Comment

Comment on Having trouble with my caddy congif for my lemmy instance

Xanza@lemm.ee ⁨1⁩ ⁨week⁩ ago

The biggest issue I have with Caddy and running ancillary services as some services attempt to utilize port 80 and/or 443 (and may not be configurable), which of course isn’t possible because Caddy monopolizes those ports. The best solution to this I’ve found is to migrate Caddy and my services to docker containers and adding them all to the same “caddy” network.

With your caddy instance still monopolizing port 80 and 443, you can use the Docker expose or port parameters to allow your containers to utilize port 80 and/or 443 from within the container, but proxify it on the host network. This is what my caddy config looks like;

{
        admin 127.0.0.1:2019
        email {email}
        acme_dns cloudflare {token}
}
domain.dev, domain.one {
        encode zstd gzip
        redir https://google.com/
}
*.domain.dev, *.domain.one {
        encode zstd gzip
        @book host bk.domain.dev bk.domain.one
        handle @book {
                reverse_proxy linkding:9090
        }
        @git host git.domain.dev git.domain.one
        handle @git {
                reverse_proxy rgit:8000
        }
        @jelly host jelly.domain.dev jelly.domain.one
        handle @jelly {
                reverse_proxy {ip}:8096
        }
        @status host status.domain.dev status.domain.one
        handle @status {
                reverse_proxy status:3000
        }
        @wg host wg.domain.dev wg.domain.one
        handle @wg {
                reverse_proxy wg:51820
        }
        @ping host ping.domain.dev ping.domain.one
        handle @ping {
                respond "pong!"
        }
}

It works very well.

source

Sort:hotnew top

azron@lemmy.ml ⁨1⁩ ⁨week⁩ ago
How are you doing your certs with this set up?

source
- Xanza@lemm.ee ⁨1⁩ ⁨week⁩ ago
  Caddy manages everything, including certs for both domains. So I guess my answer would be, you don’t.
  
  source
InnerScientist@lemmy.world ⁨1⁩ ⁨week⁩ ago
You can use caddy-l4 to redirect some traffic before (or after) tls and to different ports and hosts depending on FQDN.

Though that is still experimental.

source
- Xanza@lemm.ee ⁨1⁩ ⁨week⁩ ago
  Well that’s dope… Didn’t know that was a thing.
  
  source
enemenemu@lemm.ee ⁨1⁩ ⁨week⁩ ago
Caddy does not need 80 and 443. I’ve changed them to unprivileged ports like 8000 and 8443.

Besides, op doesn’t mention having problems with ports

source
- Xanza@lemm.ee ⁨1⁩ ⁨week⁩ ago
  
  Caddy does not need 80 and 443.
  
  By default and all measurable expectation it does. Unless you can’t use privileged HTTP/HTTPS ports, there’s no real reason to use unprivileged ports.
  
  Besides, op doesn’t mention having problems with ports
  
  OP said he was having issues, and this is a common issue I’ve had. Since he was non-descript as to what the issues were, it’s really not stupid to mention it.
  
  source