Compatibility with docker-proxy

[Rizary]

Hi,

I try to use docker-proxy and caddy-l4 together. I put some labels to my docker-compose services like so:

docker-compose.yaml file

services:
  auth:
    build:
      dockerfile: ./../../docker/Dockerfile.auth-dev
      context: ../backend/auth
    restart: 'no'
    depends_on:
      - db
    networks:
      - r4gmi_net
    labels:
      caddy.layer4.:443.@auth: "tls sni auth.r.localhost"
      caddy.layer4.:443.route: "@auth"
      caddy.layer4.:443.route.proxy.upstream: "auth:8080"
      caddy.tls: "internal"

  db:
    image: postgres:17.2-bullseye
    restart: always
    volumes:
      - ./volumes/db/data:/var/lib/postgresql/data 700:Z
      - ./volumes/db/r/migrations:/docker-entrypoint-initdb.d/r:rw
    env_file: *env_files
    networks:
      - r4gmi_net
    labels:
      caddy.layer4.:5432.@db: "tls sni db.r.localhost"
      caddy.layer4.:5432.route: "@db"
      caddy.layer4.:5432.route.proxy.upstream: "db:5432"
      caddy.tls: "internal"

  redis:
    image: redis:7.4.1-bookworm
    restart: always
    env_file: *env_files
    networks:
      - r4gmi_net
    labels:
      caddy.layer4.:6379.@redis: "tls sni redis.r.localhost"
      caddy.layer4.:6379.route: "@redis"
      caddy.layer4.:6379.route.proxy.upstream: "redis:6379"
      caddy.tls: "internal"

  prometheus:
    image: prom/prometheus:v2.55.1
    volumes:
      - ./prometheus/:/etc/prometheus/ 700:Z
      - prometheus-data:/prometheus
    env_file: *env_files
    networks:
      - r4gmi_net
    labels:
      caddy.layer4.:443.@prometheus: "tls sni prometheus.r.localhost"
      caddy.layer4.:443.route: "@prometheus"
      caddy.layer4.:443.route.proxy.upstream: "prometheus:9090"
      caddy.tls: "internal"

  node_exporter:
    image: prom/node-exporter:v1.8.2
    container_name: node_exporter
    command:
      - '--path.rootfs=/host --cap-add=SYS_TIME'
    network_mode: host
    pid: host
    restart: unless-stopped
    volumes:
      - './volumes/node_exporter:/host:ro,rslave'
    env_file: *env_files
    
  grafana:
    image: grafana/grafana:10.4.12
    volumes:
      - grafana-data:/var/lib/grafana
      - ./grafana/provisioning:/etc/grafana/provisioning
      - ./grafana/dashboards:/etc/grafana/dashboards
    env_file: *env_files
    networks:
      - r4gmi_net
    labels:
      caddy.layer4.:443.@grafana: "tls sni grafana.r4gmi.localhost"
      caddy.layer4.:443.route: "@grafana"
      caddy.layer4.:443.route.proxy.upstream: "grafana:3000"
      caddy.tls: "internal"

  caddy:
    build:
      dockerfile: ./Dockerfile.caddy
      context: .
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "5432:5432"
      - "6379:6379"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - caddy-data:/data
      - caddy-config:/config
    env_file: *env_files
    networks:
      - r4gmi_net
    labels:
      caddy.tls: "internal"
      caddy.log: default
      caddy.log.format: json
      caddy.log.level: INFO
      caddy.log.output: stderr
      caddy.layer4.logging: true
      caddy.layer4.:443.@secure: "tls"
      caddy.layer4.:443.route: "@secure"

  keycloak:
    build:
      dockerfile: ./Dockerfile.keycloak
      context: .
    command: start-dev
    restart: unless-stopped
    env_file: *env_files
    networks:
      - r4gmi_net
    labels:
      caddy.layer4.:443.@keycloak: "tls sni keycloak.r.localhost"
      caddy.layer4.:443.route: "@keycloak"
      caddy.layer4.:443.route.proxy.upstream: "keycloak:8080"
      caddy.tls: "internal"
      
  questdb:
    image: questdb/questdb:6.6.1
    hostname: questdb
    container_name: questdb
    env_file: *env_files
    networks:
      - r4gmi_net
    labels:
      caddy.layer4.:443.@questdb-ui: "tls sni questdb.r.localhost"
      caddy.layer4.:443.route: "@questdb-ui"
      caddy.layer4.:443.route.proxy.upstream: "questdb:9000"
      caddy.layer4.:8812.@questdb-pg: "tls sni questdb-pg.r.localhost"
      caddy.layer4.:8812.route: "@questdb-pg"
      caddy.layer4.:8812.route.proxy.upstream: "questdb:8812"
      caddy.tls: "internal"

volumes:
  grafana-data:
  caddy-data:
  caddy-config:
  prometheus-data:
  
networks:
  r4gmi_net:
    name: r4gmi_net
    external: true

And the logs shows like this:

logs on caddy

caddy-1        | {"level":"info","ts":1735318605.3022478,"logger":"docker-proxy","msg":"Process Caddyfile","logs":"[ERROR]  Removing invalid block: Caddyfile:68: unrecognized global option: tls\n{\n\tlayer4 {\n\t\t:443 {\n\t\t\t@auth tls sni auth.r.localhost\n\t\t\t@grafana tls sni grafana.r.localhost\n\t\t\t@keycloak tls sni keycloak.r.localhost\n\t\t\t@prometheus tls sni prometheus.r.localhost\n\t\t\t@questdb-ui tls sni questdb.r.localhost\n\t\t\t@secure tls\n\t\t\troute @auth {\n\t\t\t\tproxy {\n\t\t\t\t\tupstream auth:8080\n\t\t\t\t}\n\t\t\t}\n\t\t\troute @grafana {\n\t\t\t\tproxy {\n\t\t\t\t\tupstream grafana:3000\n\t\t\t\t}\n\t\t\t}\n\t\t\troute @keycloak {\n\t\t\t\tproxy {\n\t\t\t\t\tupstream keycloak:8080\n\t\t\t\t}\n\t\t\t}\n\t\t\troute @prometheus {\n\t\t\t\tproxy {\n\t\t\t\t\tupstream prometheus:9090\n\t\t\t\t}\n\t\t\t}\n\t\t\troute @questdb-ui {\n\t\t\t\tproxy {\n\t\t\t\t\tupstream questdb:9000\n\t\t\t\t}\n\t\t\t}\n\t\t\troute @secure\n\t\t}\n\t\t:5432 {\n\t\t\t@db tls sni db.r.localhost\n\t\t\troute @db {\n\t\t\t\tproxy {\n\t\t\t\t\tupstream db:5432\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\t:6379 {\n\t\t\t@redis tls sni redis.r.localhost\n\t\t\troute @redis {\n\t\t\t\tproxy {\n\t\t\t\t\tupstream redis:6379\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\t:8812 {\n\t\t\t@questdb-pg tls sni questdb-pg.r.localhost\n\t\t\troute @questdb-pg {\n\t\t\t\tproxy {\n\t\t\t\t\tupstream questdb:8812\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\t\tlogging true\n\t}\n\tlog default {\n\t\tformat json\n\t\tlevel INFO\n\t\toutput stderr\n\t}\n\ttls internal\n}\n\n"}

or

{
    layer4 {
        :443 {
            @auth tls sni auth.r.localhost
            @grafana tls sni grafana.r.localhost
            @keycloak tls sni keycloak.r.localhost
            @prometheus tls sni prometheus.r.localhost
            @questdb-ui tls sni questdb.r.localhost
            @secure tls
            route @auth {
                proxy {
                    upstream auth:8080
                }
            }
            route @grafana {
                proxy {
                    upstream grafana:3000
                }
            }
            route @keycloak {
                proxy {
                    upstream keycloak:8080
                }
            }
            route @prometheus {
                proxy {
                    upstream prometheus:9090
                }
            }
            route @questdb-ui {
                proxy {
                    upstream questdb:9000
                }
            }
            route @secure
        }
        :5432 {
            @db tls sni db.r.localhost
            route @db {
                proxy {
                    upstream db:5432
                }
            }
        }
        :6379 {
            @redis tls sni redis.r.localhost
            route @redis {
                proxy {
                    upstream redis:6379
                }
            }
        }
        :8812 {
            @questdb-pg tls sni questdb-pg.r.localhost
            route @questdb-pg {
                proxy {
                    upstream questdb:8812
                }
            }
        }
        logging true
    }
    log default {
        format json
        level INFO
        output stderr
    }
    tls internal
}

my goal is to simply running https in service like `https://keycloak.r.localhost" . in my local dev environment.

[vnxme]

I try to use docker-proxy and caddy-l4 together

Hi,

Do you mean https://github.com/lucaslorentz/caddy-docker-proxy? If yes, then it would be reasonable to ask its developers about caddy-l4 compatibility. If that plugin generates a valid json or caddyfile, there should be no problem on the side of caddy-l4. As of now, caddy-l4 doesn't have native support for any config syntax based on docker labels.