Kaynağa Gözat
Added an example of fronting the playbook's integrated Traefik reverse-proxy with the existing Caddy container (not the `apt-get` or `yum` installed Caddy). Helpful for folks who have an existing server with a Caddy container already serving multiple applications.
pull/3514/head
w.z
1 yıl önce
4 değiştirilmiş dosya ile 175 ekleme ve 0 silme
Görünümü Böl
Diff Seçenekleri
-
+90 -0docs/configuring-playbook-own-webserver-caddy.md
-
+43 -0examples/reverse-proxies/caddy2-in-container/Caddyfile
-
+20 -0examples/reverse-proxies/caddy2-in-container/README.md
-
+22 -0examples/reverse-proxies/caddy2-in-container/docker-compose.yaml
+ 90
- 0
docs/configuring-playbook-own-webserver-caddy.md
Dosyayı Görüntüle
| @@ -0,0 +1,90 @@ | |||
| # Using existing Caddy webserver | |||
| If you have a server with a Caddy container already serving several applications. And you want to install Matrix on it, but you don't want to break the existing traffic routing (so that the existing applications keep running smoothly). Then this guide is for you. | |||
| ## Step 1: Config the playbook-managed-traefik | |||
| Use configuration like this (as seen in `examples/vars.yml`): | |||
| ```yaml | |||
| ##################################### Using your own webserver ############################################### | |||
| matrix_playbook_reverse_proxy_type: playbook-managed-traefik | |||
| devture_traefik_config_entrypoint_web_secure_enabled: false | |||
| devture_traefik_container_web_host_bind_port: '127.0.0.1:81' | |||
| devture_traefik_config_entrypoint_web_forwardedHeaders_insecure: true | |||
| matrix_playbook_public_matrix_federation_api_traefik_entrypoint_host_bind_port: '127.0.0.1:8449' | |||
| ``` | |||
| ## Step 2: Config caddy container to cooperate with the playbook-managed-traefik container | |||
| Firstly, modify the `docker-compose.yaml` file of caddy's. | |||
| ```yaml | |||
| version: "3.9" | |||
| services: | |||
| caddy: | |||
| image: caddy:2.5.1-alpine | |||
| networks: | |||
| # add this, so that caddy can talk to the playbook-managed-traefik | |||
| - traefik | |||
| ports: | |||
| - "80:80" | |||
| - "443:443" | |||
| - "8448:8448" | |||
| volumes: | |||
| - ./Caddyfile:/etc/caddy/Caddyfile | |||
| # - ./site:/var/www | |||
| # other configurations ... | |||
| networks: | |||
| # add this as well | |||
| traefik: | |||
| name: traefik | |||
| external: true | |||
| ``` | |||
| Then config Caddy webserver container to proxy relevant traffic to the playbook-managed-traefik. | |||
| Copy the content in `examples/reverse-proxies/caddy2/Caddyfile`, replace localhost and 127.0.0.1 with the relevant docker service name. | |||
| ``` | |||
| matrix.example.tld, element.example.tld, etherpadexample.tld, jitsi.example.tld, ntfy.example.tld { | |||
| handle { | |||
| encode zstd gzip | |||
| # reverse_proxy localhost:81 { | |||
| reverse_proxy matrix-traefik:8080 { # <- Use the service name here. | |||
| header_up X-Forwarded-Port {http.request.port} | |||
| # Other configuration ... | |||
| } | |||
| } | |||
| } | |||
| # matrix.example.tld:8448 { | |||
| https://matrix.example.tld:8448 { # <- Enforce https protocol | |||
| handle { | |||
| encode zstd gzip | |||
| # reverse_proxy 127.0.0.1:8449 { | |||
| reverse_proxy matrix-traefik:8448 { # <- Use the service name here. | |||
| header_up X-Forwarded-Port {http.request.port} | |||
| # Other configurations ... | |||
| } | |||
| } | |||
| } | |||
| # Other configurations ... | |||
| ``` | |||
+ 43
- 0
examples/reverse-proxies/caddy2-in-container/Caddyfile
Dosyayı Görüntüle
| @@ -0,0 +1,43 @@ | |||
| matrix.example.tld { | |||
| handle { | |||
| encode zstd gzip | |||
| # Use the docker service name instead of localhost or 127.0.0.1 here | |||
| matrix-traefik:8080 { | |||
| header_up X-Forwarded-Port {http.request.port} | |||
| header_up X-Forwarded-TlsProto {tls_protocol} | |||
| header_up X-Forwarded-TlsCipher {tls_cipher} | |||
| header_up X-Forwarded-HttpsProto {proto} | |||
| } | |||
| } | |||
| } | |||
| # Put `https://` at the beginning to enforce https protocol as 8448 is not the default https port (which is 443) | |||
| https://matrix.example.tld:8448 { | |||
| handle { | |||
| encode zstd gzip | |||
| # Use the docker service name instead of localhost or 127.0.0.1 here | |||
| reverse_proxy matrix-traefik:8448 { | |||
| header_up X-Forwarded-Port {http.request.port} | |||
| header_up X-Forwarded-TlsProto {tls_protocol} | |||
| header_up X-Forwarded-TlsCipher {tls_cipher} | |||
| header_up X-Forwarded-HttpsProto {proto} | |||
| } | |||
| } | |||
| } | |||
| example.tld { | |||
| # Uncomment this if you are following "(Option 3): Setting up reverse-proxying of the well-known files from the base domain's server to the Matrix server" of https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/docs/configuring-well-known.md#option-3-setting-up-reverse-proxying-of-the-well-known-files-from-the-base-domains-server-to-the-matrix-server | |||
| @wellknown { | |||
| path /.well-known/matrix/* | |||
| } | |||
| handle @wellknown { | |||
| reverse_proxy https://matrix.example.tld { | |||
| header_up Host {http.reverse_proxy.upstream.hostport} | |||
| } | |||
| } | |||
| } | |||
+ 20
- 0
examples/reverse-proxies/caddy2-in-container/README.md
Dosyayı Görüntüle
| @@ -0,0 +1,20 @@ | |||
| # Caddy reverse-proxy fronting the playbook's integrated Traefik reverse-proxy | |||
| This directory contains a sample config that shows you how to front the integrated [Traefik](https://traefik.io/) reverse-proxy webserver with your own container-ed [Caddy](https://caddyserver.com/) reverse-proxy. If you have a server with a Caddy container already serving several applications. And you want to install Matrix on it, but you don't want to break the existing traffic routing (so that the existing applications keep running smoothly). Then this guide is helpful. | |||
| Ps. If you have a `apt-get ` or `yum` installed caddy instead of container-ed Caddy, please see [caddy2](../caddy2/README.md). | |||
| ## Prerequisite configuration | |||
| To get started, first follow the [front the integrated reverse-proxy webserver with another reverse-proxy](../../../docs/configuring-playbook-own-webserver.md#fronting-the-integrated-reverse-proxy-webserver-with-another-reverse-proxy) instructions and update your playbook's configuration (`inventory/host_vars/matrix.<your-domain>/vars.yml`). | |||
| And adjust the `docker-compose.yaml` of Caddy's. See [examples/reverse-proxies/caddy2-in-container/docker-compose.yaml](./docker-compose.yaml). | |||
| ## Using the Caddyfile | |||
| You can either just use the [Caddyfile](Caddyfile) directly or append its content to your own Caddyfile. | |||
| In both cases make sure to replace all the `example.tld` domains with your own domain. | |||
| This example does not include additional services like element, but you should be able copy the first block and replace the matrix subdomain with the additional services subdomain. I have not tested this though. | |||
+ 22
- 0
examples/reverse-proxies/caddy2-in-container/docker-compose.yaml
Dosyayı Görüntüle
| @@ -0,0 +1,22 @@ | |||
| version: "3.9" | |||
| services: | |||
| caddy: | |||
| image: caddy:2.5.1-alpine | |||
| networks: | |||
| # add this, so that caddy can talk to the playbook-managed-traefik | |||
| - traefik | |||
| ports: | |||
| - "80:80" | |||
| - "443:443" | |||
| - "8448:8448" | |||
| volumes: | |||
| - ./Caddyfile:/etc/caddy/Caddyfile | |||
| # - ./site:/var/www | |||
| # Other configurations ... | |||
| networks: | |||
| # add this as well | |||
| traefik: | |||
| name: traefik | |||
| external: true | |||