Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wildcard ssl support? #224

Open
Bored0ne opened this issue Nov 12, 2023 · 4 comments
Open

Wildcard ssl support? #224

Bored0ne opened this issue Nov 12, 2023 · 4 comments
Labels
bug Something isn't working

Comments

@Bored0ne
Copy link

Bored0ne commented Nov 12, 2023
edited
Loading

Describe the bug
Not exactly a bug more of a use case that's being hindered. For a visual:

WildcardDomainRecord ---  Caddy ---Sablier --- Docker
                                \             /
                                   Traefik

Basically my wildcard domain *.domain.com points to my Caddy server. My Caddy server then goes and allocates the record, traefik by default sets up the wildcard hosting with {{ .Containername }}.domain.com. Basically Sablier doesn't appear to support two things. 1. Placeholders in Caddy because the @name just gets sent to sablier as @name. 2. if it does not have sablier enabled but I try and connect to it via container name I just want sablier to ignore it's even calling it. Not error out like it currently is with a 404 healthcheck. Don't get me wrong I can appreciate what it is doing. However in my weird use case I don't want it to do that and would love to be able to set a config option to just ignore healthchecks on nonenabled containers.

*.domain.com {
        @name expression `{http.request.host.labels.2}`
        log
        @private {
                remote_ip private_ranges
        }
# Tried this and it didn't work as much as I would've loved that.
#########################################
#       sablier http://localhost:10000 {
#               group {http.request.host.labels.2}
#               dynamic {
#                       display_name {http.request.host.labels.2}
#                       theme matrix
#               }
#       }
########################################
# This is some security stuff for ensuring that anything outside of my local net has to be vetted before coming in all the way.
        handle @private {
                sablier http://localhost:10000 {
                        names @name
                        dynamic {
                                theme matrix
                        }
                }
                # This points to my traefik instance.
                reverse_proxy http://127.0.0.1:280
        }
        handle {
        # More security fun.
                authorize with mypolicy
                sablier http://localhost:10000 {
                        names @name
                        dynamic {
                                theme matrix
                        }
                }
                reverse_proxy http://127.0.0.1:280
        }
}
}

//Traefik special rule

 - "--providers.docker.defaultRule=Host(`{{ .ContainerName }}.domain.com`)"

Context

  • Sablier version: docker latest beta 11/12/2023
  • Provider: docker 24.0.7 build afdd53b
  • Reverse proxy: custom caddy server.
  • Sablier running inside a container? Yes

Expected behavior
It should support the magic.
@Bored0ne Bored0ne added the bug Something isn't working label Nov 12, 2023
@acouvreur
Copy link
Owner

I'm not really familiar with how "templating" in Caddy would work.

To me it seems that configuration is immutable.

So I'm curious to see if you had any experience with "dynamic" configuration that may come from the routingitself, such as the targeted container.

Your use case is obviously the most wanted one:

Not having to specify which container to wake up

So far, not a single reverse proxy allows to do this kind of configuration at "request-time".

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 6, 2024

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions github-actions bot added the Stale label Feb 6, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Feb 11, 2024
@acouvreur acouvreur reopened this Mar 15, 2024
@github-actions github-actions bot removed the Stale label Mar 16, 2024
@Bored0ne
Copy link
Author

Hey @acouvreur I figure'd it out. The request has to be built with the caddy http replacer during request time. I'm still working out the kinks but will provide a fork demonstrating this and leave it at your discretion on whether or not to include this functionality.

@Bored0ne
Copy link
Author

Here's the code changes on my fork
My go skills are a little rusty but I managed this much.
Basically I am using caddy to extract the placeholder and format the requested names.
To be honest, I'm not 100% sure I'm even doing this right, but it works for me. Now I can deploy under a wildcard ssl on caddy, spin up a docker container with sablier, and send all traffic to traefik for automated routing/ssl cert generation.

https://github.com/Bored0ne/sablier/blob/main/plugins/caddy/config.go
https://github.com/Bored0ne/sablier/blob/main/plugins/caddy/main.go

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Bored0ne @acouvreur