Caddy as a Traefik replacement? #388
Labels
No Label
abra
abra-gandi
awaiting-feedback
backups
bug
build
ci/cd
community organising
contributing
coopcloud.tech
democracy
design
documentation
duplicate
enhancement
finance
funding
good first issue
help wanted
installer
kadabra
performance
proposal
question
recipes.coopcloud.tech
security
test
wontfix
No Milestone
No project
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: toolshed/organising#388
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
https://dev.to/jhot/caddy-docker-proxy-like-traefik-but-better-565l
Things we're currently doing in Traefik which we'd need to work out in Caddy to make it a drop-in replacement:
I think that's it?
Also to answer @joenas's question in #coopcloud-tech:
No! Strongly recommended tho.
I haven't used caddy that much. It feels simpler though based on my memory. I feel like the biggest thing is weighing the cost of the lift to switchover vs the benefit of using something new. We are already using traefik and that shouldn't be understated. Although it's still early days so that shouldn't matter a whole lot. Do we know approx how many operators are using abra in production?
No. My rough guess might be about 5-15 organisations and individuals.
We could potentially allow both as options, they'd ignore each other's labels.
Unless we can work out a find/replace (maybe using
yq
?), it'd probably take at least 5 minutes minimum per recipe, so around 8 hours to add Caddy support to all recipes.Adding some resources:
Reddit thread by caddy author on caddy/traefik:
https://www.reddit.com/r/selfhosted/comments/dmve6n/comment/f55nviu/?utm_source=reddit&utm_medium=web2x&context=3
caddy community post about configuring caddy to use docker containers:
https://caddy.community/t/caddy-reverse-proxy-nextcloud-collabora-vaultwarden-with-local-https/12052
https://github.com/lucaslorentz/caddy-docker-proxy
we would probably need the "inversion of configuration" approach using labels that's provided by
caddy-docker-proxy
, like we do with Traefik, to preserve the current "don't need to edit a reverse proxy config file every time we add a new app to a server" behaviour. So we'd need to pull anything that looks interesting from that page (e.g. fallback responses likerespond /admin* "The admin panel is disabled, please configure the 'ADMIN_TOKEN' variable to enable it"
) into the docker-label format.Yeah I literally just realized this and added link to their github repo like 2 minutes ago hahaha
ostensibly we could automagically insert caddy labels into recipes using domain variables from config files and just delete the traefik labels in our current recipes. Do you see any issues with that?
I guess compose files can have multiple services so it's a lot of magic to determine which ones need labels so maybe not. I do like that there is less label config in caddy though 🤷♀️
Automating adding labels as far as possible would be great. Almost all recipes have a
...loadbalancer.server.port=
Traefik label on web-accessible services, which could be a good start?Until there's an answer to (at least most of) the so-far missing features in comment 15327 then some of us will need to keep on Traefik to some degree.
So having both in some/all recipes, while kinda duplicative, would be a way for folks to try out Caddy sooner while keeping existing stuff working.
coop-cloud/caddy
is a thing now! 🚀And I just used it for the first (AFAIK) successful Co-op Cloud caddy deployment (of
federatedwiki
).Still no ideas about the missing features listed in comment #1 but this is a promising start.
https://caddyserver.com/docs/caddyfile/directives/forward_auth
Caddy is awesome and seems to works great instead of Traefik. All you really need for a basic setup is to deploy the proxy and just add these two labels from OP to the compose.yml of your target application.
I also wanted to disable automatic HTTPS, because in my self-hosting setup there are additional layers between my server and the internet.
In the compose.yml of Caddy it was simply:
Definitely +1 for more Caddy support in recipes!
There's also
caddy-docker-upstreams
.Caddy seems to work even better than Traefik for
*.foo.com
wildcard setups (seems much faster) and it would be possible to have a custom "this is a co-op cloud install" and 404 page also.We should gather ourselves to invest in a migration plan at some point! Ditching traefik would be amazing.
Quick glance,
caddy-docker-upstreams
seems to have a more sensible syntax but maybe supports a lot fewer types of Caddyfile entry? Things which we are using which seem to be missing include:ask
endpoint for auto-SSL