'Using https with grafana/caddy on docker compose

I'm trying to understand how to implement https with grafana/caddy in docker compose without a domain name.

Currently, I access grafana via http://xx.xxx.xx.xx:3000/

I would like this to be https, but am struggling to understand how to generate the cert and have it work as expected. I think letsencrypt requires a domain which I don't have.

version: "3"
networks:
    monitor-net:
        driver: bridge
volumes:
    grafana_data: {}
services:
    grafana:
        image: grafana/grafana:8.4.4
        container_name: grafana
        volumes:
            - grafana_data:/var/lib/grafana
            - ./grafana/provisioning/dashboards:/etc/grafana/provisioning/dashboards
            - ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
        environment:
            - GF_SECURITY_ADMIN_USER=${GF_ADMIN_USER}
            - GF_SECURITY_ADMIN_PASSWORD=${GF_ADMIN_PASS}
            - GF_USERS_ALLOW_SIGN_UP=false
        restart: unless-stopped
        expose:
            - 3000
        networks:
            - monitor-net
        labels:
            org.label-schema.group: "monitoring"

    caddy:
        image: caddy:2.3.0
        container_name: caddy
        ports:
            - "3000:3000"
            - "9090:9090"
            - "9093:9093"
            - "9091:9091"
        volumes:
            - ./caddy:/etc/caddy
        environment:
            - ADMIN_USER=${GF_ADMIN_USER}
            - ADMIN_PASSWORD=${GF_ADMIN_PASS}
            - ADMIN_PASSWORD_HASH=${ADMIN_PASS_HASH}
        restart: unless-stopped
        networks:
            - monitor-net
        labels:
            org.label-schema.group: "monitoring"

I'm assuming I would create a volume on /etc/caddy/certs where I'd store the certificates, but don't know how to generate it for IP only or how it gets recognized by caddy.

docker-composecaddy


Solution 1:[1]

Caddy for IP with SSL

By default, Caddy serves all sites over HTTPS. Caddy serves IP addresses and local/internal hostnames over HTTPS using self-signed certificates that are automatically trusted locally (if permitted). Examples: localhost, 127.0.0.1

Offical Docs Here

in your Caddyfile you have to add something like this

http://192.168.1.25:3000 {
   reverse_proxy grafana_ip:3000
}

Solution 2:[2]

It looks like Caddy does not support generating HTTPS certificates for IP addresses. Additionally, Let's Encrypt does not currently support issuing certificates for bare IP addresses.

However, it does appear that ZeroSSL supports generating certificates for IPs. You could try using these instructions to change one or all of your sites to use ZeroSSL, but I wasn't able to get this to work on my test server.

The best option is probably to get a domain that you can point at your server, and then serve it from there.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Jinna Balu
Solution 2 bbaovanc

Related Questions

In docker-compose, is it possible to reuse volume configuration between services?

E: Package 'mysql-client' has no installation candidate in php-fpm image build using docker compose

M1 chip, Install Puppeteer in Docker NodeJs, The chromium binary is not available for arm64

docker build failed after pip installed requirements with exit code 137

Backend docker image does not wait until db becomes available

How to access gradle test reports from a docker container

nestjs Docker build error: can not find tsconfig.build.json

Building a rocketmq cluster with docker-compose, managing which broker is in control

Network mode container in docker-compose

Update only one Container via docker-compose

Docker initialize database tables and records in SQL Server

Cache "go get" in docker build

Docker-compose exit code is 137 when there is no OOM exception

Add a vxlan interface to a docker container

Version in "./docker-compose.yml" is unsupported. You might be seeing this error because you're using the wrong Compose file version