Last active
December 31, 2023 15:32
-
-
Save shivanshs9/1dd5cf5b35d8e7cfe92bb58237ddd000 to your computer and use it in GitHub Desktop.
Bastion for private EKS with Caddy reverse proxy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # syntax=docker/dockerfile:1 | |
| FROM golang:1.21-alpine AS builder | |
| RUN apk add --no-cache git ca-certificates | |
| RUN go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest | |
| RUN xcaddy build --with github.com/mholt/caddy-l4 --output /usr/bin/caddy && chmod +x /usr/bin/caddy | |
| FROM alpine:3.15 | |
| RUN apk add --no-cache ca-certificates mailcap | |
| RUN apk add bash | |
| RUN mkdir -p \ | |
| /config/caddy \ | |
| /data/caddy \ | |
| /etc/caddy \ | |
| /usr/share/caddy | |
| # - https://github.com/docker-library/golang/blob/1eb096131592bcbc90aa3b97471811c798a93573/1.14/alpine3.12/Dockerfile#L9 | |
| RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf # See https://caddyserver.com/docs/conventions#file-locations for details | |
| ENV XDG_CONFIG_HOME /config | |
| ENV XDG_DATA_HOME /data | |
| EXPOSE 80 | |
| EXPOSE 443 | |
| EXPOSE 2019 | |
| COPY --from=builder /usr/bin/caddy /usr/bin/caddy | |
| WORKDIR /srv | |
| CMD ["caddy", "run", "--config", "config.json"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "logging": { | |
| "sink": { | |
| "writer": { | |
| "output": "stdout" | |
| } | |
| }, | |
| "logs": { | |
| "": { | |
| "writer": { | |
| "output": "stdout" | |
| }, | |
| "level": "debug" | |
| } | |
| } | |
| }, | |
| "apps": { | |
| "layer4": { | |
| "servers": { | |
| "kube": { | |
| "listen": [ | |
| ":443" | |
| ], | |
| "routes": [ | |
| { | |
| "match": [ | |
| { | |
| "tls": {} | |
| } | |
| ], | |
| "handle": [ | |
| { | |
| "handler": "subroute", | |
| "routes": [ | |
| { | |
| "match": [ | |
| { | |
| "tls": { | |
| "sni": [ | |
| "7FDBADFC784E055F3162CA96B20C44F4.gr7.ap-south-1.eks.amazonaws.com" | |
| ] | |
| } | |
| } | |
| ], | |
| "handle": [ | |
| { | |
| "handler": "proxy", | |
| "upstreams": [ | |
| { | |
| "dial": [ | |
| "7FDBADFC784E055F3162CA96B20C44F4.gr7.ap-south-1.eks.amazonaws.com:443" | |
| ] | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Blog: https://medium.com/@panda1100/how-to-setup-layer-4-reverse-proxy-to-multiplex-tls-traffic-with-sni-routing-a226c8168826 | |
| version: "3.4" | |
| services: | |
| caddy: | |
| image: caddy-proxy:1 | |
| container_name: caddy | |
| restart: unless-stopped | |
| network_mode: host # Wants ports 80 and 443! | |
| volumes: | |
| - ${PWD}/config.json:/srv/config.json | |
| - ${PWD}/certs/:/srv/certs/ | |
| # - $PWD/site:/srv # you could also serve a static site in site folder | |
| - caddy_data:/data | |
| - caddy_conf:/config | |
| volumes: | |
| caddy_data: {} | |
| caddy_conf: {} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment