Skip to content

Instantly share code, notes, and snippets.

@Ocramius Ocramius/Caddyfile
Last active Aug 11, 2019

Embed
What would you like to do?
Example docker + docker-compose + caddy + traefik setup that routes to multiple apps from one exposed HTTP port

Example docker-compose setup that routes to separate hosts while exposing one port

This example runs 4 different docker containers:

  • a traefik reverse proxy
  • 3 caddy instances (simple/modern web server with minimal config)

The 3 applications are completely isolated from the outside network, and are neither accessible nor can access the WAN.

The HTTP routing (and eventual SSL termination) is up to traefik or your reverse proxy of choice.

Running it

Careful: this CLI script will use sudo rights, please audit it before running it!

./run.sh
FROM abiosoft/caddy:0.11.0
ADD ./Caddyfile /etc/Caddyfile
ADD ./app1.html /serve/index.html
<title>app1</title>
FROM abiosoft/caddy:0.11.0
ADD ./Caddyfile /etc/Caddyfile
ADD ./app2.html /serve/index.html
<title>app2</title>
FROM abiosoft/caddy:0.11.0
ADD ./Caddyfile /etc/Caddyfile
ADD ./app3.html /serve/index.html
<title>app3</title>
:80 {
root /serve
}
version: '3.5'
services:
traefik:
image: traefik:1.7
command: --web --docker --docker.domain=app.test --logLevel=DEBUG
depends_on:
# our setup relies on the 3 apps running. Trying to spin up traefik will bring up those too
- "app1"
- "app2"
- "app3"
ports:
# access this with the correct Host header to access the respective container
- "80:80"
# management UI
- "8080:8080"
volumes:
# traefik does its magic by reading information about running containers from the docker socket
- /var/run/docker.sock:/var/run/docker.sock
- /dev/null:/traefik.toml
networks:
outside-world:
internal-network:
# app1, app2 and app3 are Caddy instances listening to port 80 and serving an index.html.
app1:
build:
context: .
dockerfile: app1-Dockerfile
networks:
internal-network:
# the aliases are not required, but are useful if the applications want to internally
# reference each other by host name
aliases:
- "app1.test"
labels:
- "traefik.port=80"
- "traefik.frontend.rule=Host:app1.test"
app2:
build:
context: .
dockerfile: app2-Dockerfile
networks:
internal-network:
aliases:
- "app2.test"
labels:
- "traefik.port=80"
- "traefik.frontend.rule=Host:app2.test"
app3:
build:
context: .
dockerfile: app3-Dockerfile
networks:
internal-network:
aliases:
- "app3.test"
labels:
- "traefik.port=80"
- "traefik.frontend.rule=Host:app3.test"
networks:
# everything that is *only* on "internal network" cannot talk to WAN
internal-network:
internal: true
# add this network to a container to make it talk to the rest of the world
outside-world:
#!/usr/bin/env bash
set -exuo pipefail
IFS=$'\n\t'
docker-compose up -d
echo "Will now ask for root access to add app1.test, app2.test and app3.test to /etc/hosts\n"
sudo bash -c 'echo "127.0.0.1 app1.test" >> /etc/hosts'
sudo bash -c 'echo "127.0.0.1 app2.test" >> /etc/hosts'
sudo bash -c 'echo "127.0.0.1 app3.test" >> /etc/hosts'
curl http://app1.test/
curl http://app2.test/
curl http://app3.test/
@robsonalves

This comment has been minimized.

Copy link

commented Jul 25, 2019

Did you passed by this error?

Failed to retrieve information of the docker client and server host: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.21/version: dial unix /var/run/docker.sock: connect: permission denied"

@Ocramius

This comment has been minimized.

Copy link
Owner Author

commented Jul 25, 2019

You get that if your user is not part of the docker group.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.