Skip to content

Configurations

Jump to bottom
yusing edited this page Jan 5, 2025 · 23 revisions

Configurations

Config file

providers:
  docker:
    local: $DOCKER_HOST

Config file structure

The config.yml contains the following main sections:

  • autocert: cert config (optional)
  • entrypoint: entrypoint config (optional)
    • middlewares: middleware definitions (optional)
    • access_log: access log config (optional)
  • providers: orchestrators (required)
    • include: standalone files other than config.yml under config/ (optional)
    • docker: docker providers (optional)
    • notification: notification config (optional)
  • match_domains: a list of domains to match (optional)
  • homepage: homepage config (optional)

autocert config

Use existing SSL cert

autocert:
  provider: local

  cert_path: certs/cert.crt # change it only when needed
  key_path: certs/priv.key # change it only when needed

Automatic SSL cert with cloudflare

autocert:
  provider: cloudflare
  email: [email protected] # ACME Email
  domains: # a list of domains for cert registration
    - "*.y.z"
  options:
    auth_token: c1234565789-abcdefghijklmnopqrst # your zone API token

Automatic SSL cert with other DNS providers

check this

autocert troubleshooting

If you have error obtaining cert, try the following:

  • set LEGO_DISABLE_CNAME_SUPPORT=1 if your domain has a CNAME record
  • try another dns server
services:
  app:
    container_name: godoxy
    ...
    environment:
      - LEGO_DISABLE_CNAME_SUPPORT=1
    dns:
      - 1.1.1.1
      - 1.1.1.2

Entrypoint config

Check also:

entrypoint:
  middlewares:
    - use: CIDRWhitelist
      allow:
        - "127.0.0.1"
        - "10.0.0.0/8"
        - "192.168.0.0/16"
      status: 403
      message: "Forbidden"

  access_log:
    format: combined
    path: /app/logs/access.json.log
    filters: ...
    fields: ...

🔼Back to top

Orchestrators

See also:

providers:
  include:
    - file1.yml
    - file2.yml

  docker:
    # $DOCKER_HOST implies environment variable `DOCKER_HOST` or unix:///var/run/docker.sock (by default)
    local: $DOCKER_HOST

    # explicit only mode:
    # only containers with explicit aliases will be proxied
    # add "!" after provider name to enable explicit only mode
    local!: $DOCKER_HOST

    # add more docker providers if needed
    # for address format, see https://docs.docker.com/reference/cli/dockerd/
    #
    remote-1: tcp://10.0.2.1:2375
    remote-2: ssh://root:[email protected]

  notification:
    - name: gotify
      provider: gotify
      url: https://gotify.my.site
      token: abcdef.12345
    - name: discord
      provider: webhook
      url: https://discord.com/api/webhooks/...
      template: discord
    # more are coming...

Match Domains

match_domains:
  - my.site
  - node1.my.app

If no match_domains defined, any host of alias.domain will match

  • https://app1.y.z will match alias app1 for any domain in form of y.z
  • https://app1.node1.y.z will only match alias app.node1

If any match_domains defined, only host of alias.[one of match_domains] will match, for example: match_domains: [node1.my.app, my.site]

  • https://app1.my.app, https://app1.my.net, etc. will not match even if app1 exists
  • only https://*.node1.my.app and https://*.my.site will match

Homepage Configurations

homepage:
  use_default_categories: true # default

🔼Back to top

Multi docker nodes setup

On the other node, e.g. server-1 running on 10.0.0.2, run this docker compose

docker-proxy:
  container_name: docker-proxy
  image: tecnativa/docker-socket-proxy
  privileged: true
  environment:
    - ALLOW_START=1
    - ALLOW_STOP=1
    - ALLOW_RESTARTS=1
    - CONTAINERS=1
    - EVENTS=1
    - PING=1
    - POST=1
    - VERSION=1
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock
  restart: always
  ports:
    - 10.0.0.2:2375:2375

    # or less secure way
    # - 2375:2375

Add it into your config.yml under providers.docker

providers:
  include:
    ...
  docker:
    ...
    server-1: tcp://10.0.0.2:2375

🔼Back to top

Include file examples

Simple

example.y.z -> https://localhost:8989

example:
  scheme: https
  port: 8989

Advanced

Like in docker compose, you can use x-properties in include files

x-proxy: &proxy # this will be ignored in GoDoxy
  scheme: https
  healthcheck:
    disable: true
  middlewares:
    hideXForwarded:
    modifyRequest:
      setHeaders:
        Host: $req_host

api.openai.com:
  <<: *proxy # extends from x-proxy
  host: api.openai.com
api.groq.com:
  <<: *proxy # extends from x-proxy
  host: api.groq.com

Full example

example: # matching `example.y.z`
  scheme: http
  host: 10.0.0.254
  port: 80
  path_patterns: # Check https://pkg.go.dev/net/http#hdr-Patterns-ServeMux for syntax
    - GET / # accept any GET request
    - POST /auth # for /auth and /auth/* accept only POST
    - GET /home/{$} # for exactly /home
  healthcheck:
    disabled: false
    path: /
    interval: 5s
  load_balance:
    link: app
    mode: ip_hash
    options:
      header: X-Forwarded-For
  middlewares:
    cidr_whitelist:
      allow:
        - 127.0.0.1
        - 10.0.0.0/8
      status_code: 403
      message: IP not allowed
    hideXForwarded:
  homepage:
    name: Example App
    icon: png/example.png
    description: An example app
    category: example
  access_log:
    buffer_size: 100
    path: /var/log/example.log
    filters:
      status_codes:
        values:
          - 200-299
          - 101
      method:
        values:
          - GET
      host:
        values:
          - example.y.z
      headers:
        negative: true
        values:
          - foo=bar
          - baz
      cidr:
        values:
          - 192.168.10.0/24
    fields:
      headers:
        default: keep
        config:
          foo: redact
      query:
        default: drop
        config:
          foo: keep
      cookies:
        default: redact
        config:
          foo: keep

🔼Back to top

Clone this wiki locally