hoostine/caddy-docker
1
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

first

Browse Source
This commit is contained in:
hoostine 2024-05-23 03:21:50 +00:00
commit d186d5a2cf
5 changed files with 151 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Caddyfile Normal file
View File

@ -0,0 +1,13 @@
{
email hoostine@gmail.com
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
acme_dns route53 {
max_retries 10
region "us-east-1"
}
key_type p384
}
gitea.nopants.ctop.us {
reverse_proxy gitea:3000
}

12
Dockerfile Normal file
View File

@ -0,0 +1,12 @@
FROM caddy:2.7.6-builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/route53@v1.3.3 \
--with github.com/lucaslorentz/caddy-docker-proxy/v2@v2.8.11
FROM caddy:2.7.6
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
COPY ./docker/entrypoint /
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"]

49
docker-compose.yml Normal file
View File

@ -0,0 +1,49 @@
services:
caddy:
image: octopus/caddy:v2.7.6
restart: unless-stopped
environment:
- AWS_ACCESS_KEY_ID=DOCKER-SECRET->r53-aws-access-key
- AWS_SECRET_ACCESS_KEY=DOCKER-SECRET->r53-aws-secret-access-key
networks:
- caddy
ports:
- "80:80"
- "443:443"
- "3001:3001"
volumes:
- caddy_data:/data
- caddy_config:/config
deploy:
placement:
constraints:
- node.role == manager
replicas: 1
update_config:
parallelism: 2
delay: 10s
secrets:
- r53-aws-access-key
- r53-aws-secret-access-key
configs:
- source: caddyfile.v0
target: /etc/caddy/Caddyfile
networks:
caddy:
attachable: true
volumes:
caddy_data:
caddy_config:
configs:
caddyfile.v0:
external: true
secrets:
r53-aws-access-key:
external: true
r53-aws-secret-access-key:
external: true

45
docker/entrypoint/docker-entrypoint.d/.env-from-docker-secrets Executable file
View File

@ -0,0 +1,45 @@
# EXPANDING VARIABLES FROM DOCKER SECRETS
: ${ENV_SECRETS_DIR:=/run/secrets}
env_secret_debug()
{
if [ ! -z "$ENV_SECRETS_DEBUG" ]; then
echo -e "\033[1m$@\033[0m"
fi
}
# usage: env_secret_expand VAR
# ie: env_secret_expand 'XYZ_DB_PASSWORD'
# (will check for "$XYZ_DB_PASSWORD" variable value for a placeholder that defines the
# name of the docker secret to use instead of the original value. For example:
# XYZ_DB_PASSWORD="DOCKER-SECRET->:my-db_secret"
env_secret_expand() {
var="$1"
eval val=\$$var
if secret_name=$(expr match "$val" "DOCKER-SECRET->\([^}]\+\)$"); then
secret="${ENV_SECRETS_DIR}/${secret_name}"
env_secret_debug "Secret file for $var: $secret"
if [ -f "$secret" ]; then
val=$(cat "${secret}")
export "$var"="$val"
env_secret_debug "Expanded variable: $var=$val"
else
env_secret_debug "Secret file does not exist! $secret"
fi
fi
}
env_secrets_expand() {
for env_var in $(printenv | cut -f1 -d"=")
do
env_secret_expand $env_var
done
if [ ! -z "$ENV_SECRETS_DEBUG" ]; then
echo -e "\n\033[1mExpanded environment variables\033[0m"
printenv
fi
}
env_secrets_expand

32
docker/entrypoint/docker-entrypoint.sh Executable file
View File

@ -0,0 +1,32 @@
#!/bin/sh
# vim:sw=4:ts=4:et
set -e
. /docker-entrypoint.d/.env-from-docker-secrets
if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then
echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration"
echo "$0: Looking for shell scripts in /docker-entrypoint.d/"
find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do
case "$f" in
*.sh)
if [ -x "$f" ]; then
echo "$0: Launching $f";
"$f"
else
# warn on shell scripts without exec bit
echo "$0: Ignoring $f, not executable";
fi
;;
*) echo "$0: Ignoring $f";;
esac
done
echo "$0: Configuration complete; ready for start up"
else
echo "$0: No files found in /docker-entrypoint.d/, skipping configuration"
fi
exec "$@"