Mirrors/dokku
1
0
Fork 0
mirror of https://github.com/dokku/dokku.git synced 2026-05-18 05:05:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8626 from dokku/8625-caddy-report-tls-internal-has-no-raw-vs-computed-key-separation

Browse Source 
Split caddy report tls-internal into raw, computed, and global
This commit is contained in:
Jose Diaz-Gonzalez
2026-05-12 20:34:18 -04:00
committed by GitHub
parent 12c00b57fc 436825b782
commit f6448cef2c
8 changed files with 168 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
docs/networking/proxies/caddy.md
View File

@@ -6,12 +6,12 @@
Dokku provides integration with the [Caddy](https://caddyserver.com/) proxy service by utilizing the Docker label-based integration implemented by [Caddy Docker Proxy](https://github.com/lucaslorentz/caddy-docker-proxy). Dokku provides integration with the [Caddy](https://caddyserver.com/) proxy service by utilizing the Docker label-based integration implemented by [Caddy Docker Proxy](https://github.com/lucaslorentz/caddy-docker-proxy).
``` ```
caddy:report [<app>] [<flag>] # Displays a caddy report for one or more apps caddy:report [<app>] [<flag>] # Displays a caddy report for one or more apps
caddy:logs [--num num] [--tail] # Display caddy log output caddy:logs [--num num] [--tail] # Display caddy log output
caddy:set <app> <property> (<value>) # Set or clear an caddy property for an app caddy:set [<app>|--global] <property> (<value>) # Set or clear an caddy property for an app or globally
caddy:show-config <app> # Display caddy compose config caddy:show-config <app> # Display caddy compose config
caddy:start # Starts the caddy server caddy:start # Starts the caddy server
caddy:stop # Stops the caddy server caddy:stop # Stops the caddy server
``` ```
## Requirements ## Requirements
@@ -191,12 +191,25 @@ After enabling, the Caddy container will need to be restarted and apps will need
### Using Caddy's Internal TLS server ### Using Caddy's Internal TLS server
To switch to Caddy's internal TLS server for certificate provisioning, set the `tls-internal` property. This can only be set on a per-app basis. To switch to Caddy's internal TLS server for certificate provisioning, set the `tls-internal` property.
```shell ```shell
dokku caddy:set node-js-app tls-internal true dokku caddy:set node-js-app tls-internal true
``` ```
The default value may also be configured globally with the `--global` flag. Per-app values take precedence over the global value when set.
```shell
dokku caddy:set --global tls-internal true
```
Both the per-app and the global value may be unset by setting a blank value.
```shell
dokku caddy:set node-js-app tls-internal
dokku caddy:set --global tls-internal
```
## Displaying Caddy reports for an app ## Displaying Caddy reports for an app
You can get a report about the app's Caddy config using the `caddy:report` command: You can get a report about the app's Caddy config using the `caddy:report` command:
@@ -207,28 +220,36 @@ dokku caddy:report
``` ```
=====> node-js-app caddy information =====> node-js-app caddy information
Caddy computed tls internal: false
Caddy global tls internal: false
Caddy image: lucaslorentz/caddy-docker-proxy:2.7 Caddy image: lucaslorentz/caddy-docker-proxy:2.7
Caddy letsencrypt email: Caddy letsencrypt email:
Caddy letsencrypt server: Caddy letsencrypt server:
Caddy log level: ERROR Caddy log level: ERROR
Caddy polling interval: 5s Caddy polling interval: 5s
Caddy tls internal: false Caddy tls internal:
=====> python-app caddy information =====> python-app caddy information
Caddy computed tls internal: false
Caddy global tls internal: false
Caddy image: lucaslorentz/caddy-docker-proxy:2.7 Caddy image: lucaslorentz/caddy-docker-proxy:2.7
Caddy letsencrypt email: Caddy letsencrypt email:
Caddy letsencrypt server: Caddy letsencrypt server:
Caddy log level: ERROR Caddy log level: ERROR
Caddy polling interval: 5s Caddy polling interval: 5s
Caddy tls internal: false Caddy tls internal:
=====> ruby-app caddy information =====> ruby-app caddy information
Caddy computed tls internal: false
Caddy global tls internal: false
Caddy image: lucaslorentz/caddy-docker-proxy:2.7 Caddy image: lucaslorentz/caddy-docker-proxy:2.7
Caddy letsencrypt email: Caddy letsencrypt email:
Caddy letsencrypt server: Caddy letsencrypt server:
Caddy log level: ERROR Caddy log level: ERROR
Caddy polling interval: 5s Caddy polling interval: 5s
Caddy tls internal: false Caddy tls internal:
``` ```
The `tls-internal` key holds the raw per-app value and is empty when nothing has been set on the app. The `computed-tls-internal` key holds the effective value used at deploy time, falling back to the global value and then to the built-in default of `false`. The `global-tls-internal` key holds the global value.
You can run the command for a specific app also. You can run the command for a specific app also.
```shell ```shell
@@ -237,12 +258,14 @@ dokku caddy:report node-js-app
``` ```
=====> node-js-app caddy information =====> node-js-app caddy information
Caddy computed tls internal: false
Caddy global tls internal: false
Caddy image: lucaslorentz/caddy-docker-proxy:2.7 Caddy image: lucaslorentz/caddy-docker-proxy:2.7
Caddy letsencrypt email: Caddy letsencrypt email:
Caddy letsencrypt server: Caddy letsencrypt server:
Caddy log level: ERROR Caddy log level: ERROR
Caddy polling interval: 5s Caddy polling interval: 5s
Caddy tls internal: false Caddy tls internal:
``` ```
You can pass flags which will output only the value of the specific information you want. For example: You can pass flags which will output only the value of the specific information you want. For example:

3
plugins/caddy-vhosts/command-functions
View File

@@ -70,6 +70,7 @@ cmd-caddy-report-single() {
local flag_map=() local flag_map=()
if [[ "$APP" == "--global" ]]; then if [[ "$APP" == "--global" ]]; then
flag_map=( flag_map=(
"--caddy-global-tls-internal: $(fn-caddy-global-tls-internal)"
"--caddy-image: $(fn-caddy-image)" "--caddy-image: $(fn-caddy-image)"
"--caddy-letsencrypt-email: $(fn-caddy-letsencrypt-email)" "--caddy-letsencrypt-email: $(fn-caddy-letsencrypt-email)"
"--caddy-letsencrypt-server: $(fn-caddy-letsencrypt-server)" "--caddy-letsencrypt-server: $(fn-caddy-letsencrypt-server)"
@@ -79,6 +80,8 @@ cmd-caddy-report-single() {
else else
verify_app_name "$APP" verify_app_name "$APP"
flag_map=( flag_map=(
"--caddy-computed-tls-internal: $(fn-caddy-computed-tls-internal "$APP")"
"--caddy-global-tls-internal: $(fn-caddy-global-tls-internal)"
"--caddy-image: $(fn-caddy-image)" "--caddy-image: $(fn-caddy-image)"
"--caddy-letsencrypt-email: $(fn-caddy-letsencrypt-email)" "--caddy-letsencrypt-email: $(fn-caddy-letsencrypt-email)"
"--caddy-letsencrypt-server: $(fn-caddy-letsencrypt-server)" "--caddy-letsencrypt-server: $(fn-caddy-letsencrypt-server)"

2
plugins/caddy-vhosts/core-post-deploy
View File

@@ -14,7 +14,7 @@ trigger-caddy-vhosts-core-post-deploy() {
return return
fi fi
tls_internal="$(fn-caddy-tls-internal)" tls_internal="$(fn-caddy-computed-tls-internal "$APP")"
dokku_log_info1 "Routing app via caddy" dokku_log_info1 "Routing app via caddy"
if [[ "$tls_internal" == "true" ]]; then if [[ "$tls_internal" == "true" ]]; then
dokku_log_warn "Warning: using caddy's internal, locally-trusted CA to produce certificates for this site" dokku_log_warn "Warning: using caddy's internal, locally-trusted CA to produce certificates for this site"

2
plugins/caddy-vhosts/docker-args-process-deploy
View File

@@ -88,7 +88,7 @@ trigger-caddy-vhosts-docker-args-process-deploy() {
# prefer the https:443 mapping to http:80 mapping # prefer the https:443 mapping to http:80 mapping
if [[ -n "$is_app_listening" ]] && [[ -n "$caddy_domains" ]]; then if [[ -n "$is_app_listening" ]] && [[ -n "$caddy_domains" ]]; then
has_443_mapping=false has_443_mapping=false
tls_internal="$(fn-caddy-tls-internal)" tls_internal="$(fn-caddy-computed-tls-internal "$APP")"
if [[ -n "$proxy_container_https_port" ]] || [[ -n "$proxy_container_https_port_candidate" ]]; then if [[ -n "$proxy_container_https_port" ]] || [[ -n "$proxy_container_https_port_candidate" ]]; then
has_443_mapping=true has_443_mapping=true
fi fi

2
plugins/caddy-vhosts/help-functions
View File

@@ -28,7 +28,7 @@ fn-help-content() {
declare desc="return help content" declare desc="return help content"
cat <<help_content cat <<help_content
caddy:report [<app>] [<flag>], Displays an caddy report for one or more apps caddy:report [<app>] [<flag>], Displays an caddy report for one or more apps
caddy:set <app> <property> (<value>), Set or clear an caddy property for an app caddy:set [<app>|--global] <property> (<value>), Set or clear an caddy property for an app or globally
caddy:show-config <app>, Display caddy compose config caddy:show-config <app>, Display caddy compose config
caddy:labels:add <app> <label> <value>, Add a label to an caddy app caddy:labels:add <app> <label> <value>, Add a label to an caddy app
caddy:labels:remove <app> <label>, Remove a label from an caddy app caddy:labels:remove <app> <label>, Remove a label from an caddy app

16
plugins/caddy-vhosts/internal-functions
View File

@@ -69,5 +69,19 @@ fn-caddy-polling-interval() {
fn-caddy-tls-internal() { fn-caddy-tls-internal() {
declare APP="$1" declare APP="$1"
fn-plugin-property-get-default "caddy" "$APP" "tls-internal" "false" fn-plugin-property-get-default "caddy" "$APP" "tls-internal" ""
}
fn-caddy-computed-tls-internal() {
declare APP="$1"
local value
value="$(fn-caddy-tls-internal "$APP")"
if [[ -z "$value" ]]; then
value="$(fn-caddy-global-tls-internal)"
fi
echo "$value"
}
fn-caddy-global-tls-internal() {
fn-plugin-property-get-default "caddy" "--global" "tls-internal" "false"
} }

2
plugins/caddy-vhosts/subcommands/set
View File

@@ -10,7 +10,7 @@ cmd-caddy-set() {
[[ "$1" == "$cmd" ]] && shift 1 [[ "$1" == "$cmd" ]] && shift 1
declare APP="$1" KEY="$2" VALUE="$3" declare APP="$1" KEY="$2" VALUE="$3"
local VALID_KEYS=("image" "letsencrypt-email" "letsencrypt-server" "log-level" "polling-interval" "tls-internal") local VALID_KEYS=("image" "letsencrypt-email" "letsencrypt-server" "log-level" "polling-interval" "tls-internal")
local GLOBAL_KEYS=("image" "letsencrypt-email" "letsencrypt-server" "log-level" "polling-interval") local GLOBAL_KEYS=("image" "letsencrypt-email" "letsencrypt-server" "log-level" "polling-interval" "tls-internal")
local GLOBAL_ONLY_KEYS=("image" "letsencrypt-email" "letsencrypt-server" "log-level" "polling-interval") local GLOBAL_ONLY_KEYS=("image" "letsencrypt-email" "letsencrypt-server" "log-level" "polling-interval")
[[ -z "$KEY" ]] && dokku_log_fail "No key specified" [[ -z "$KEY" ]] && dokku_log_fail "No key specified"

112
tests/unit/caddy.bats
View File

@@ -63,6 +63,118 @@ teardown() {
assert_success assert_success
} }
@test "(caddy:report) tls-internal raw vs computed vs global" {
run /bin/bash -c "dokku caddy:report $TEST_APP --caddy-tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
assert_output ""
run /bin/bash -c "dokku caddy:report $TEST_APP --caddy-computed-tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
assert_output "false"
run /bin/bash -c "dokku caddy:report $TEST_APP --caddy-global-tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
assert_output "false"
run /bin/bash -c "dokku caddy:set $TEST_APP tls-internal true"
echo "output: $output"
echo "status: $status"
assert_success
run /bin/bash -c "dokku caddy:report $TEST_APP --caddy-tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
assert_output "true"
run /bin/bash -c "dokku caddy:report $TEST_APP --caddy-computed-tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
assert_output "true"
run /bin/bash -c "dokku caddy:set $TEST_APP tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
run /bin/bash -c "dokku caddy:report $TEST_APP --caddy-tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
assert_output ""
run /bin/bash -c "dokku caddy:report $TEST_APP --caddy-computed-tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
assert_output "false"
}
@test "(caddy:set) --global tls-internal" {
run /bin/bash -c "dokku caddy:set --global tls-internal true"
echo "output: $output"
echo "status: $status"
assert_success
run /bin/bash -c "dokku caddy:report --global --caddy-global-tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
assert_output "true"
run /bin/bash -c "dokku caddy:report $TEST_APP --caddy-tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
assert_output ""
run /bin/bash -c "dokku caddy:report $TEST_APP --caddy-computed-tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
assert_output "true"
run /bin/bash -c "dokku caddy:report $TEST_APP --caddy-global-tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
assert_output "true"
run /bin/bash -c "dokku caddy:set $TEST_APP tls-internal false"
echo "output: $output"
echo "status: $status"
assert_success
run /bin/bash -c "dokku caddy:report $TEST_APP --caddy-tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
assert_output "false"
run /bin/bash -c "dokku caddy:report $TEST_APP --caddy-computed-tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
assert_output "false"
run /bin/bash -c "dokku caddy:set $TEST_APP tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
run /bin/bash -c "dokku caddy:set --global tls-internal"
echo "output: $output"
echo "status: $status"
assert_success
}
@test "(caddy) caddy:help" { @test "(caddy) caddy:help" {
run /bin/bash -c "dokku caddy" run /bin/bash -c "dokku caddy"
echo "output: $output" echo "output: $output"