diff --git a/README.md b/README.md index 90f6226..a8202f6 100644 --- a/README.md +++ b/README.md @@ -46,10 +46,10 @@ Restart your browsers ! The base stack contains the minimal configuration related to web development. - - caddy - - adminer - - maildev - - memcached + - Caddy + - AdminerEvo + - MailDev + - Memcached ## Compose your stack @@ -69,13 +69,3 @@ The repository currently supports these message brokers: - rabbitmq 3.8 An optional watchtower service is available to update docker images automatically. Add `watchtower.yml` to `COMPOSE_FILE` variable and set a schedule with `WATCHTOWER_SCHEDULE` variable in your `.env` file (default is `0 0 17 * * *`). You should also [login to your docker hub account](https://docs.docker.com/security/for-developers/access-tokens/#create-an-access-token) to prevent rate limit issues. - -## Troubleshooting - -- If setup.sh respond `trust: install is not supported on this system`: - -```shell - sudo trust anchor --store /var/lib/docker/volumes/dev_caddy_data/_data/caddy/pki/authorities/local/root.crt - sudo trust anchor --store /var/lib/docker/volumes/dev_caddy_data/_data/caddy/pki/authorities/local/intermediate.crt - sudo update-ca-trust -``` diff --git a/docker-compose.yml b/docker-compose.yml index f6b7b07..a616c49 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,6 +17,10 @@ services: - target: 443 published: ${HTTP3_PORT:-443} protocol: udp + # Caddy admin API + - target: 2019 + published: ${CADDY_ADMIN_PORT:-2019} + protocol: tcp environment: CADDY_INGRESS_NETWORKS: dev_public volumes: @@ -28,12 +32,6 @@ services: caddy.tls: internal caddy.respond: |- / "Healthy" 200 - healthcheck: - test: [ "CMD", "wget", "-qO-", "http://localhost:2019/config" ] - interval: 10s - timeout: 5s - retries: 5 - start_period: 30s maildev: restart: always diff --git a/proxy/Dockerfile b/proxy/Dockerfile index 3162c11..2dd55e9 100644 --- a/proxy/Dockerfile +++ b/proxy/Dockerfile @@ -1,11 +1,9 @@ -FROM --platform=$TARGETPLATFORM caddy:2-alpine +FROM caddy:2-alpine ARG TARGETOS ARG TARGETARCH ADD --chmod=500 https://caddyserver.com/api/download?os=${TARGETOS}&arch=${TARGETARCH}&p=github.com/lucaslorentz/caddy-docker-proxy/v2&p=github.com/dunglas/mercure/caddy&p=github.com/dunglas/vulcain/caddy /usr/bin/caddy -COPY Caddyfile /etc/caddy/Caddyfile - -HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "wget", "-qO-", "http://localhost:2019/config" ] +HEALTHCHECK --interval=5s --timeout=5s --start-period=5s --retries=3 CMD [ "wget", "-qO-", "http://127.0.0.1:2019/config" ] CMD ["caddy", "docker-proxy", "--caddyfile-path=/etc/caddy/Caddyfile"] diff --git a/setup.sh b/setup.sh index c1bcdeb..728d540 100755 --- a/setup.sh +++ b/setup.sh @@ -1,14 +1,23 @@ #!/usr/bin/env bash -docker compose --ansi never up -d --build 2>& 1> /dev/null -docker compose cp proxy:/usr/bin/caddy /tmp/caddy +docker compose up -d 2>/dev/null -XDG_DATA_HOME=/var/lib/docker/volumes/dev_caddy_data/_data +docker compose exec proxy wget -q -O- --post-data='"0.0.0.0:2019"' --header='Content-Type:application/json' 'http://127.0.0.1:2019/config/admin/listen' -sudo XDG_DATA_HOME=${XDG_DATA_HOME} \ -/tmp/caddy start 2&> /dev/null; \ -/tmp/caddy untrust; \ -/tmp/caddy trust; \ -/tmp/caddy stop 2&> /dev/null; \ +docker compose cp proxy:/usr/bin/caddy /tmp/caddy 2>/dev/null -rm /tmp/caddy +/tmp/caddy trust + +# ArchLinux and derivatives, see https://wiki.archlinux.org/title/Transport_Layer_Security#Add_a_certificate_to_a_trust_store +if command -v trust &> /dev/null; then + sudo trust anchor /usr/local/share/ca-certificates/*.crt + sudo update-ca-trust +fi + +rm -f /tmp/caddy + +# Copy the certificate to a stable location (to simplify mounting on all Docker platforms) +sudo docker compose cp proxy:/data/caddy/pki/authorities/local/root.crt /etc/ssl/certs/Caddy.crt 2>/dev/null + +echo "Certificats Caddy installés avec succès !" +echo "Vous pouvez désormais monter le fichier /etc/ssl/certs/Caddy.crt sur vos projets Docker."