shivanshs9/caddyl4.Dockerfile

## caddyl4.Dockerfile
# syntax=docker/dockerfile:1
FROM golang:1.21-alpine AS builder

RUN apk add --no-cache git ca-certificates
RUN go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
RUN xcaddy build --with github.com/mholt/caddy-l4 --output /usr/bin/caddy && chmod +x /usr/bin/caddy

FROM alpine:3.15
RUN apk add --no-cache ca-certificates mailcap
RUN apk add bash

RUN mkdir -p \
    /config/caddy \
    /data/caddy \
    /etc/caddy \
    /usr/share/caddy

# - https://github.com/docker-library/golang/blob/1eb096131592bcbc90aa3b97471811c798a93573/1.14/alpine3.12/Dockerfile#L9
RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf # See https://caddyserver.com/docs/conventions#file-locations for details
ENV XDG_CONFIG_HOME /config
ENV XDG_DATA_HOME /data
EXPOSE 80
EXPOSE 443
EXPOSE 2019

COPY --from=builder /usr/bin/caddy /usr/bin/caddy
WORKDIR /srv
CMD ["caddy", "run", "--config", "config.json"]

## config.json
{
  "logging": {
    "sink": {
      "writer": {
        "output": "stdout"
      }
    },
    "logs": {
      "": {
        "writer": {
          "output": "stdout"
        },
        "level": "debug"
      }
    }
  },
  "apps": {
    "layer4": {
      "servers": {
        "kube": {
          "listen": [
            ":443"
          ],
          "routes": [
            {
              "match": [
                {
                  "tls": {}
                }
              ],
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "match": [
                        {
                          "tls": {
                            "sni": [
                              "7FDBADFC784E055F3162CA96B20C44F4.gr7.ap-south-1.eks.amazonaws.com"
                            ]
                          }
                        }
                      ],
                      "handle": [
                        {
                          "handler": "proxy",
                          "upstreams": [
                            {
                              "dial": [
                                "7FDBADFC784E055F3162CA96B20C44F4.gr7.ap-south-1.eks.amazonaws.com:443"
                              ]
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              ]
            }
          ]
        }
      }
    }
  }
}

## docker-compose.yaml
# Blog: https://medium.com/@panda1100/how-to-setup-layer-4-reverse-proxy-to-multiplex-tls-traffic-with-sni-routing-a226c8168826

version: "3.4"
services:
  caddy:
    image: caddy-proxy:1
    container_name: caddy
    restart: unless-stopped
    network_mode: host # Wants ports 80 and 443!
    volumes:
      - ${PWD}/config.json:/srv/config.json
      - ${PWD}/certs/:/srv/certs/
      # - $PWD/site:/srv # you could also serve a static site in site folder
      - caddy_data:/data
      - caddy_conf:/config
volumes:
  caddy_data: {}
  caddy_conf: {}
	# syntax=docker/dockerfile:1
	FROM golang:1.21-alpine AS builder

	RUN apk add --no-cache git ca-certificates
	RUN go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest
	RUN xcaddy build --with github.com/mholt/caddy-l4 --output /usr/bin/caddy && chmod +x /usr/bin/caddy

	FROM alpine:3.15
	RUN apk add --no-cache ca-certificates mailcap
	RUN apk add bash

	RUN mkdir -p \
	/config/caddy \
	/data/caddy \
	/etc/caddy \
	/usr/share/caddy

	# - https://github.com/docker-library/golang/blob/1eb096131592bcbc90aa3b97471811c798a93573/1.14/alpine3.12/Dockerfile#L9
	RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf # See https://caddyserver.com/docs/conventions#file-locations for details
	ENV XDG_CONFIG_HOME /config
	ENV XDG_DATA_HOME /data
	EXPOSE 80
	EXPOSE 443
	EXPOSE 2019

	COPY --from=builder /usr/bin/caddy /usr/bin/caddy
	WORKDIR /srv
	CMD ["caddy", "run", "--config", "config.json"]
	{
	"logging": {
	"sink": {
	"writer": {
	"output": "stdout"
	}
	},
	"logs": {
	"": {
	"writer": {
	"output": "stdout"
	},
	"level": "debug"
	}
	}
	},
	"apps": {
	"layer4": {
	"servers": {
	"kube": {
	"listen": [
	":443"
	],
	"routes": [
	{
	"match": [
	{
	"tls": {}
	}
	],
	"handle": [
	{
	"handler": "subroute",
	"routes": [
	{
	"match": [
	{
	"tls": {
	"sni": [
	"7FDBADFC784E055F3162CA96B20C44F4.gr7.ap-south-1.eks.amazonaws.com"
	]
	}
	}
	],
	"handle": [
	{
	"handler": "proxy",
	"upstreams": [
	{
	"dial": [
	"7FDBADFC784E055F3162CA96B20C44F4.gr7.ap-south-1.eks.amazonaws.com:443"
	]
	}
	]
	}
	]
	}
	]
	}
	]
	}
	]
	}
	}
	}
	}
	}
	# Blog: https://medium.com/@panda1100/how-to-setup-layer-4-reverse-proxy-to-multiplex-tls-traffic-with-sni-routing-a226c8168826

	version: "3.4"
	services:
	caddy:
	image: caddy-proxy:1
	container_name: caddy
	restart: unless-stopped
	network_mode: host # Wants ports 80 and 443!
	volumes:
	- ${PWD}/config.json:/srv/config.json
	- ${PWD}/certs/:/srv/certs/
	# - $PWD/site:/srv # you could also serve a static site in site folder
	- caddy_data:/data
	- caddy_conf:/config
	volumes:
	caddy_data: {}
	caddy_conf: {}