Apache image with a Caddy reverse proxy #287

ne20002 · 2025-02-04T20:44:46Z

Test the install with docker-compose with the necessary env values for using autoinstall feature.
Update the documentation.

ne20002 · 2025-02-05T15:12:11Z

The install using the autoinstall finishes. But registering the admin user in the login page fails.

This is the docker-compose file I use:

services:
  db:
    image: mariadb
    restart: unless-stopped
    volumes:
      - db:/var/lib/mysql
    networks:
      - friendica
    environment:
      - MYSQL_USER=${MYSQL_USER:?error}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD:?error}
      - MYSQL_DATABASE=${MYSQL_DATABASE:?error}
      - MYSQL_RANDOM_ROOT_PASSWORD=yes

  app:
    image: ${FRIENDICA_IMAGE:?error}
    restart: unless-stopped
    volumes:
      - friendica:/var/www/html
      - friendica_data:/var/www/data
      - ./logs:/var/log
    ports:
      - "9080:80"
    networks:
      - friendica
    environment:
      - MYSQL_HOST=db
      - MYSQL_USER=${MYSQL_USER:?error}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD:?error}
      - MYSQL_DATABASE=${MYSQL_DATABASE:?error}
      - FRIENDICA_ADMIN_MAIL=${FRIENDICA_ADMIN_MAIL:?error}
      - FRIENDICA_UPGRADE=${FRIENDICA_UPGRADE}
      - SMTP=${SMTP}
      - SMTP_DOMAIN=${SMTP_DOMAIN}
      - SMTP_AUTH_USER=${SMTP_AUTH_USER}
      - SMTP_AUTH_PASS=${SMTP_AUTH_PASS}
      - FRIENDICA_LOGFILE=${FRIENDICA_LOGFILE}
      - FRIENDICA_LOGLEVEL=${FRIENDICA_LOGLEVEL}
      - FRIENDICA_DEBUGGING=${FRIENDICA_DEBUGGING}
    depends_on:
      - db

volumes:
  db:
  friendica:
  friendica_data:

networks:
  friendica:

m33m33 · 2025-02-24T15:20:34Z

Do you need contribution on this ?
I have a working setup with caddy + fpm, I also tested caddy + apache I can test this variant again and provide dockerfile templates + caddyfile.

m33m33 · 2025-02-24T20:54:27Z

This docker-compose.yml file work as much as it could, you get:

Caddy listening on 443/TCP with a valid SSL certificate
Apache Friendica instance as a backend

The first user creation on the WebUI is broken, see https://codeberg.org/m33/Friendica-caddy-docker-install#web-interface-method for a workaround. (it is broken with Friendica FPM images too).

docker-compose.yml:

services:
  friendica:
    image: ${FRIENDICA_IMAGE:?error}
    restart: unless-stopped
    depends_on:
      - db
      - redis
    volumes:
      - friendica:/var/www/html
    environment:
      # All environment variables are needed for an automated install on first run
      - MYSQL_HOST=${MYSQL_HOST:?error}
      - MYSQL_PORT=${MYSQL_PORT:?error}
      - MYSQL_USER=${MYSQL_USER:?error}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD:?error}
      - MYSQL_DATABASE=${MYSQL_DATABASE:?error}
      - FRIENDICA_ADMIN_MAIL=${FRIENDICA_ADMIN_MAIL:?error}
      - FRIENDICA_URL=${FRIENDICA_URL:?error}
      - SMTP=${SMTP}
      - SMTP_PORT=${SMTP_PORT}
      - SMTP_DOMAIN=${SMTP_DOMAIN}
      - SMTP_FROM=${SMTP_FROM}
      - SMTP_TLS=${SMTP_TLS}
      - SMTP_STARTTLS=${SMTP_STARTTLS}
      - SMTP_AUTH=${SMTP_AUTH}
      - SMTP_AUTH_USER=${SMTP_AUTH_USER}
      - SMTP_AUTH_PASS=${SMTP_AUTH_PASS}
    networks:
      - backend

  db:
    image: ${MARIADB_IMAGE:?error}
    restart: unless-stopped
# Uncomment this if you want to connect MariaDD from the host
#    ports:
#      - 127.0.0.1:33306:3306
    volumes:
      - db:/var/lib/mysql
    environment:
      # All environment variables are needed
      - MYSQL_USER=${MYSQL_USER:?error}
      - MYSQL_HOST=${MYSQL_HOST:?error}
      - MYSQL_PORT=${MYSQL_PORT:?error}
      - MYSQL_PASSWORD=${MYSQL_PASSWORD:?error}
      - MYSQL_DATABASE=${MYSQL_DATABASE:?error}
      - MYSQL_RANDOM_ROOT_PASSWORD=${MYSQL_RANDOM_ROOT_PASSWORD:?error}
    networks:
      - backend

#  cron:
#    image: ${FRIENDICA_IMAGE:?error}
#    restart: unless-stopped
#    links:
#      - db
#    volumes:
#      - friendica:/var/www/html
#    entrypoint: /cron.sh
#    environment:
#      # All environment variables are needed
#      - MYSQL_HOST=${MYSQL_HOST:?error}
#      - MYSQL_PORT=${MYSQL_PORT:?error}
#      - MYSQL_USER=${MYSQL_USER:?error}
#      - MYSQL_DATABASE=${MYSQL_DATABASE:?error}
#      - SMTP=${SMTP}
#      - SMTP_PORT=${SMTP_PORT}
#      - SMTP_DOMAIN=${SMTP_DOMAIN}
#      - SMTP_FROM=${SMTP_FROM}
#      - SMTP_TLS=${SMTP_TLS}
#      - SMTP_STARTTLS=${SMTP_STARTTLS}
#      - SMTP_AUTH=${SMTP_AUTH}
#      - SMTP_AUTH_USER=${SMTP_AUTH_USER}
#      - SMTP_AUTH_PASS=${SMTP_AUTH_PASS}
#    depends_on:
#      - db
#    networks:
#      - backend

  redis:
    image: ${REDIS_IMAGE:?error}
    restart: unless-stopped
    networks:
     - backend

  caddy:
    image: ${CADDY_IMAGE:?error}
    restart: unless-stopped
    links:
      - friendica
    depends_on:
      friendica:
        condition: service_started
      db:
        condition: service_started
      redis:
        condition: service_started
#      cron:
#        condition: service_started
    ports:
      - "443:443"
    volumes:
      - ./Caddy/Caddyfile:/etc/caddy/Caddyfile:ro
      - ./Caddy/data:/data
      - ./Caddy/config:/config
      - ./Caddy/logs:/var/log/caddy
    networks:
      - frontnet
      - backend

volumes:
  db:
  friendica:

networks:
  frontnet:
  backend:

Caddyfile:

http://Replace with the value of ${FRIENDICA_URL} {
  redir https://fra.local.net{uri}  # Redirect all HTTP traffic to HTTPS
}
        
https://Replace with the value of ${FRIENDICA_URL} {
  # Log output policy
  log {
    output file /var/log/caddy/caddy.log {
      roll true
      roll_size 100MB
      roll_keep_for 31d
      roll_local_time
    }
  }
  
  # Only for testing purpose on a local network, this will generate self signed certificates
  #tls internal

  # Security headers (adjust as needed)
  header {
    # Strict Transport Security
    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

    # Referrer Policy
    Referrer-Policy "same-origin"

    #Remove server names
    Server httpd
    -X-Powered-By
    -X-Friendica-Version

    # A tester content security policy
    Content-Security-Policy default-src 'self';
  }

  # Block list based on apache image's .htaccess, and not so public content
  @blocked {
    path .out .log .back .swp core .git .htaccess CHANGELOG LICENSE VERSION .conf *.txt *.md *.mdown /.* *.lock *.sql /bin/* /spec/* /config/* /doc/* /mods/* /static/*
  }
  respond @blocked 404

  # Enable compression for JS/CSS/HTML bundle, for improved client load times.
  encode zstd gzip

  # Upstream source: friendica apache2 app container
  reverse_proxy friendica:80 {
    header_up X-Forwarded-Host {remote}
    header_up X-Real-IP {remote}
  }
}

ne20002 · 2025-02-26T10:40:25Z

@m33m33, may I ask a question about lines like this SMTP_STARTTLS=${SMTP_STARTTLS}?

SMTP_STARTTLS is optional, what is this line doing? Is this defining an empty env variable or is it skipping the variable completely?

ne20002 self-assigned this Feb 4, 2025

This was referenced Feb 5, 2025

Enabling debugging with autoinstall via env variables seems brocken #284

Open

avatar/profile icon missing when using fpm-alpine variant #290

Closed

ne20002 changed the title ~~Ensure the setup using autoinstall feature works and document accordingly~~ Apache Image with a Caddy Reverse Proxy Feb 24, 2025

ne20002 changed the title ~~Apache Image with a Caddy Reverse Proxy~~ Apache image with a Caddy reverse proxy Feb 24, 2025

ne20002 assigned m33m33 and unassigned ne20002 Feb 24, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Apache image with a Caddy reverse proxy #287

Apache image with a Caddy reverse proxy #287

ne20002 commented Feb 4, 2025

ne20002 commented Feb 5, 2025 •

edited

Loading

m33m33 commented Feb 24, 2025

m33m33 commented Feb 24, 2025

ne20002 commented Feb 26, 2025

Apache image with a Caddy reverse proxy #287

Apache image with a Caddy reverse proxy #287

Comments

ne20002 commented Feb 4, 2025

ne20002 commented Feb 5, 2025 • edited Loading

m33m33 commented Feb 24, 2025

m33m33 commented Feb 24, 2025

ne20002 commented Feb 26, 2025

ne20002 commented Feb 5, 2025 •

edited

Loading