Uncategorized

Fast and free HTTPS supported sites with Caddy (web)server with proxy to docker container HowTo

Hi again, starting from now my posts will be in English.

Today I am going to show you how you can setup an https site in 1 2 3 (just a PoC, not PROD ready) with Caddy server, which is a HTTP/2 web server with automatic HTTPS (via Let’s Encrypt)

Things to remember for this set up to work.

  • The website address must be open to the world, at least when the SSL certificate is created and renewed. The Let’s Encrypt “service” has to be able to verify that you in fact “own” the site you are requesting the certificate for. In order to do so it will look for a file on your site (which is automatically created). It can look something like this:

    http://your.site/.well-known/acme-challenge/FLpDGg0BAhKE_M5tdBb6SVERnDtKAv9PTkUw5YY5bm

Requirements (what I used)

  • Centos7 (Linux server/desktop) with root privileges (sudo)
  • Public IP (dynDNS might work)
  • Docker-compose (install instructions)
  • Docker (<= v1.13.0) (install instructions)
  • Git
  • Vim (text editor)
  • A docker container service, I going to use hackmd.

 

Okay lets start.

Install utilities

yum install git vim -y

Install docker

sudo yum remove docker docker-common docker-selinux docker-engine
sudo yum install -y yum-utils device-mapper-persistent-data lvm2
sudo yum-config-manager –add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install docker-ce
systemctl enable docker
systemctl start docker

Install docker-compose

sudo curl -L https://github.com/docker/compose/releases/download/1.19.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose –version

Get Caddy server

Go to https://caddyserver.com/download
Here you can set your own parameters if you like, I just took some plugins which I thought could be practical to use.

wget -O caddy.tar.gz https://caddyserver.com/download/linux/amd64?plugins=http.authz,http.cache,http.forwardproxy,http.git,http.ipfilter,http.proxyprotocol&license=
tar -xzvf caddy.tar.gz

Get docker-hackmd and run it as a daemon

git clone https://github.com/hackmdio/docker-hackmd.git
cd docker-hackmd/
docker-compose up -d

Check docker container (service) listen port

netstat -nlt

 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address Foreign Address State
 tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
 tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
 tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
 tcp6 0 0 :::111 :::* LISTEN
 tcp6 0 0 :::22 :::* LISTEN
 tcp6 0 0 :::3000 :::* LISTEN <-- here it is, use it in the Caddy file
 tcp6 0 0 ::1:25 :::* LISTEN

Create Caddy file

vim hackmd

your.domain.name
log ./access.log
proxy / localhost:3000

Run Caddy

ulimit -n 8192
./caddy -validate hackmd
./caddy -agree -conf hackmd -email caddy@test

Test the site

Go to your site url and try it out 😉
You can check the quality of your fresh new, awesome,  HTTPS website here: https://www.ssllabs.com/ssltest/index.html
I got A+ score

 

Dose it work?

 

Useful Links

https://caddyserver.com/

https://caddyserver.com/docs/automatic-https

https://caddyserver.com/tutorial/caddyfile

https://github.com/caddyserver/examples

https://github.com/hackmdio/hackmd/#hackmd-by-docker-container

https://docs.docker.com/install/linux/docker-ce/centos/#install-docker-ce

https://docs.docker.com/compose/install/#install-compose

One thought on “Fast and free HTTPS supported sites with Caddy (web)server with proxy to docker container HowTo

Leave a Reply