Update From Within Container

[zQueal]

I have a VPS and I just had some issues with Kinsing virus for docker infecting all of my containers. From that, I changed the way that I do things.

I generally use Caddy2 as a reverse_proxy for all of my containers, but I migrated caddy from bare metal to inside a docker container, too. I now don't expose ports within containers, and use caddy to connect directly to the hostname and port of the docker container.

My Caddyfile looks a bit like this;

*.domain.dev {
        encode zstd gzip
        @book host bk.domain.dev
        handle @book {
                reverse_proxy linkding:9090
        }
        @git host git.domain.dev
        handle @git {
                reverse_proxy rgit:8000
        }
        @jelly host jelly.domain.dev
        handle @jelly {
                reverse_proxy {ipv4}:8096
        }
        @ping host ping.domain.dev
        handle @ping {
                respond "pong!"
        }
}

It's working really great so far, but I have one issue.

I have my caddfile saved as ~/.caddy which systemlinks to /etc/caddy/Caddyfile and in my caddy docker container, I've attached a volume for /etc/caddy/Caddyfile:/etc/caddy/Caddyfile. The workflow I had in mind was to edit ~/.caddy (so I don't need root permissions), and then format, validate, and then reload caddy. I do this by using a justfile;

caddy-refresh:
  caddy fmt --overwrite ~/.caddy
  caddy validate --config /etc/caddy/Caddyfile -a caddyfile
caddy-reload: caddy-refresh
  doas docker exec -it caddy caddy reload --config /etc/caddy/Caddyfile

So I edit my caddyfile;

~> nvim ~/.caddy
[ make changes ]
~> just caddy-reload
[ caddy fmt, caddy validate, then caddy reload from within the docker container ]

It all seems to work exceptionally well with one minor hitch. To get the changes to reflect from within caddy, I have to actually restart the container.

Any ideas?

[francislavoie]

Try to mount a folder onto /etc/caddy rather than the Caddyfile directly (this means your config file needs to be named Caddyfile on the host). The trouble is usually with the editing software you use to edit the config file. If you use one that changes the inode of the file when saving, then Docker doesn't track the change to the file. E.g. try using nano instead of vim, they save the file differently. Mounting the parent folder instead of the file sidesteps that issue.

[zQueal]

Yeah, this is a weird issue. I can't tell if it's a caddy issue or my environment. I tried using nano and got the same thing.

I tried to bind /etc/caddy/:/etc/caddy/ and within /etc/caddy on the host is Caddyfile which is slinked to ~/.caddy, but no go;

Error: reading config from file: open /etc/caddy/Caddyfile: no such file or directory

I tried to bind ~/.caddy:/etc/caddy/Caddyfile but ended up getting the same issue (even with nano). I edited ~/.caddy and reloaded via my justfile, and the docker log shows this on restart;

logger=admin.api
msg=received request method=POST host=127.0.0.1:2019 uri=/load remote_ip=127.0.0.1 remote_port=36480 headers={"Accept-Encoding":["gzip"],"Content-Length":["1711"],"Content-Type":["application/json"],"Origin":["http://127.0.0.1:2019"],"User-Agent":["Go-http-client/1.1"]}
msg=config is unchanged
msg=load complete