Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

layer4 configuration block #666

Open
jameshclrk opened this issue Oct 16, 2024 · 6 comments
Open

layer4 configuration block #666

jameshclrk opened this issue Oct 16, 2024 · 6 comments

Comments

@jameshclrk
Copy link

jameshclrk commented Oct 16, 2024
edited
Loading

Following #342, the layer4 plugin can be configured using Caddyfile.

I'm trying to get one of the examples working, but I'm not sure how to set the keys in the correct way.

Example Caddyfile:

{
    layer4 {
        127.0.0.1:5000 {
            route {
                tls
                echo
            }
        }
    }
}

I have tried this compose file (ignore using whoami, just an example):

services:
  whoami:
    image: traefik/whoami
    networks:
      - caddy
    labels:
      caddy.layer4."127.0.0.0.1:5000".route.tls:
      caddy.layer4."127.0.0.0.1:5000".route.echo:

networks:
  caddy:
    external: true

But I get this Caddyfile which (correctly) causes an error:

{
    layer4 {
        `\"127` {
            0 {
                0 {
                    0 {
                        `1:5000\"` {
                            route {
                                echo
                                tls
                            }
                        }
                    }
                }
            }
        }
    }
}

I've tried escaping the .s with \ and that also doesn't work.
This simple example could be done in a base Caddyfile, but I would like to be able to use layer4 for services defined via labels.
@coandco
Copy link

coandco commented Oct 20, 2024

I'm also running into this. Watching to see if this issue gets answered.

@coandco
Copy link

coandco commented Oct 21, 2024
edited
Loading

Planning on try the solution here to see if it's a viable workaround.

@coandco
Copy link

coandco commented Oct 21, 2024
edited
Loading

Success! I'm attempting to do DNS-over-TLS with pihole, and this is what my labels look like after setting DOT_INGRESS_ADDR to 0.0.0.0:853 on my main caddy container:

      "caddy_1.layer4.0_{$DOT_INGRESS_ADDR}": ""
      "caddy_1.layer4.0_{$DOT_INGRESS_ADDR}.@pihole_host": "tls sni pihole.my.domain"
      "caddy_1.layer4.0_{$DOT_INGRESS_ADDR}.route": "@pihole_host"
      "caddy_1.layer4.0_{$DOT_INGRESS_ADDR}.route.0_tls": ""
      "caddy_1.layer4.0_{$DOT_INGRESS_ADDR}.route.1_proxy": "{{ upstreams 53 }}"

With this approach, I can successfully run doggo google.com A @tls://pihole.my.domain and get an answer.

@Fabbzz
Copy link

Fabbzz commented Nov 18, 2024

@coandco Looks a little bit complex to me comparing to just use the Caddy json config which has more capabilities as well.

@Fabbzz Fabbzz mentioned this issue Nov 18, 2024
Closed
@coandco
Copy link

coandco commented Nov 18, 2024

I mean, sure, but if you're using caddy-docker-proxy you don't really have the option of using the json config.

@Fabbzz
Copy link

Fabbzz commented Nov 18, 2024

@coandco indeed; which is sad to be honest.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@coandco @jameshclrk @Fabbzz