1. The problem I’m having:
What are you trying to do? Use vouch-proxy to authenticate with azure active directory. Vouch requires a path to the tls fullchain.pem
and privkey.pem
files
What isn’t working? I can’t figure out the filepath for the tls certs after caddy aquires them. From reading the forum, I’ve gather it should be in the data/caddy/certificates/acme-v02.api.letsencrypt.org/sites/{domain}/
folder. But I don’t know what the file names are and if they change after each cert renewal.
2. Error messages and/or full log output:
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.4240146,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1689833783.4342937,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1689833783.4421346,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1689833783.4451523,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00035f880"}
{"level":"info","ts":1689833783.447647,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1689833783.4476907,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1689833783.452004,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1689833783.4524798,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1689833783.452803,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
{"level":"info","ts":1689833783.4925442,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1689833783.4926584,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1689833783.4926705,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["prometheusweb-dev.centralus.azurecontainer.io"]}
{"level":"info","ts":1689833783.7282891,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1689833783.755422,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1689833783.7554777,"msg":"serving initial configuration"}
3. Caddy version:
2.6.4
4. How I installed and ran Caddy:
a. System environment:
Docker via Azure Container Instance via Pulumi
https://hub.docker.com/_/caddy
image:caddy
b. Command:
pulumi up # this deploys and runs the caddy docker container
c. Service/unit/compose file:
pulumi
"""An Azure RM Python Pulumi program"""
from pathlib import Path
from base64 import b64encode
from secrets import token_urlsafe
from pulumi import Output, Config, ResourceOptions
from pulumi_azure_native import storage
from pulumi_azure_native.storage import StorageAccount, FileShare
from pulumi_azure_native.containerinstance import ContainerGroup, VolumeMountArgs, ContainerArgs
from pulumi_azure_native.resources import ResourceGroup
config = Config()
location = config.require("location")
env = config.require("env")
lowered_env = env.lower()
resource_group_config = config.require_object("resourceGroup")
vouch_config = config.require_object("vouch")
subdomain = f"web-{lowered_env}"
container_base = "centralus.azurecontainer.io"
domain = f"{subdomain}.{container_base}"
resource_group = ResourceGroup(
f"app{env}",
opts=ResourceOptions(protect=True),
location=location,
resource_group_name=resource_group_config["name"],
tags=resource_group_config["tags"],
)
storage_account = StorageAccount(
f"pulumiStorage{env}",
minimum_tls_version="TLS1_2",
account_name=f"pulumistorageacct{lowered_env}",
allow_blob_public_access=False,
resource_group_name=resource_group.name,
sku=storage.SkuArgs(name=storage.SkuName.STANDARD_LRS),
kind=storage.Kind.STORAGE_V2,
)
def create_file_share(name, quota=1, protect=False):
return FileShare(
f"{name}-fileshare-{lowered_env}",
opts=ResourceOptions(protect=protect),
account_name=storage_account.name,
resource_group_name=resource_group.name,
share_quota=quota
)
caddy_config_fileshare = create_file_share("caddy-config")
caddy_data_fileshare = create_file_share("caddy-data", protect=True)
vouch_secret_fileshare = create_file_share("vouch-secret")
primary_storage_account_key = Output.secret(
Output.all(resource_group.name, storage_account.name).apply(
lambda args: storage.list_storage_account_keys(
resource_group_name=args[0], account_name=args[1]
)
).apply(lambda keys: keys.keys[0].value)
)
def get_file_share_config(name, read_only=False):
return {
"share_name": name,
"storage_account_name": storage_account.name,
"read_only": read_only,
"storage_account_key": primary_storage_account_key
}
# https://hub.docker.com/_/caddy
# https://learn.microsoft.com/en-us/azure/container-instances/container-instances-container-group-automatic-ssl
caddy_container = ContainerArgs(
name=f"caddy-{lowered_env}",
image="caddy",
resources={"requests": {"memory_in_gb": .5, "cpu": .5}},
ports=[{"port": 80}, {"port": 443}],
volume_mounts=[
VolumeMountArgs(mount_path="/config", name="caddy-config", read_only=False),
VolumeMountArgs(mount_path="/data", name="caddy-data", read_only=False),
VolumeMountArgs(mount_path="/etc/caddy", name="caddyfile", read_only=False),
],
# command=["/bin/bash", "-c", f"caddy reverse-proxy --from {domain} --to :8080"]
)
# https://hub.docker.com/_/nginx
nginx_container = ContainerArgs(
name=f"nginx-{lowered_env}",
image="nginx",
resources={"requests": {"memory_in_gb": 1, "cpu": 1}},
ports=[{"port": 8080}],
volume_mounts=[
VolumeMountArgs(mount_path="/etc/nginx/templates", name="nginx-templates", read_only=False),
],
environment_variables=[
{"name": "NGINX_HOST", "value": domain},
]
)
# https://github.com/vouch/vouch-proxy#running-from-docker
vouch_container = ContainerArgs(
name=f"vouch-{lowered_env}",
image="quay.io/vouch/vouch-proxy:latest",
resources={"requests": {"memory_in_gb": 1, "cpu": 1}},
ports=[{"port": 9091}],
volume_mounts=[
VolumeMountArgs(mount_path="/config/secret", name="vouch-secret", read_only=False),
VolumeMountArgs(mount_path="/data", name="caddy-data", read_only=False),
],
environment_variables=[
{"name": "OAUTH_PROVIDER", "value": "azure"},
{"name": "OAUTH_CLIENT_ID", "value": vouch_config["clientID"]},
{"name": "OAUTH_CLIENT_SECRET", "value": vouch_config["clientSecret"]},
{"name": "OAUTH_CALLBACK_URL", "value": f"https://{domain}/oauth2/auth"},
{"name": "OAUTH_AUTH_URL", "value": "https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/authorize".format(**vouch_config)},
{"name": "OAUTH_TOKEN_URL", "value": "https://login.microsoftonline.com/{tenantID}/oauth2/v2.0/token".format(**vouch_config)},
{"name": "OAUTH_USER_INFO_URL", "value": "https://graph.microsoft.com/oidc/userinfo"},
{"name": "OAUTH_SCOPES", "value": "openid profile email"},
{"name": "VOUCH_SESSION_KEY", "value": token_urlsafe(128)},
{"name": "VOUCH_JWT_SECRET", "value": token_urlsafe(128)},
{"name": "VOUCH_LOGLEVEL", "value": "debug"},
{"name": "VOUCH_DOCUMENT_ROOT", "value": "/oauth2"},
{"name": "VOUCH_TLS_PROFILE", "value": "intermediate"},
{"name": "VOUCH_PORT", "value": "9091"},
{"name": "VOUCH_ALLOWALLUSERS", "value": True},
{"name": "VOUCH_COOKIE_DOMAIN", "value": domain},
{"name": "VOUCH_TLS_CERT", "value": f"/data/caddy/certificates/acme-v02.api.letsencrypt.org/sites/{domain}/fullchain.pem"},
{"name": "VOUCH_TLS_KEY", "value": f"/data/caddy/certificates/acme-v02.api.letsencrypt.org/sites/{domain}/privkey.pem"},
]
)
def get_container_volume(name, fileshare=None, secret=None):
volume = {"name": name}
if secret:
volume["secret"] = {}
path = Path(secret)
with path.open("rb") as f:
volume["secret"][path.name] = b64encode(f.read()).decode("ascii")
elif fileshare:
volume["azure_file"] = get_file_share_config(fileshare.name)
else:
raise ValueError("Must provide either fileshare or secret")
return volume
caddyfile_text = f"""{domain} {{
reverse_proxy http://localhost:8080
header Strict-Transport-Security max-age=31536000;
}}"""
container_volumes = [
get_container_volume("caddy-config", caddy_config_fileshare),
get_container_volume("caddy-data", caddy_data_fileshare),
get_container_volume("caddyfile", secret_text=caddyfile_text, file_name="Caddyfile"),
get_container_volume("nginx-templates", secret="../configs/nginx/templates/default.conf.template"),
get_container_volume("vouch-secret", vouch_secret_fileshare),
]
container_group = ContainerGroup(
f"containerGroup{env}",
containers=[
caddy_container,
nginx_container,
vouch_container,
],
ip_address={
"ports": [{"port": 80}, {"port": 443}],
"type": "Public",
"dns_name_label": subdomain,
"auto_generated_domain_name_label_scope": "TenantReuse"
},
os_type="Linux",
resource_group_name=resource_group.name,
container_group_name=f"container-group-{lowered_env}",
location=resource_group.location,
restart_policy="OnFailure",
volumes=container_volumes,
)
d. My complete Caddy config:
prometheusweb-dev.centralus.azurecontainer.io {
reverse_proxy http://localhost:8080
header Strict-Transport-Security max-age=31536000;
}
5. Links to relevant resources:
VOUCH_TLS_CERT
and VOUCH_TLS_KEY