I am trying to reverse proxy my domain to a local web service running on port 445. Going to localhost:445 shows the web page perfectly. When I try to run caddy, however, it gives me the error: Error response from daemon: driver failed programming external connectivity on endpoint caddy (625bb7f45e11cfc1f7c36f7946c175669dd065b0708c16ff145699cb3db00c5f): Bind for 0.0.0.0:445 failed: port is already allocated. Caddy is running in docker (compose) and ports 443, 80 and 445 are mapped to the host. How do I fix this? I think it may be to do with the docker-compose.yml file, because it may be attempting to give write permissions to caddy when it only wants to read.
2. Error messages and/or full log output:
Error: Error response from daemon: driver failed programming external connectivity on endpoint caddy (625bb7f45e11cfc1f7c36f7946c175669dd065b0708c16ff145699cb3db00c5f): Bind for 0.0.0.0:445 failed: port is already allocated
The error says the port 445 is used by another process (container in Docker or process on the host). My guess is you have to remove this line, but you should know who’s using what and the consequences of removing it.
Don’t use :445 without host. It’s bad default. Specify the address. If it’s on the host, use host.docker.internal. If it’s in another container, make them part of the same Docker network and use the service name.
You can’t do this. A local web service listening on 445 and Caddy trying to listen on 445 are going to conflict. You need to pick one. If someone connects to your host on port 445, the operating system can’t just toss a coin to decide which process the traffic goes to.
Generally the common usage we see is that Caddy is given 80 and 443 (the default ports, in order to not have to specify them in your browser) and other services have the non-default ports that Caddy reverse-proxies to.
Then what is the purpose of reverse proxies if they cannot forward traffic to another port? Is there not a way for caddy to listen to a port instead of bind to it?
Just to clarify, I think @whitestrake misspoke when he said Caddy is trying to bind to 445. That said, he’s correct in that you’re trying to use port 445 which is already used by another process. I gave you the solution already.
When you tell Docker to expose port 445 in the docker-compose file, you’re asking Docker to ask the operating system to reserve the port for Docker. You shouldn’t ask Docker to expose port 445. Such configuration is needed to allow services inside Docker to be accessible from outside Docker. If the filebrowser process is running on the host outside Docker, your reverse_proxy line should be:
reverse_proxy host.docker.internal:445
Again, check your expose ports for what needs to be exposed or not. However, know that port 445 isn’t used by Caddy inside Docker. It’s only calling out to it.
With this configuration, Docker is trying to map 445 on the host into the Caddy container, which is a misconfiguration if the upstream is also binding 445 on the host for Filebrowser.
To “bind” to a port means to listen to that port. Only one thing can listen on a port on an interface at a time.
You want to have Caddy on the default ports, and have the connection to 445 happen in the background, away from the client.
You connect to Caddy on 443. Caddy connects to the upstream on 445 on your behalf.