in such a way that the local domain will also work on the server itself?

4. Error messages and/or full log output:

No errors.

5. What I already tried:

I made sure this is not related to the browser that I use.

curl http://docker.o 
curl: (6) Could not resolve host: docker.o

Again, it is no issue on other devices within my LAN (or even if I VPN into my LAN, the domain works).

EDIT:
adding 192.168.88.2 docker.o to my /etc/hosts file on my server DOES allow me to access Portainer via that url on my server. However, I would like to manage everything with Caddy and not mess with system files. I will likely forget I ever modified that file.

EDIT 2:
Caddy-Docker-Proxy gives an error about AdGuard, it cannot proxy adguard.o because that container is not in the same docker network. Correct, my Compose file shows AdGuard is using network_mode: host. This is necessary for AdGuard to function properly (without forcing me to create multiple macvlans).
Is there a way for Caddy-Docker-Proxy to proxy local stuff that is not in its network? It doesn’t even need to know anything about the AdGuard container.

You’d have to put the labels on the caddy container itself, and use the docker host address.

You can add this to the caddy container in your docker-compose file:

    extra_hosts:
      - "host.docker.internal:host-gateway"

This will make host.docker.internal resolve to the IP address of the docker host, then you can do caddy.reverse_proxy: host.docker.internal:3000 I guess

That’s more of a networking question than a Caddy question :man_shrugging:

1 Like

Got it working like this, proxying 2 containers that run in host network mode:

version: "2.4"
services:
  caddy:
    container_name: web-proxy
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    restart: always
    networks: 
      - web-proxy
    environment:
      - CADDY_INGRESS_NETWORKS=web-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - $DOCKERDIR/caddy/caddy_data:/data
      - $DOCKERDIR/caddy/config:/config
    extra_hosts:
      - host.docker.internal:host-gateway
    ports:
      - 443:443
      - 80:80
    labels:
      caddy.email: $EMAIL
      caddy_0: http://adguard.o
      caddy_0.reverse_proxy: host.docker.internal:3000
      caddy_1: http://vpn.o
      caddy_1.reverse_proxy: host.docker.internal:5000
  adguard:
    container_name: adguard
    image: adguard/adguardhome
    restart: always
    network_mode: host
    volumes:
       - $DOCKERDIR/adguardhome/work:/opt/adguardhome/work
       - $DOCKERDIR/adguardhome//conf:/opt/adguardhome/conf
  VPN-portal:
    container_name: vpn-portal
    image: ngoduykhanh/wireguard-ui:latest
    restart: always
    cap_add:
      - NET_ADMIN
    network_mode: host
    environment:
      SMTP_HOSTNAME: $SMTP
      SMTP_PORT: $SMTPPORT
      SMTP_USERNAME: $SMTPUSER
      SMTP_PASSWORD: $SMTPPASS
      SMTP_AUTH_TYPE: LOGIN
      EMAIL_FROM_ADDRESS: $RECIPIENT
      EMAIL_FROM_NAME: $SMTPUSER
      SESSION_SECRET: $VPNSECRET
    logging:
      driver: json-file
      options:
        max-size: 15m
    volumes:
      - $DOCKERDIR/vpn-portal/db:/app/db
      - /etc/wireguard:/etc/wireguard  
1 Like