copyparty
copyparty copied to clipboard
Document reverse proxy with Caddy
Work in progress. Works fine for web browser with basic auth (I'm not yet comfortable running this without basic auth in place).
Problems with basic auth and android app https://github.com/9001/party-up/issues/3
docker-compose.yml
#
# docker-compose up
#
version: '3.3'
# based on:
# * https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-compose-on-ubuntu-20-04
# * https://arjunphp.com/windows-server-docker-compose-caddy-server-reverse-proxy/
# * https://github.com/lucaslorentz/caddy-docker-proxy - not actually used
services:
# reverse proxy server
# https://hub.docker.com/_/caddy
caddy:
image: caddy
restart: unless-stopped
hostname: caddy
networks:
- app_net
volumes:
- $PWD/Caddyfile:/etc/caddy/Caddyfile
- $PWD/data:/data
# NOTE only Caddy should be using ports, all others shuld use expose instead
ports:
# NOTE 80 and 443 were needed to get cert. once had cert not needed - looks like http (80) was needed unclear about https (443)
- "80:80"
#- "443:443"
- "2000:2000"
# mkdir -p /home/pi/data/copyparty/cfg /home/pi/data/copyparty/w
# chmod a+rwx /home/pi/data/copyparty/cfg /home/pi/data/copyparty/w
copyparty:
# TODO? -u 1000
container_name: copyparty
image: copyparty/min
hostname: copyparty
restart: unless-stopped
expose:
- 3923
networks:
- app_net
volumes:
- "/home/pi/data/copyparty/cfg:/cfg"
- "/home/pi/data/copyparty/w:/w"
networks:
app_net:
external: false
Caddyfile
https://copyparty.YOUR.DOMAIN.HERE:2000 {
# basicauth works fine for web browsers with CopyParty
# it fails with Party-Up Android sharing app :-(
# not figured out passwords scheme properly yet to want to remove this
basicauth /* {
username hashed_password
}
reverse_proxy copyparty:3923
}
/home/pi/data/copyparty/cfg/config.conf
Disable https, so that reverse proxy certificate is used
[global]
http-only
Interesting using a reverse proxy to add a basic auth step... I don't think this would cause any issues or anything, just not something I'd thought about :-)
And yes, this is the best way to get "proper" https, since reverse proxies such as caddy and nginx continuously put effort into having the right cipher suites and all. Copyparty just relies on the python defaults, which are probably not terrible, but likely not the best either ;-)
Your setup looks good at a glance, looking forward to testing it out later tonight.