Giter Site home page Giter Site logo

Comments (6)

pettijohn avatar pettijohn commented on May 22, 2024 1

FWIW I tried to write this but since I've never worked with Go I have no idea what I'm doing and it didn't seem to work. I spent way too much time trying to understand how to replace a module to even attempt to run the code. Anyway - here's a link to a broken/partial implementation:

pettijohn@39673a7

from cloudflare.

pettijohn avatar pettijohn commented on May 22, 2024 1

This does work with some compose file magic. Overriding the entrypoint of the image is clunky as you can see but functional.

services:
  reverseproxy:
    container_name: caddy
    build: .
    restart: always
    ports:
      - 443:443
      - 80:80
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./site:/site
      - /shares/caddy/data:/data
      - /shares/caddy/config:/config
    secrets:
      - cloudflare-api-key
    entrypoint: ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile", "--envfile", "/run/secrets/cloudflare-api-key"]

secrets:
  cloudflare-api-key:
    file: ./cloudflare-api-key.secret

from cloudflare.

mholt avatar mholt commented on May 22, 2024 1

Nice, thanks for posting your solution!

(Going to close if that's alright, since that works. Would prefer to not have to reinvent env files for each plugin...)

from cloudflare.

pettijohn avatar pettijohn commented on May 22, 2024 1

I think it's fine to close. https://docs.docker.com/engine/swarm/secrets/ says "Docker secrets do not set environment variables directly. This was a conscious decision, because environment variables can unintentionally be leaked between containers (for instance, if you use --link)." I think the caddy --envfile approach does not violate this because caddy loading its own environment state, not modifying the container's state (I assume). Seems like a fine approach.

from cloudflare.

pettijohn avatar pettijohn commented on May 22, 2024

Note I worked around this by putting the secret in a .env file instead, but as the Docker documentation argues, this is probably less secure than putting it in a secret file https://docs.docker.com/compose/environment-variables/

from cloudflare.

mholt avatar mholt commented on May 22, 2024

Can you use the --envfile flag to give Caddy the environment file that way? https://caddyserver.com/docs/command-line#caddy-run

from cloudflare.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.