1. The problem I’m having:
I’d like to use the ‘http.matchers.remote_host’ module within the ‘layer4’ module, but I’m unsure on how to.
The current Caddyfile I have works, but instead of relying on IP addresses, I’d like to use hostnames instead. I’m using docker containers, so it should be possible to resolve the container’s name to its IP address.
On the layer4 module’s README, it says:
“layer4.matchers.http - matches connections that start with HTTP requests. In addition, any http.matchers modules can be used for matching on HTTP-specific properties of requests, such as header or path. Note that only the first request of each connection can be used for matching.”
I’m aware it’s for HTTP, but is it possible to have something like “layer4.matchers.http.matchers.remote_host” so I could resolve a hostname? If so, could someone give an example doing so with my Caddyfile? If not, is there an alternative?
Also, I’d like to know how to log the ‘remote_ip’ and ‘server_name’ fields for all connections.
2. Error messages and/or full log output:
N/A
3. Caddy version:
v2.9.0-beta.3 h1:tlqfbJMRNY6vnWwaQrnWrgS+wkDXr9GIFUD/P+HY9vA=
4. How I installed and ran Caddy:
I built a caddy image with this Dockerfile:
FROM caddy:2.9-builder-alpine AS builder
RUN xcaddy build \
--with github.com/mholt/caddy-l4 \
--with github.com/muety/caddy-remote-host
FROM caddy:2.9-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
a. System environment:
Docker compose 1.29.2-3 in a rootless Debian LXC on Proxmox 8.3.0.
b. Command:
docker compose up -d
c. Service/unit/compose file:
caddy:
image: caddy-layer4:2.9-alpine
container_name: caddy
cap_add:
- NET_ADMIN
volumes:
- ./caddy/caddy/:/etc/caddy/
- ./caddy/site:/srv
- ./caddy/data:/data
- ./caddy/config/:/config
d. My complete Caddy config:
{
layer4 {
:443 {
@google tls sni google.com
route @google {
subroute {
@allowed remote_ip 172.16.0.5
route @allowed {
proxy google.com:443
}
}
}
}
}
}