Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to disable HTTPS and configure custom ports for Nginx proxy usage #692

Closed
Arthur-LDH opened this issue Nov 13, 2024 · 4 comments
Closed

How to disable HTTPS and configure custom ports for Nginx proxy usage #692

Arthur-LDH opened this issue Nov 13, 2024 · 4 comments
Labels
question

Comments

@Arthur-LDH
Copy link

I'm trying to configure FrankenPHP/Caddy to work behind an Nginx proxy server to host multiple Docker projects on a single server.

Current issue:

  • The container keeps listening on port 443 (HTTPS)
  • Need to disable automatic HTTPS redirection from Caddy
  • Want to configure custom ports for each project

Thanks !
@7-zete-7
Copy link
Contributor

Hi @Arthur-LDH!

Make FrankenPHP are HTTP-only

To make FrankenPHP (Caddy) listen only to TCP port 80 (and disable auto SSL), it is enough to use :80 as the value of the environment variable SERVER_NAME.
In this case, it is also important to fill the environment variable CADDY_MERCURE_PUBLIC_URL with the correct value (so that Mercure works correctly).

Example

SERVER_NAME=":80" CADDY_MERCURE_PUBLIC_URL="https://example.com/.well-known/mercure" docker compose up

This value can also be written explicitly in the compose.yaml file, if this is a more convenient option (in this case, there will be no need to change other environment variables).

 services:
   php:
     image: ${IMAGES_PREFIX:-}app-php
     restart: unless-stopped
     environment:
-      SERVER_NAME: ${SERVER_NAME:-localhost}, php:80
+      SERVER_NAME: :80
       MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
       MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}

Use custom port for FrankenPHP

To get a container with FrankenPHP on a different port in the host, it is enough to set the value of the required port for the environment variable HTTP_PORT.

Example (using TCP port 8080)

HTTP_PORT=8080 docker compose up

Similarly to the previous one, this value can be written explicitly in the compose.yaml file (at the same time disabling unnecessary, in the context of this issue, port forwarding).

 services:
   php:
     # ...
     ports:
       # HTTP
       - target: 80
-        published: ${HTTP_PORT:-80}
+        published: 8080
         protocol: tcp
-      # HTTPS
-      - target: 443
-        published: ${HTTPS_PORT:-443}
-        protocol: tcp
-      # HTTP/3
-      - target: 443
-        published: ${HTTP3_PORT:-443}
-        protocol: udp

@Arthur-LDH
Copy link
Author

Arthur-LDH commented Nov 14, 2024
edited
Loading

Current Configuration

My current compose.yaml has the following PHP service configuration:

# compose.yaml
services:
  php:
    image: ${IMAGES_PREFIX:-}app-php
    restart: unless-stopped
    
    environment:
      # Server Configuration
      SERVER_NAME: ':80'
      MERCURE_PUBLISHER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
      MERCURE_SUBSCRIBER_JWT_KEY: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
      TRUSTED_PROXIES: ${TRUSTED_PROXIES:-127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16}
      TRUSTED_HOSTS: ^${SERVER_NAME:-example\.com|localhost}|php$$
      DATABASE_URL: mysql://${MYSQL_USER:-app}:${MYSQL_PASSWORD:-!ChangeMe!}@database:3306/${MYSQL_DATABASE:-app}?serverVersion=${MARIADB_VERSION:-11.2.2}&charset=${MYSQL_CHARSET:-utf8mb4}
      MERCURE_URL: https://${SERVER_NAME:-localhost}/.well-known/mercure
      MERCURE_PUBLIC_URL: https://${SERVER_NAME:-localhost}/.well-known/mercure
      MERCURE_JWT_SECRET: ${CADDY_MERCURE_JWT_SECRET:-!ChangeThisMercureHubJWTSecretKey!}
      SYMFONY_VERSION: ${SYMFONY_VERSION:-}
      STABILITY: ${STABILITY:-stable}
    volumes:
      - caddy_data:/data
      - caddy_config:/config
      - app_data:/app
    
    ports:
      # HTTP
      - target: 80
        published: 80
        protocol: tcp
      
      # HTTPS (Commented)
      #- target: 443
      #  published: ${HTTPS_PORT:-443}
      #  protocol: tcp
      
      # HTTP/3 (Commented)
      #- target: 443
      #  published: ${HTTP3_PORT:-443}
      #  protocol: udp

Despite having HTTPS and HTTP/3 ports commented out in the configuration, docker ps shows unexpected port mappings:

443/tcp, 0.0.0.0:80->80/tcp, :::80->80/tcp, 2019/tcp, 443/udp

@7-zete-7
Copy link
Contributor

Thanks for detailed information, @Arthur-LDH!

The docker ps (docker container ls) command shows both published ports and exposed ports.

The information 443/tcp, 0.0.0.0:80->80/tcp, :::80->80/tcp, 2019/tcp, 443/udp means the following:

  • 443/tcp: TCP port 433 is exposed
  • 0.0.0.0:80->80/tcp: TCP port 80 is published on the 0.0.0.0:80 host's port
  • :::80->80/tcp: TCP port 80 is published on the [::]:80 host's port
  • 2019/tcp: TCP port 2019 is exposed
  • 443/udp: UDP port 433 is exposed

See also:

@maxhelias
Copy link
Collaborator

You can see also : #451

With all these resources, you should find the answer to your needs.
Thanks

@maxhelias maxhelias closed this as not planned Won't fix, can't repro, duplicate, stale Nov 16, 2024
@florianfish florianfish mentioned this issue Nov 20, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@7-zete-7 @maxhelias @Arthur-LDH