hcengineering
How to install with Caddy?
Hello, First of all, I'd like to say thanks for your app, it's truly the best I've seen lately🚀.
I saw that you have installation scripts using nginx and traeffik, but I already have Caddy installed and configured, so I would like to use it further.
I tried to install your app and configure the reverse proxy in the same way as all other applications that are running on my server, i.e I receive an external port from the app's container and set up something like this:
example.com {
reverse_proxy localhost:8087
}
I ran the application but on client got an error: Unknown Error: Failed to Fetch, in the developer console there was
GET http://localhost:3000/providers net::ERR_CONNECTION_REFUSED
I found a comment, that says that you need to set the environment variables correctly.
I tried to adapt the nginx configuration files for caddy using its directives like rewrite, handle_path and header, tried set variables,
but unfortunately I was never able to configure the application,
THEREFORE
if anyone was able to set up this with reverse proxy Caddy on a host please show how to do it ✍️👀
Commands for reproduce
presettings: install docker, check A-record from domain DNS
# install Huly
$ git clone https://github.com/hcengineering/huly-selfhost.git
$ cd huly-selfhost
$ ./setup.sh localhost
$ docker-compose up -d
# install and setup Caddy
$ apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
$ curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
$ curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
$ apt update
$ apt install caddy
$ read -p "domain: " domain && echo -e "$domain {\n\treverse_proxy localhost:8087\n}" | tee /etc/caddy/Caddyfile
$ systemctl restart caddy
open $domain and check DevTools
This is what I'm using. However be sure to update your ACCOUNTS_URL, ... env variables (everywhere where the services down below are listed)
YOUR_DOMAIN:80 {
reverse_proxy localhost:8087
handle_path /account* {
reverse_proxy localhost:3005
}
handle_path /transactor* {
reverse_proxy localhost:3333
}
handle_path /rekoni* {
reverse_proxy localhost:4004
}
# If you have the love container (livekit/office calls), use this too
#handle_path /_love* {
# reverse_proxy localhost:8096
#}
}
This is what I'm using.
@Pukimaa thanks for reply, can u show your docker-compose.yml file here in < details >< /details > block?
I just set mine up today.
version: "3"
services:
mongodb:
image: "mongo:7-jammy"
container_name: mongodb
environment:
- PUID=1000
- PGID=1000
volumes:
- db:/data/db
ports:
- 27017:27017
restart: unless-stopped
minio:
image: "minio/minio"
command: server /data --address ":9000" --console-address ":9001"
ports:
- 9000:9000
- 9001:9001
volumes:
- files:/data
restart: unless-stopped
elastic:
image: "elasticsearch:7.14.2"
command: |
/bin/sh -c "./bin/elasticsearch-plugin list | grep -q ingest-attachment || yes | ./bin/elasticsearch-plugin install --silent ingest-attachment;
/usr/local/bin/docker-entrypoint.sh eswrapper"
volumes:
- elastic:/usr/share/elasticsearch/data
ports:
- 9200:9200
environment:
- ELASTICSEARCH_PORT_NUMBER=9200
- BITNAMI_DEBUG=true
- discovery.type=single-node
- ES_JAVA_OPTS=-Xms1024m -Xmx1024m
- http.cors.enabled=true
- http.cors.allow-origin=http://localhost:8082
healthcheck:
interval: 20s
retries: 10
test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"'
restart: unless-stopped
account:
image: hardcoreeng/account:v0.6.333
ports:
- 3001:3001
environment:
- SERVER_PORT=3001
- SERVER_SECRET=NotMyActualSecretObviously
- DB_URL=mongodb://mongodb:27017
- TRANSACTOR_URL=ws://transactor:3333;wss://transact.huly.duti.dev
- STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
- FRONT_URL=http://front:8080
- MODEL_ENABLED=*
- ACCOUNTS_URL=https://accounts.huly.duti.dev
- ACCOUNT_PORT=3001
- DISABLE_SIGNUP=true
restart: unless-stopped
workspace:
image: hardcoreeng/workspace:v0.6.333
environment:
- SERVER_SECRET=NotMyActualSecretObviously
- DB_URL=mongodb://mongodb:27017
- MONGO_URL=mongodb://mongodb:27017
- TRANSACTOR_URL=ws://transactor:3333;wss://transact.huly.duti.dev
- STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
- MODEL_ENABLED=*
- ACCOUNTS_URL=http://account:3001
- NOTIFY_INBOX_ONLY=true
restart: unless-stopped
front:
image: hardcoreeng/front:v0.6.333
ports:
- 8087:8080
environment:
- SERVER_PORT=8080
- SERVER_SECRET=NotMyActualSecretObviously
- ACCOUNTS_URL=https://accounts.huly.duti.dev
- REKONI_URL=https://rekoni.huly.duti.dev
- CALENDAR_URL=https://calendar.huly.duti.dev
- GMAIL_URL=https://gmail.huly.duti.dev
- TELEGRAM_URL=https://telegram.huly.duti.dev
- UPLOAD_URL=/files
- ELASTIC_URL=http://elastic:9200
- COLLABORATOR_URL=wss://collab.huly.duti.dev
- STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
- MONGO_URL=mongodb://mongodb:27017
- TITLE=Huly Self Hosted
- DEFAULT_LANGUAGE=en
- LAST_NAME_FIRST=true
- DISABLE_SIGNUP=true
restart: unless-stopped
collaborator:
image: hardcoreeng/collaborator:v0.6.333
ports:
- 3078:3078
environment:
- COLLABORATOR_PORT=3078
- SECRET=secret
- ACCOUNTS_URL=http://account:3001
- MONGO_URL=mongodb://mongodb:27017
- STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
restart: unless-stopped
transactor:
image: hardcoreeng/transactor:v0.6.333
ports:
- 3333:3333
environment:
- SERVER_PORT=3333
- SERVER_SECRET=NotMyActualSecretObviously
- SERVER_CURSOR_MAXTIMEMS=30000
- ELASTIC_URL=http://elastic:9200
- ELASTIC_INDEX_NAME=huly_storage_index
- DB_URL=mongodb://mongodb:27017
- MONGO_URL=mongodb://mongodb:27017
- METRICS_CONSOLE=false
- METRICS_FILE=metrics.txt
- STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin
- REKONI_URL=http://rekoni:4004
- FRONT_URL=https://huly.duti.dev
- ACCOUNTS_URL=http://account:3001
- LAST_NAME_FIRST=true
restart: unless-stopped
rekoni:
image: hardcoreeng/rekoni-service:v0.6.333
ports:
- 4004:4004
environment:
- SECRET=NotMyActualSecretObviously
deploy:
resources:
limits:
memory: 500M
restart: unless-stopped
volumes:
db:
files:
elastic:
etcd:
huly.duti.dev {
log
reverse_proxy 100.64.0.6:8087
}
(hulyoptions) {
handle_path /* {
@options {
method OPTIONS
}
header @options {
Access-Control-Allow-Origin "https://huly.duti.dev"
Access-Control-Allow-Methods "*"
Access-Control-Allow-Headers "*"
Access-Control-Allow-Credentials "true"
}
respond @options 204
}
}
accounts.huly.duti.dev {
log
import hulyoptions
reverse_proxy 100.64.0.6:3001
}
transact.huly.duti.dev {
log
import hulyoptions
reverse_proxy 100.64.0.6:3333
}
rekoni.huly.duti.dev {
log
import hulyoptions
reverse_proxy 100.64.0.6:4004
}
calendar.huly.duti.dev {
log
import hulyoptions
reverse_proxy 100.64.0.6:8095
}
gmail.huly.duti.dev {
log
import hulyoptions
reverse_proxy 100.64.0.6:8088
}
telegram.huly.duti.dev {
log
import hulyoptions
reverse_proxy 100.64.0.6:8086
}
collab.huly.duti.dev {
log
import hulyoptions
reverse_proxy 100.64.0.6:3078
}
Works nicely for the most part (some bugs with documents though)
I just set mine up today.
@gptlang Thanks for reply. Your method looks a little strange. You need to create 7 new subdomains and forward 7 ports through the router. Is it safe? I think all microservices should be on localhost and proxied via the handle_path directive. Correct me if I'm wrong
I think all microservices should be on localhost
I have a weird setup where the machine running the containers is not directly exposed to the internet. I route them through headscale/tailscale to a tiny VPS to expose things.
Is it safe?
It is equivalent to routing them through a single handle_path. However with handle_path, you also need to change the URL environment variables to prefix them such that things don't conflict.
e.g.
- ACCOUNTS_URL=https://accounts.huly.duti.dev
would become
- ACCOUNTS_URL=https://huly.duti.dev/_accounts
I just set mine up today.
version: "3" services: mongodb: image: "mongo:7-jammy" container_name: mongodb environment: - PUID=1000 - PGID=1000 volumes: - db:/data/db ports: - 27017:27017 restart: unless-stopped minio: image: "minio/minio" command: server /data --address ":9000" --console-address ":9001" ports: - 9000:9000 - 9001:9001 volumes: - files:/data restart: unless-stopped elastic: image: "elasticsearch:7.14.2" command: | /bin/sh -c "./bin/elasticsearch-plugin list | grep -q ingest-attachment || yes | ./bin/elasticsearch-plugin install --silent ingest-attachment; /usr/local/bin/docker-entrypoint.sh eswrapper" volumes: - elastic:/usr/share/elasticsearch/data ports: - 9200:9200 environment: - ELASTICSEARCH_PORT_NUMBER=9200 - BITNAMI_DEBUG=true - discovery.type=single-node - ES_JAVA_OPTS=-Xms1024m -Xmx1024m - http.cors.enabled=true - http.cors.allow-origin=http://localhost:8082 healthcheck: interval: 20s retries: 10 test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"' restart: unless-stopped account: image: hardcoreeng/account:v0.6.333 ports: - 3001:3001 environment: - SERVER_PORT=3001 - SERVER_SECRET=NotMyActualSecretObviously - DB_URL=mongodb://mongodb:27017 - TRANSACTOR_URL=ws://transactor:3333;wss://transact.huly.duti.dev - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - FRONT_URL=http://front:8080 - MODEL_ENABLED=* - ACCOUNTS_URL=https://accounts.huly.duti.dev - ACCOUNT_PORT=3001 - DISABLE_SIGNUP=true restart: unless-stopped workspace: image: hardcoreeng/workspace:v0.6.333 environment: - SERVER_SECRET=NotMyActualSecretObviously - DB_URL=mongodb://mongodb:27017 - MONGO_URL=mongodb://mongodb:27017 - TRANSACTOR_URL=ws://transactor:3333;wss://transact.huly.duti.dev - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - MODEL_ENABLED=* - ACCOUNTS_URL=http://account:3001 - NOTIFY_INBOX_ONLY=true restart: unless-stopped front: image: hardcoreeng/front:v0.6.333 ports: - 8087:8080 environment: - SERVER_PORT=8080 - SERVER_SECRET=NotMyActualSecretObviously - ACCOUNTS_URL=https://accounts.huly.duti.dev - REKONI_URL=https://rekoni.huly.duti.dev - CALENDAR_URL=https://calendar.huly.duti.dev - GMAIL_URL=https://gmail.huly.duti.dev - TELEGRAM_URL=https://telegram.huly.duti.dev - UPLOAD_URL=/files - ELASTIC_URL=http://elastic:9200 - COLLABORATOR_URL=wss://collab.huly.duti.dev - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - MONGO_URL=mongodb://mongodb:27017 - TITLE=Huly Self Hosted - DEFAULT_LANGUAGE=en - LAST_NAME_FIRST=true - DISABLE_SIGNUP=true restart: unless-stopped collaborator: image: hardcoreeng/collaborator:v0.6.333 ports: - 3078:3078 environment: - COLLABORATOR_PORT=3078 - SECRET=secret - ACCOUNTS_URL=http://account:3001 - MONGO_URL=mongodb://mongodb:27017 - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin restart: unless-stopped transactor: image: hardcoreeng/transactor:v0.6.333 ports: - 3333:3333 environment: - SERVER_PORT=3333 - SERVER_SECRET=NotMyActualSecretObviously - SERVER_CURSOR_MAXTIMEMS=30000 - ELASTIC_URL=http://elastic:9200 - ELASTIC_INDEX_NAME=huly_storage_index - DB_URL=mongodb://mongodb:27017 - MONGO_URL=mongodb://mongodb:27017 - METRICS_CONSOLE=false - METRICS_FILE=metrics.txt - STORAGE_CONFIG=minio|minio?accessKey=minioadmin&secretKey=minioadmin - REKONI_URL=http://rekoni:4004 - FRONT_URL=https://huly.duti.dev - ACCOUNTS_URL=http://account:3001 - LAST_NAME_FIRST=true restart: unless-stopped rekoni: image: hardcoreeng/rekoni-service:v0.6.333 ports: - 4004:4004 environment: - SECRET=NotMyActualSecretObviously deploy: resources: limits: memory: 500M restart: unless-stopped volumes: db: files: elastic: etcd:huly.duti.dev { log reverse_proxy 100.64.0.6:8087 } (hulyoptions) { handle_path /* { @options { method OPTIONS } header @options { Access-Control-Allow-Origin "https://huly.duti.dev" Access-Control-Allow-Methods "*" Access-Control-Allow-Headers "*" Access-Control-Allow-Credentials "true" } respond @options 204 } } accounts.huly.duti.dev { log import hulyoptions reverse_proxy 100.64.0.6:3001 } transact.huly.duti.dev { log import hulyoptions reverse_proxy 100.64.0.6:3333 } rekoni.huly.duti.dev { log import hulyoptions reverse_proxy 100.64.0.6:4004 } calendar.huly.duti.dev { log import hulyoptions reverse_proxy 100.64.0.6:8095 } gmail.huly.duti.dev { log import hulyoptions reverse_proxy 100.64.0.6:8088 } telegram.huly.duti.dev { log import hulyoptions reverse_proxy 100.64.0.6:8086 } collab.huly.duti.dev { log import hulyoptions reverse_proxy 100.64.0.6:3078 }Works nicely for the most part (some bugs with documents though)
Do you still run this application? Are the bugs with documents still an issue? I am interested in spinning this up and I don't want to run nginx if possible as I already run caddy. But, I want to give huly the benefit of the doubt and not add unnecessary bugs.
