selfhosted
/
selfhosted-apps-docker
mirror of https://github.com/DoTheEvo/selfhosted-apps-docker.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update

This commit is contained in:
DoTheEvolution 2020-05-25 23:49:04 +02:00
parent 50d6f849c3
commit d62ec9df09
1 changed files with 76 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
caddy_v2/readme.md
View File

@ -298,6 +298,9 @@ Worth having a look at the official documentation, especially these short pages
* [conventions](https://caddyserver.com/docs/conventions)
* [reverse_proxy](https://caddyserver.com/docs/caddyfile/directives/reverse_proxy)
Maybe checking out
[mozzila's - overview of HTTP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview)
would also not hurt, it is very well written.
### Routing traffic to other machines on the LAN
@ -366,6 +369,79 @@ With this setup, and assuming docker host at: `192.168.1.222`,
writing `192.168.1.222:55414` in to browser will go to to urbackup,
and `192.168.1.222:9090` gets to prometheus.
### Named matchers and IP filtering
Caddy has [matchers](https://caddyserver.com/docs/caddyfile/matchers)
which allow you to define how to deal with incoming
[requests](https://caddyserver.com/docs/caddyfile/matchers#standard-matchers).</br>
`reverse_proxy server-blue:80` is a matcher that matches all requests
and sends them somewhere.</br>
But if more control is desired path matchers and named matchers come to play.
What if you desire to block all traffic coming from the outside world,
but local network be allowed through?</br>
Well, the [remote_ip](https://caddyserver.com/docs/caddyfile/matchers#remote-ip)
matcher comes to play, which enables you to filter requests by their IP.</br>
Named matchers are defined by `@` and can be named whatever you like.
```
{
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
a.{$MY_DOMAIN} {
reverse_proxy whoami:80
}
b.{$MY_DOMAIN} {
reverse_proxy nginx:80
@fuck_off_world {
not remote_ip 192.168.1.0/24
}
respond @fuck_off_world 403
}
```
The `@fuck_off_world` matches all IPs except the local network IP range.</br>
Requests matching that rule get the response 403 - forbidden.
### Snippets
What if you need to have the same matcher in several site-blocks and
would prefer for config to look cleaner?
Here comes the [snippets](https://caddyserver.com/docs/caddyfile/concepts#snippets).</br>
Snippets are defined by parentheses, named whatever you like.</br>
They are used inside side-block by simple `import <snippet name>`
Now would be good time to look again at that concept picture above.
Here is above example of IP filtering matcher done using a snippet.
```
{
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
(LAN_only) {
@fuck_off_world {
not remote_ip 192.168.1.0/24
}
respond @fuck_off_world 403
}
a.{$MY_DOMAIN} {
reverse_proxy whoami:80
}
b.{$MY_DOMAIN} {
reverse_proxy nginx:80
import LAN_only
}
```
### Backend communication
Some containers might be set to communicate only through https 443 port.