Skip to content

Configurations

Jump to bottom
yusing edited this page Nov 2, 2024 · 23 revisions

Configurations

GoDoxy Docker Compose Example (simple)

services:
    frontend:
        image: ghcr.io/yusing/go-proxy-frontend:latest
        container_name: go-proxy-frontend
        restart: unless-stopped
        network_mode: host
        env_file: .env
        depends_on:
            - app
    app:
        image: ghcr.io/yusing/go-proxy:latest
        container_name: go-proxy
        restart: always
        network_mode: host
        env_file: .env
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - ./config:/app/config

            # (Optional) choose one of below to enable https
            # 1. use existing certificate
            # if your cert is not named `cert.crt` change `cert_path` in `config/config.yml`
            # if your cert key is not named `priv.key` change `key_path` in `config/config.yml`

            # - /path/to/certs:/app/certs

            # 2. use autocert, certs will be stored in ./certs (or other path you specify)

            # - ./certs:/app/certs

🔼Back to top

GoDoxy Docker Compose Example (advanced)

services:
  frontend:
    image: reg.6uo.me/yusing/godoxy-frontend:latest
    container_name: go-proxy-frontend
    restart: unless-stopped
    network_mode: host
    env_file: .env
    labels:
      proxy.aliases: "home"
      proxy.home.port: "3000"
      proxy.home.middlewares.cidr_whitelist.status_code: "403"
      proxy.home.middlewares.cidr_whitelist.message: "IP not allowed"
      proxy.home.middlewares.cidr_whitelist.allow: |
        - 10.0.4.0/22
        - 10.0.14.0/22
    depends_on:
      - app
  app:
    image: reg.6uo.me/yusing/go-proxy:latest
    container_name: go-proxy
    restart: always
    network_mode: host
    env_file: .env
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /shared/go-proxy/config:/app/config
      - /shared/go-proxy/certs:/app/certs
      - /shared/go-proxy/error_pages:/app/error_pages

🔼Back to top

Config file

providers:
  docker:
    local: $DOCKER_HOST

Config file structure

The config.yml contains two main sections:

  • autocert: cert config (optional)
  • providers: orchestrators (required)
    • include: standalone files other than config.yml under config/ (optional)
    • docker: docker providers (optional)
    • notification: notification config (optional)
  • match_domains: a list of domains to match (optional)

Use existing SSL cert

autocert:
  provider: local

  cert_path: certs/cert.crt # change it only when needed
  key_path: certs/priv.key  # change it only when needed

Automatic SSL cert with cloudflare

autocert:
  provider: cloudflare
  email: [email protected] # ACME Email
  domains:             # a list of domains for cert registration
    - "*.y.z"
  options:
    auth_token: c1234565789-abcdefghijklmnopqrst # your zone API token

Automatic SSL cert with other DNS providers

check this

Orchestrators

providers:
  include:
    - file1.yml
    - file2.yml

  docker:
    # $DOCKER_HOST implies environment variable `DOCKER_HOST` or unix:///var/run/docker.sock (by default)
    local: $DOCKER_HOST

    # explicit only mode:
    # only containers with explicit aliases will be proxied
    # add "!" after provider name to enable explicit only mode
    local!: $DOCKER_HOST
  
    # add more docker providers if needed
    # for address format, see https://docs.docker.com/reference/cli/dockerd/
    #
    remote-1: tcp://10.0.2.1:2375
    remote-2: ssh://root:[email protected]

  notification:
    # Gotify
    gotify:
      url: https://gotify.my.site
      token: abcdef.12345
    # more are coming...

Match Domains

match_domains:
  - my.site
  - node1.my.app

If no match_domains defined, any host of alias.domain will match

If any match_domains defined, only host of alias.[one of match_domains] will match, for example: match_domains: [node1.my.app, my.site]

  • https://app1.my.app, https://app1.my.net, etc. will not match even if app1 exists
  • only https://*.node1.my.app and https://*.my.site will match

Non-hotreloadable options

# timeout for shutdown (in seconds)
timeout_shutdown: 5

# global setting redirect http requests to https (if https available, otherwise this will be ignored)
# proxy.<alias>.middlewares.redirect_http will override this
redirect_to_https: false

🔼Back to top

Include file example

Simple

example.y.z -> https://localhost:8989

example:
  scheme: https
  port: 8989

Advanced

example: # matching `example.y.z`
  scheme: https
  host: 10.0.0.1
  port: 80
  path_patterns: # Check https://pkg.go.dev/net/http#hdr-Patterns-ServeMux for syntax
    - GET / # accept any GET request
    - POST /auth # for /auth and /auth/* accept only POST
    - GET /home/{$} # for exactly /home
  no_tls_verify: false
  middlewares:
    cidr_whitelist:
      allow:
        - 127.0.0.1
        - 10.0.0.0/8
      status_code: 403
      message: "IP not allowed"
  homepage:
    name: Example App
    icon: png/example.png
    description: An example app
    category: example
  healthcheck:
    disable: false
    use_get: true
    path: /ping
    interval: 5s
    timeout: 2s

🔼Back to top

Multi docker nodes setup

On the other node, e.g. server-1 running on 10.0.0.2, run this docker compose

docker-proxy:
  container_name: docker-proxy
  image: tecnativa/docker-socket-proxy
  privileged: true
  environment:
    - ALLOW_START=1
    - ALLOW_STOP=1
    - ALLOW_RESTARTS=1
    - CONTAINERS=1
    - EVENTS=1
    - PING=1
    - POST=1
    - VERSION=1
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock
  restart: always
  ports:
    - 10.0.0.2:2375:2375

    # or less secure way
    # - 2375:2375

Add it into your config.yml

autocert:
  ...

providers:
  include:
    ...
  docker:
    ...
    server-1: tcp://10.0.0.2:2375

🔼Back to top

Clone this wiki locally