1. Output of caddy version
:
Unsure, I believe it’s a container running within the Vaultwarden docker image
2. How I run Caddy:
The Vaultwarden docker container runs caddy within the prebuilt docker image
a. System environment:
I’m using Synology and docker is installed on /volume2/docker directory
I created a vaultwarden with that three folders; vw-data, caddy-config, caddy-data
b. Command:
sudo docker-compose --project-name vaultwarden -f vaultwarden.yaml up -d
c. Service/unit/compose file:
version: '3'
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
networks:
vlan10-macvlan:
ipv4_address: 192.168.1.200
restart: always
environment:
WEBSOCKET_ENABLED: "true" # Enable WebSocket notifications.
volumes:
- '/volume2/docker/vaultwarden/vw-data:/data'
caddy:
image: caddy:2
container_name: caddy
restart: always
networks:
vlan10-macvlan:
ipv4_address: 192.168.1.201
ports:
- 80:80 # Needed for the ACME HTTP-01 challenge.
- 443:443
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- '/volume2/docker/vaultwarden/caddy-config:/config'
- '/volume2/docker/vaultwarden/caddy-data:/data'
environment:
SITE: "https://vw.site .com" # Your site.
EMAIL: "hostmaster@site .com" # The email address to use for ACME registration.
LOG_FILE: "/data/access.log"
networks:
vlan10-macvlan:
external: true
d. My complete Caddy config:
{$SITE}:443 {
log {
level INFO
output file {$LOG_FILE} {
roll_size 10MB
roll_keep 10
}
}
# Use the ACME HTTP-01 challenge to get a cert for the configured site.
tls {$EMAIL}
# This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues.
encode gzip
# Notifications redirected to the WebSocket server
reverse_proxy /notifications/hub vaultwarden:3012
# Proxy everything else to Rocket
reverse_proxy vaultwarden:80 {
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host}
}
}
3. The problem I’m having:
I have other docker containers running using macvlan docker network driver successfully. This allows each docker container to have a unique IP address on the LAN.
I’ve been trying to modify the default Vaultwarden docker compose to include the macvlan configuration.
I’m able to run the compose and both the Vaultwarden and Caddy containers successfully run. I am able to connect to 192.168.1.200 and see the vaultwarden http page, however I am unable to connect to 192.168.1.201 (caddy), and see the https version.
I have created a DNS entry that resolves A record (vw.site .com) to 192.1681.201, but it does not connect and I am not presented with a webpage.
4. Error messages and/or full log output:
Browser returns: ERR_SSL_PROTOCOL_ERROR
5. What I already tried:
I spend a long time modifying the docker compose file, and had many errors which are now resolved. I feel that I’m really close to getting this to working, but am unsure what I am missing…
6. Links to relevant resources:
This is the link to the Vaultwarden docker compose instructions. It doesn’t mention macvlan, as this is something which I feel is a little more advanced and not common.
Please note, I was unable to post this topic with the word"domain", so I replaced with the word “site”.