homeall / caddy-reverse-proxy-cloudflare Goto Github PK
View Code? Open in Web Editor NEWDocker image with Caddy server and Cloudflare plugin installed
License: Eclipse Public License 2.0
Docker image with Caddy server and Cloudflare plugin installed
License: Eclipse Public License 2.0
Hi there, I keep getting flooded with logs such as:
{"level":"info","ts":1682275271.4406505,"logger":"admin.api","msg":"received request","method":"GET","host":"127.0.0.1:2019","uri":"/config","remote_ip":"127.0.0.1","remote_port":"51052","headers":{"Accept":["*/*"],"User-Agent":["curl/8.0.1"]}}
is this normal? Is there a way to suppress these?
When CF encyrption mode is set to flexible, when a request hits CF and it's proxied there, then CF will send the request to the upstream unencrypted. The Caddy reverse proxy will then redir the request to port 443. So the HTTP response never makes it back to the CF server and it throws a "308 redirect too many times" error.
I found that I could use an API call to edit the Caddy config and change "listen" from ":443" to ":80", ":443" so that the reverse would no longer force the redirect. Unfortunately (1) as soon as something happens it rewrites the file and (2) this affects ALL sites on the proxy not just the one I want to modify.
I need a way to tell the proxy to stop doing the 80->443 redirect for this one site.
Is there already a way to do this?
I have disabled the proxy/https thing on Cloudflare because it's probably more important for me to have end-to-end encyrption than to have caching and IP hiding at Cloudflare?
I've noticed that in Docker Hub there are no tags for the Docker Images. It would be great to be able to pin a deployment to a specific version instead of using latest
.
Thanks in advance
Looking for an example of a docker compose file that shows which networks need to be defined. Or do you need to define any to use this container?
{"level":"error","ts":1644178009.2990136,"logger":"docker-proxy","msg":"Failed to get ingress networks","error":"Cannot find container id in cgroups: 0::/\n"}
{"level":"info","ts":1644178009.386654,"logger":"docker-proxy","msg":"Skipping default Caddyfile because no path is set"}
{"level":"info","ts":1644178014.2153318,"logger":"admin.api","msg":"received request","method":"GET","host":"127.0.0.1:2019","uri":"/config","remote_addr":"127.0.0.1:60384","headers":{"Accept":
If deploying in a swarm, what options would need to be configured?
I would like to use my own caddyfile directive without labels for services that live on another docker host that are not tied to an existing container where caddy is running. It does not appear to be getting picked up. What is the correct volume mapping?
Volumes:
- /share/docker/appdata/caddy/data/Caddyfile:/etc/caddy/Caddyfile
Greetings I'm using caddy reverse proxy for Plex remote access, everything works but I'm not getting a real client IP for remote clients. All traffic appears using the local caddy IP. I'm using Cloudflare for DNS without proxy to host the domain. As I understand it caddy should get the real IP from my remote clients by default without any additional configs. The host is a QNAP on IP 192.X.X.10, reverse_proxy is a bridge device network 172.X.X.0/24 which houses both caddy and plex container.
All my streams local or remote are showing the 172.x.x.3 IP. Any ideas on what to look at?
Network:
networks:
reverse_proxy:
external: true
Caddy service:
caddy:
image: homeall/caddy-reverse-proxy-cloudflare:latest
container_name: caddy
restart: always
networks:
reverse_proxy:
ipv4_address: 172.X.X.3
ports:
- 4480:80
- 4443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${APPDATA}/caddy/data/Caddyfile:/data/Caddyfile:rw
- ${APPDATA}/caddy/data:/data:rw
labels:
caddy.email: [email protected] #### needs for acme CERT registration account
Plex service:
plex:
container_name: plex
networks:
reverse_proxy:
ipv4_address: 172.X.X.6
ports:
- "32400:32400"
image: linuxserver/plex:latest
restart: always
environment:
- TZ=${TZ}
- PUID=${PUID}
- PGID=${PGID}
- PLEX_CLAIM=${PLEX_CLAIM}
devices:
- /dev/dri:/dev/dri
volumes:
- ${APPDATA}/plex:/config
- ${APPDATA}/plex/transcode:/transcode
- ${MEDIA}:/data/media
- ${EXT_MEDIA}:/external/data/media
labels:
caddy: plex.********.com
caddy.reverse_proxy: "{{upstreams 32400}}"
caddy.tls.dns: "cloudflare ${CF_API_TOKEN}"
caddy.tls.resolvers: "1.1.1.1"
Hi there, may I suggest including also the module github.com/mholt/caddy-dynamicdns?
By so doing, the IP address will be kept up-to-date.
This is how the module works:
{
dynamic_dns {
provider cloudflare {$CLOUDFLARE_API_TOKEN}
domains {
my-website.com
}
check_interval 5m
versions ipv6
}
}
This scheduled workflow is disabled because there hasn't been activity in this repository for at least 60 days.
But it can be enabled again to resume scheduled runs.
It is my understanding that the base caddy image includes bash for troubleshooting via curl commands. Can this be included in this image? It makes it very challenging to debug issues without this functionality.
docker exec -it <container> bash
docker exec -it caddy bash
OCI runtime exec failed: exec failed: unable to start container process: exec: "bash": executable file not found in $PATH: unknown
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.