caddy-docker-proxy
caddy-docker-proxy copied to clipboard
lucaslorentz
Expose caddy admin 2019
I'm using a random domain that I want to get configured locally with https: *.local.co. I have been using http for everything, but I see that I can use locally signed certificates for it, and that seems nice with Chrome and other browsers that usually redirect to https unless the address is specifically written with http://.
To get this working so far I have this in my docker containers:
labels:
caddy: "myserver.local.co"
caddy.reverse_proxy: "192.168.1.3:8096"
caddy.tls: "internal"
or
docker run -d ...
-l 'caddy'='speedtest.local.co'
-l 'caddy.reverse_proxy'='{{upstreams 80}}'
-l 'caddy.tls'='internal'
...
This works nicely. I do get https connections, but at this moment it's with a banner of chrome that this is an unsafe HTTPS connection.
I found that you can add the local authority certificate to the local trust store with the caddy commandline tool
caddy trust --address <my-server>:2019
However, when exec-ing into the container, and running curl -L localhost:2019/config, I can see that it's only exposed to tcp/localhost:2019 and not to tcp/<my-server>:2019.
This is supposed to be set with CADDY_ADMIN env var, but when set, this doesn't apply to the config settings.
What can we do here?
You can pipe through connections to the admin endpoint using a reverse_proxy localhost:2019. For example, you could add these labels:
caddy: ":2020"
caddy.reverse_proxy: "localhost:2019"
Then you can expose the :2020 port and call that. It's a hack, so keep in mind you should set up protections to avoid untrusted access on whatever port you end up re-exposing it on. Also keep in mind that you should not push any config changes otherwise you'll cause contention with the config CDP is generating (you should only have read-only access).
