containers definition - allow to define caddy_routes

Containers/apache/Dockerfile

@@ -5,10 +5,10 @@ FROM httpd:2.4.61-alpine3.20
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
-COPY --chown=33:33 Caddyfile /Caddyfile
 COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf
 COPY --chmod=664 supervisord.conf /supervisord.conf
 COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 caddyfile.sh /caddyfile.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 VOLUME /mnt/data

Containers/apache/caddyfile.sh

@@ -0,0 +1,102 @@
+#!/bin/bash
+
+
+function loop {
+  readarray -t sorted < <(echo "$3" | tr "$2" '\n' | sort -r)
+  for i in "${sorted[@]}"; do
+    "template_loop_$1" "$i"
+  done
+
+}
+
+function template_nextcloud_route() {
+  cat << CADDY
+
+    route {
+        header Strict-Transport-Security max-age=31536000;
+        reverse_proxy localhost:8000
+    }
+    redir /.well-known/carddav /remote.php/dav/ 301
+    redir /.well-known/caldav /remote.php/dav/ 301
+
+    tls {
+        issuer acme {
+            disable_http_challenge
+        }
+    }
+CADDY
+}
+
+
+
+function template_loop_route {
+  IFS=',' read -ra array <<< "$1"
+  ROUTE="${array[0]}"
+  URI_STRIP_PREFIX="${array[1]}"
+  TARGET_HOST="${array[2]}"
+  TARGET_PORT="${array[3]}"
+
+  cat << CADDY
+
+    route $(test -z "$ROUTE" || echo "$ROUTE/* "){
+        $([ "$URI_STRIP_PREFIX" == "1" ] && echo "uri strip_prefix $ROUTE")
+        reverse_proxy $TARGET_HOST:$TARGET_PORT
+    }
+CADDY
+}
+
+
+
+function template_loop_subdomain {
+  IFS='|' read -ra array <<< "$1"
+  SUBDOMAIN="${array[0]}"
+  ROUTES="${array[1]}"
+
+  if [ -z "$TRUSTED_DOMAINS" ] && [ -n "$SUBDOMAIN" ]; then
+    # Ignore subdomains if in proxy mode
+    return 0
+  fi
+
+  cat << CADDY
+
+$(echo "$TRUSTED_DOMAINS" | tr ',' '\n' | sed "s/.*/$PROTOCOL:\/\/$SUBDOMAIN&:$APACHE_PORT/" | sed '$ ! s/$/,/') {
+    header -Server
+    header -X-Powered-By
+$(loop route ';' "$ROUTES")
+$(test -z "$SUBDOMAIN" && template_nextcloud_route)
+}
+CADDY
+}
+
+function template_caddyfile {
+  if [ -z "$TRUSTED_DOMAINS" ]; then
+      IPv4_ADDRESS="private_ranges"
+      PROTOCOL="http"
+  else
+      IPv4_ADDRESS="$(dig "$APACHE_HOST" A +short +search | head -1 | sed 's|[0-9]\+$|0/16|')"
+      PROTOCOL="https"
+  fi
+
+cat << CADDY
+{
+    auto_https $(test -z "$TRUSTED_DOMAINS" && echo "off" || echo "disable_redirects")
+
+    storage file_system {
+        root /mnt/data/caddy
+    }
+
+    servers {
+        trusted_proxies static $IPv4_ADDRESS
+    }
+
+    log {
+        level ERROR
+    }
+}
+
+$(loop subdomain '@' "$CADDY_ROUTES")
+
+CADDY
+}
+
+template_caddyfile

Containers/apache/start.sh

@@ -17,46 +17,20 @@ while ! nc -z "$NEXTCLOUD_HOST" 9000; do
     sleep 5
 done
 
-# Get ipv4-address of Apache
-# shellcheck disable=SC2153
-IPv4_ADDRESS="$(dig "$APACHE_HOST" A +short +search | head -1)"
-# Bring it in CIDR notation
-# shellcheck disable=SC2001
-IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|0/16|')"
-
 if [ -z "$APACHE_PORT" ]; then
     export APACHE_PORT="443"
 fi
 
-# Change variables in case of reverse proxies
-if [ "$APACHE_PORT" != '443' ]; then
-    export PROTOCOL="http"
-    export NC_DOMAIN=""
-else
-    export PROTOCOL="https"
-fi
-
-# Change the auto_https in case of reverse proxies
-if [ "$APACHE_PORT" != '443' ]; then
-    CADDYFILE="$(sed 's|auto_https.*|auto_https off|' /Caddyfile)"
-else
-    CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)"
+# Set trusted domains if not in reverse proxy mode
+if [ "$APACHE_PORT" == '443' ]; then
+  if [ -z "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
+      export TRUSTED_DOMAINS="$NC_DOMAIN"
+  else
+      export TRUSTED_DOMAINS="$ADDITIONAL_TRUSTED_DOMAIN,$NC_DOMAIN"
+  fi
 fi
-echo "$CADDYFILE" > /tmp/Caddyfile
 
-# Change the trusted_proxies in case of reverse proxies
-if [ "$APACHE_PORT" != '443' ]; then
-    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /tmp/Caddyfile)"
-else
-    CADDYFILE="$(sed "s|# trusted_proxies placeholder|trusted_proxies static $IPv4_ADDRESS|" /tmp/Caddyfile)"
-fi
-echo "$CADDYFILE" > /tmp/Caddyfile
-
-# Remove additional domain if not given
-if [ -z "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
-    CADDYFILE="$(sed '/ADDITIONAL_TRUSTED_DOMAIN/d' /tmp/Caddyfile)"
-fi
-echo "$CADDYFILE" > /tmp/Caddyfile
+./caddyfile.sh > /tmp/Caddyfile
 
 # Fix the Caddyfile format
 caddy fmt --overwrite /tmp/Caddyfile

community-containers/lldap/lldap.json

@@ -8,11 +8,12 @@
       "image_tag": "v0-alpine",
       "internal_port": "17170",
       "restart": "unless-stopped",
-      "ports": [
+      "caddy_routes": [
         {
-          "ip_binding": "%APACHE_IP_BINDING%",
-          "port_number": "17170",
-          "protocol": "tcp"
+          "route": "",
+          "sub_domain": "ldap.",
+          "target_port": "17170",
+          "uri_strip_prefix": false
         }
       ],
       "environment": [

community-containers/nocodb/nocodb.json

@@ -8,11 +8,12 @@
             "image_tag": "%AIO_CHANNEL%",
             "internal_port": "10028",
             "restart": "unless-stopped",
-            "ports": [
+            "caddy_routes": [
                 {
-                    "ip_binding": "%APACHE_IP_BINDING%",
-                    "port_number": "10028",
-                    "protocol": "tcp"
+                    "route": "",
+                    "sub_domain": "tables.",
+                    "target_port": "10028",
+                    "uri_strip_prefix": false
                 }
             ],
             "environment": [

community-containers/stalwart/stalwart.json

@@ -38,13 +38,16 @@
                   "ip_binding": "",
                   "port_number": "4190",
                   "protocol": "tcp"
-                },
-                {
-                  "ip_binding": "%APACHE_IP_BINDING%",
-                  "port_number": "10003",
-                  "protocol": "tcp"
                 }
             ],
+          "caddy_routes": [
+            {
+              "route": "",
+              "sub_domain": "mail.",
+              "target_port": "10003",
+              "uri_strip_prefix": false
+            }
+          ],
             "environment": [
                 "TZ=%TIMEZONE%",
                 "NC_DOMAIN=%NC_DOMAIN%",

php/containers-schema.json

@@ -170,6 +170,31 @@
 							"pattern": "^/[a-z/_0-9-:]+$"
 						}
 					},
+					"caddy_routes": {
+						"type": "array",
+						"items": {
+							"type": "object",
+							"additionalProperties": false,
+							"minProperties": 4,
+							"properties": {
+								"route": {
+									"type": "string",
+									"pattern": "^(/[a-z-]+)*$"
+								},
+								"sub_domain": {
+									"type": "string",
+									"pattern": "^([a-z-]*\\.)*$"
+								},
+								"target_port": {
+									"type": "string",
+									"pattern": "^[0-9]{1,5}$"
+								},
+								"uri_strip_prefix": {
+									"type": "boolean"
+								}
+							}
+						}
+					},
 					"volumes": {
 						"type": "array",
 						"items": {
@@ -195,4 +220,4 @@
 			}
 		}
 	}
-}
+}