Question on Admin API from a Docker Container

Hey guys. I have a platform where Caddy is running as a reverse proxy on Ubuntu but the app servers that it proxies to are on the same machine but running in a Docker container (Rails app deployed via dokku).

I want to be able to call the Caddy Admin API from the Rails app that lives in Docker but localhost:2019 will mean something different inside of Docker.

Does anyone have any ideas on how to call the Caddy Admin API from a Docker containers on the same computer?

Thank you for any tips etc.

–harris

This is one of the friction points with Docker, unfortunately.

You can set net=host on your Rails app, possibly, which would mean localhost actually would refer to the correct host.

You could also move Caddy into its own Docker container and refer to it by service name (for Docker’s internal DNS to resolve automatically).

If the host’s IP address is reliably static, you can refer to that, as well.

You can also change the admin listen address to 0.0.0.0:2019 and not make a host port mapping for 2019 so only other containers in the same network can talk to it.

I’ve also heard there’s a host.docker.internal name that Docker’s DNS will resolve to the host’s IP address in future, but I’m pretty sure that’s not live yet on Docker for Linux (I believe it works for Mac and Windows… which I can’t help feel is bass ackwards… But hey).

Guys… thank you for responding. I am going to try the 0.0.0.0:2019 idea which seems like the most direct solution given my very limited knowledge of Docker.

–harris

I tried updating my admin endpoint to be 0.0.0.0:2019 via JSON and now I can no longer update Caddy via the API (or even see the config via /config).

root@webase-test:/etc/caddy# curl http://localhost:2019/config
<a href="/config/">Moved Permanently</a>.

root@webase-test:/etc/caddy# curl http://0.0.0.0:2019/config
{"error":"host not allowed: 0.0.0.0:2019"}

Here is the JSON file I used to update caddy config that got me into this state:

  "admin": {
    "listen": "0.0.0.0:2020"
  },
  "apps": {
    "http": {
      "servers": {
        "webase": {
          "listen": [
            ":443"
          ],
          "routes": [
            {
              "match": [
                {
                  "host": [
                    "www.simplsites.com",
                    "www.simplpages.com"
                  ]
                }
              ],
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "handler": "reverse_proxy",
                          "headers": {
                            "request": {
                              "set": {
                                "Access-Control-Allow-Headers": [
                                  "Cache-Control,Content-Type"
                                ],
                                "X-Real-Ip": [
                                  "{http.request.remote.host}"
                                ]
                              }
                            }
                          },
                          "upstreams": [
                            {
                              "dial": "172.17.0.7:5000"
                            },
                            {
                              "dial": "172.17.0.8:5000"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              ],
              "terminal": true
            }
          ]
        }
      }
    }
  }
}```

You would probably benefit from this commit which is in 2.1 beta 1: admin: Disable host checking if wildcard interface is specified · caddyserver/caddy@f5ccb90 · GitHub

I need something! :smile: I completely wiped Caddy from the server and re-installed it. And with a fresh new copy of Caddy I still get:

<a href="/config/">Moved Permanently</a>.

When I try to hit the default admin URL: http://localhost:2019/config

Does Caddy update any configuration on a server that would persist outside of Caddy?

What is the best way to start using the 2.1 beta?

–harris

You can use the caddy:2.1.0-beta.1 label using Docker.

Actually I may be misreading GitHub’s UI:

I saw the bold tag and thought that was the tag that has this commit, but it was committed in April, before the v2 release. So… I dunno what to make of that. It should be working.

I’m actually facing the same issue.

I’m running a docker container just to explore how to add new sites using the API but I haven’t been able to make it work. So far I’ve tested the 2.0.0-alpine, 2.1.0-beta.1, and 2.1.0-beta.1-alpine images and seeing different behavior.

Note that I am running the container in port 8181 instead of port 80.

Running docker:

$ docker run -d -p 8181:80 \
    -p 2019:2019 \
    -v $PWD/Caddyfile:/etc/caddy/Caddyfile \
    -v caddy_data:/data \
    caddy:2.1.0-beta.1-alpine

The contents of the Caddyfile:

{
    debug
    admin 0.0.0.0:2019
}

localhost:2016 {
	respond "Goodbye 2016!"
}

curl output:

curl http://localhost:2019/config -v                                                        ~/Development/CADDY/test
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 2019 (#0)
> GET /config HTTP/1.1
> Host: localhost:2019
> User-Agent: curl/7.64.1
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Content-Type: text/html; charset=utf-8
< Location: /config/
< Date: Thu, 25 Jun 2020 05:27:46 GMT
< Content-Length: 43
< 
<a href="/config/">Moved Permanently</a>.

* Connection #0 to host localhost left intact
* Closing connection 0

If I curl http://localhost:8181:

*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8181 (#0)
> GET / HTTP/1.1
> Host: localhost:8181
> User-Agent: curl/7.64.1
> Accept: */*
> 
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://localhost:2016/
< Server: Caddy
< Date: Thu, 25 Jun 2020 05:30:30 GMT
< Content-Length: 0
< 
* Closing connection 0

Using the given Caddyfile with caddy:2.0.0-alpine I would get the following error message:

$ docker exec c62cd caddy reload --config /etc/caddy/Caddyfile --adapter caddyfile      ~/Development/CADDY/test
{"level":"info","ts":1593061662.197866,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
reload: sending configuration to instance: caddy responded with error: HTTP 403: {"error":"host not allowed: 0.0.0.0:2019"}

Oh, it looks like Caddy is redirecting you from /config to /config/. Just make a request for /config/ instead I guess, or use the -L curl flag to follow the redirect (-L for Location header)

Yeah, that seems to be what was going on. I had tried /config and /config/ but I guess with a different tag of Caddy.

This topic was automatically closed after 30 days. New replies are no longer allowed.