1. The problem I’m having:
I’m trying to get a Docker container of Caddy to listen on 8080 and 8443 (or anything other than 80/443) and reverse-proxy to other containers on the same host. But I think I’ve hit limit of my understanding/competence.
2. Error messages and/or full log output:
First question is more of a Docker one, I’ve been playing around with doing some Docker-based self-hosting of various apps. But keep hitting walls. No problem, I’m learning lots along the way. So I’ve two questions that I hope someone can help me with to progress my journey.
Nowhere in any guide or documentation can I see it described what the “ports” section in a Docker compose file is. For example:
ports:
- "80:80"
- "443:443"
Does that mean it’ll listen on 80 and 443 and forward on the same ones to the app in the container? So if I change it to
ports:
- "8080:80"
- "8443:443"
it’ll be listening on 8080 and 8443 and forward to 80 and 443 in the container?
Which leads me to my second question, which is to ask for ideas on how to provision an environment for Docker containers to be reverse-proxied behind Caddy and externally available, preferably with LetsEncrypt (their staging issuer first so I can not hit rate limits) or ZeroSSL or another ACME issuer certs (because who doesn’t like messing around with certs). I’m not averse to piping everything through Cloudflare. But, and this seems to be a biggy, everything needs to be externally available on ports other than 80 and 443. That’s a fixed requirement for six months before I can switch to those ports. I understand that may cause some issues with cert issuance, so self-signed may also be OK.
I have a static public IPv4 and my host is in my DMZ so I can do whatever port forwarding etc might be needed.
I’ve learned a lot around Docker and Caddy and happy with messing with configs but can’t seem to work out a fully working setup. And thank heavens for snapshots lol.
So I think my stack should look like below. Is that a good approach? Any good guides I can step by step through to achieve my oddly-ported deployment? I won’t be needing it to be load-balancing ready - it’s going to be just me accessing stuff like Etherpad and DrawIO.
Internet
My router
Proxmox
Ubuntu 22
Docker (separate network for proxied apps? or kiss?)
Caddy listening on 8080 and 8443
Containered apps served over SSL
3. Caddy version:
Happy to run any version that will meet my need
4. How I installed and ran Caddy:
Any official method that people recommend.
a. System environment:
Docker latest on Ubuntu 22 on Proxmox latest