copyparty icon indicating copy to clipboard operation
copyparty copied to clipboard

Published 20 hours ago verified publisher icon 9001

Document reverse proxy with Caddy

Open clach04 opened this issue 1 year ago • 1 comments

Work in progress. Works fine for web browser with basic auth (I'm not yet comfortable running this without basic auth in place).

Problems with basic auth and android app https://github.com/9001/party-up/issues/3

docker-compose.yml

#
#       docker-compose up
#

version: '3.3'

# based on:
#       * https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-compose-on-ubuntu-20-04
#       * https://arjunphp.com/windows-server-docker-compose-caddy-server-reverse-proxy/
#       * https://github.com/lucaslorentz/caddy-docker-proxy - not actually used

services:
  # reverse proxy server
  # https://hub.docker.com/_/caddy
  caddy:
    image: caddy
    restart: unless-stopped
    hostname: caddy
    networks:
      - app_net
    volumes:
      - $PWD/Caddyfile:/etc/caddy/Caddyfile
      - $PWD/data:/data
    # NOTE only Caddy should be using ports, all others shuld use expose instead
    ports: 
      # NOTE 80 and 443 were needed to get cert. once had cert not needed - looks like http (80) was needed unclear about https (443)
      - "80:80"
      #- "443:443"
      - "2000:2000"


  #    mkdir -p /home/pi/data/copyparty/cfg /home/pi/data/copyparty/w
  #    chmod a+rwx /home/pi/data/copyparty/cfg /home/pi/data/copyparty/w
  copyparty:
    # TODO? -u 1000
    container_name: copyparty
    image: copyparty/min
    hostname: copyparty
    restart: unless-stopped
    expose: 
      - 3923
    networks:
      - app_net
    volumes:
      - "/home/pi/data/copyparty/cfg:/cfg"
      - "/home/pi/data/copyparty/w:/w"


networks: 
  app_net:
    external: false

Caddyfile

https://copyparty.YOUR.DOMAIN.HERE:2000 {
  # basicauth works fine for web browsers with CopyParty
  # it fails with Party-Up Android sharing app :-(
  # not figured out passwords scheme properly yet to want to remove this
  basicauth /* {
        username hashed_password
  }
  reverse_proxy copyparty:3923
}

/home/pi/data/copyparty/cfg/config.conf

Disable https, so that reverse proxy certificate is used

[global]
http-only

clach04 avatar Jun 09 '23 03:06 clach04

Interesting using a reverse proxy to add a basic auth step... I don't think this would cause any issues or anything, just not something I'd thought about :-)

And yes, this is the best way to get "proper" https, since reverse proxies such as caddy and nginx continuously put effort into having the right cipher suites and all. Copyparty just relies on the python defaults, which are probably not terrible, but likely not the best either ;-)

Your setup looks good at a glance, looking forward to testing it out later tonight.

9001 avatar Jun 09 '23 06:06 9001