Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document reverse proxy with Caddy #38

Open
clach04 opened this issue Jun 9, 2023 · 1 comment
Open

Document reverse proxy with Caddy #38

clach04 opened this issue Jun 9, 2023 · 1 comment
Assignees
@9001
Labels
enhancement New feature or request

Comments

@clach04
Copy link
Contributor

clach04 commented Jun 9, 2023
edited
Loading

Work in progress. Works fine for web browser with basic auth (I'm not yet comfortable running this without basic auth in place).

Problems with basic auth and android app 9001/party-up#3

docker-compose.yml

#
#       docker-compose up
#

version: '3.3'

# based on:
#       * https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-compose-on-ubuntu-20-04
#       * https://arjunphp.com/windows-server-docker-compose-caddy-server-reverse-proxy/
#       * https://github.com/lucaslorentz/caddy-docker-proxy - not actually used

services:
  # reverse proxy server
  # https://hub.docker.com/_/caddy
  caddy:
    image: caddy
    restart: unless-stopped
    hostname: caddy
    networks:
      - app_net
    volumes:
      - $PWD/Caddyfile:/etc/caddy/Caddyfile
      - $PWD/data:/data
    # NOTE only Caddy should be using ports, all others shuld use expose instead
    ports: 
      # NOTE 80 and 443 were needed to get cert. once had cert not needed - looks like http (80) was needed unclear about https (443)
      - "80:80"
      #- "443:443"
      - "2000:2000"


  #    mkdir -p /home/pi/data/copyparty/cfg /home/pi/data/copyparty/w
  #    chmod a+rwx /home/pi/data/copyparty/cfg /home/pi/data/copyparty/w
  copyparty:
    # TODO? -u 1000
    container_name: copyparty
    image: copyparty/min
    hostname: copyparty
    restart: unless-stopped
    expose: 
      - 3923
    networks:
      - app_net
    volumes:
      - "/home/pi/data/copyparty/cfg:/cfg"
      - "/home/pi/data/copyparty/w:/w"


networks: 
  app_net:
    external: false

Caddyfile

https://copyparty.YOUR.DOMAIN.HERE:2000 {
  # basicauth works fine for web browsers with CopyParty
  # it fails with Party-Up Android sharing app :-(
  # not figured out passwords scheme properly yet to want to remove this
  basicauth /* {
        username hashed_password
  }
  reverse_proxy copyparty:3923
}

/home/pi/data/copyparty/cfg/config.conf

Disable https, so that reverse proxy certificate is used

[global]
http-only
@clach04 clach04 added the enhancement New feature or request label Jun 9, 2023
@clach04 clach04 mentioned this issue Jun 9, 2023
Open
@9001
Copy link
Owner

9001 commented Jun 9, 2023

Interesting using a reverse proxy to add a basic auth step... I don't think this would cause any issues or anything, just not something I'd thought about :-)

And yes, this is the best way to get "proper" https, since reverse proxies such as caddy and nginx continuously put effort into having the right cipher suites and all. Copyparty just relies on the python defaults, which are probably not terrible, but likely not the best either ;-)

Your setup looks good at a glance, looking forward to testing it out later tonight.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@9001 9001

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@9001 @clach04