How to run multiple internet-facing docker applications when caddy is hoarding both ports?

miniature · January 20, 2024, 12:58am

Technical Help Questionnaire

Have you read and followed the instructions at: x

Answer: I have

What are the specs of the service or server you are using to host Baserow.

Ubuntu 22.04 VPS instance, docker
More than enough

Which version of Baserow are you using.

[baserow/baserow:1.22.2]

How have you configured your self-hosted installation?

docker run -d --name baserow -e BASEROW_PUBLIC_URL=mydomain -e BASEROW_CADDY_ADDRESSES=mydomain -v baserow_data:/baserow/data -p 80:80 -p 443:443 --restart unless-stopped baserow/baserow:1.22.2

What commands if any did you use to start your Baserow server?

See above

Describe the problem

Describe, step by step, how to reproduce the error or problem you are encountering.

I am running Baserow and n8n on the same instance, and I would like to have them both internet-facing on my domain.
Baserow on the top level (example. com) and n8n in a subdomain (n8n.example. com)
I am finding this impossible to do on a single machine, because the caddy instance bundled with baserow is using both of the internet ports and I am unable (or not skilled enough) to use that caddy instance to also reverse proxy n8n through.
I have tried multiple times to edit the Caddy configuration file in the Baserow Docker vault, but it just gives me an SSL error, so I am unable to visit N8N on my subdomain.

Does anyone have a solution?

OllyTheNinja · January 20, 2024, 10:39pm

As you’ve figured out you can only have a single service listening on a particular port! So you need Caddy or another reverse proxy listening on those ports and deciding based on the domain name which application to forward the requests to. The applications themselves would then be running on different ports that only need to be accessible from the reverse proxy.

The way I see it you can do this in two ways:

Modify the BaseRow Caddyfile and add an entry to forward requests for n8n[.]example[.]com to n8n listening on a different port
Run a standalone Caddy instance (or nginx or Apache or traefik or whichever you like) listening on 80 and 443. Which then forwards the requests for example .com to BaseRow and the requests for n8n .example .com to n8n. In this case both n8n and BaseRow would need to be listening on other ports.

Important to note that you only need to terminate TLS once, this is best done on the reverse proxy listening on 443 and then configuring the individual applications to trust the traffic from the proxy.

In option #1 that would just mean telling n8n that TLS is already terminated and making sure Caddy is automatically redirecting http traffic to https.

miniature · January 27, 2024, 7:55pm

Hi Olly

Thank you for the reply.
I have been trying my best to find a solution, and I have tried to use some of the tips you have given me.
I have decided to run Caddy in a docker container by itself and baserow in another.
Now i have the problem that I can not run baserow on my domain without also having to put the custom port at the end of the domain in the config, for it to work.
I have tried searching around for a few hours and editing my config(s) multiple times, but I can not connect to Baserow on my domain without the custom port added to the end of my domain in the configuration.

Please take a look:.
docker-compose.yml:

version: "3.8"

services:
  wg-easy:
    environment:
      # ⚠️ Change the server's hostname (clients will connect to):
      - WG_HOST=wg.example.com

      # ⚠️ Change the Web UI Password:
      - PASSWORD=redacted
    image: ghcr.io/wg-easy/wg-easy
    container_name: wg-easy
    hostname: wg-easy
    volumes:
      - ~/.wg-easy:/etc/wireguard
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1

  baserow:
    environment:
      - WEB_FRONTEND_SSL_PORT=3001
      - BASEROW_PUBLIC_URL=https://example.com:3001
    hostname: baserow
    container_name: baserow
    image: baserow/baserow:1.22.2
    ports:
      - "3000:80"
      - "3001:443"
    restart: unless-stopped
    volumes:
      - baserow_data:/baserow/data

  caddy:
    image: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - $PWD/Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config

volumes:
  caddy_data:
  caddy_config:
  baserow_data:

Caddyfile:

wg.example.com {
  reverse_proxy wg-easy:51821
}

example.com {
  reverse_proxy baserow:3000
}

wg-easy is working fine. Only baserow is giving me problems, unfortunately.

OllyTheNinja · February 8, 2024, 9:38am

Hi again @miniature,

Well done getting this far, it certainly gets more complex when reverse proxies are involved.

I think the trick you may be missing is that BASEROW_PUBLIC_URL should be the URL that the user puts in their browser - not the one Caddy is connecting to!
If you set BASEROW_PUBLIC_URL to https://example.com I think it might work for you.

I hope that helps!