Caddy 允许使用 Api 平台的 HTTP
Caddy allow HTTP with Api Platform
我知道这个问题已经被问过很多次了:
- Disable caddy ssl to enable a deploy to Cloud Run through Gitlab CI
- How can I disable TLS when running from Docker?
但这是我的问题。
设置
我在他们的 documentation.
之后创建了一个新的 Api 平台项目
The easiest and most powerful way to get started is to download the API Platform distribution
我下载了版本2.5.6,我们可以在其中找到:
- 一个docker-compose
- 一个Dockerfile
- 一个Caddyfile
- 和许多其他文件。
docker-compose
我通过删除 pwa 服务和 PostgreSQL 稍微更改了 docker 撰写文件:
version: "3.4"
services:
php:
build:
context: ./api
target: api_platform_php
restart: unless-stopped
env_file:
- api/.env
volumes:
- php_socket:/var/run/php
healthcheck:
interval: 10s
timeout: 3s
retries: 3
start_period: 30s
caddy:
build:
context: api/
target: api_platform_caddy
env_file:
- api/.env
depends_on:
- php
environment:
MERCURE_PUBLISHER_JWT_KEY: ${MERCURE_PUBLISHER_JWT_KEY:-!ChangeMe!}
MERCURE_SUBSCRIBER_JWT_KEY: ${MERCURE_SUBSCRIBER_JWT_KEY:-!ChangeMe!}
restart: unless-stopped
volumes:
- php_socket:/var/run/php
- caddy_data:/data
- caddy_config:/config
ports:
# HTTP
- target: 80
published: 80
protocol: tcp
# HTTPS
- target: 443
published: 443
protocol: tcp
# HTTP/3
- target: 443
published: 443
protocol: udp
volumes:
php_socket:
caddy_data:
caddy_config:
Dockerfile
无变化
Caddyfile
通过注释行 reverse_proxy @pwa http://{$PWA_UPSTREAM}
进行轻微更改
{
# Debug
{$DEBUG}
# HTTP/3 support
servers {
protocol {
experimental_http3
}
}
}
{$SERVER_NAME}
log
# Matches requests for HTML documents, for static files and for Next.js files,
# except for known API paths and paths with extensions handled by API Platform
@pwa expression `(
{header.Accept}.matches("\btext/html\b")
&& !{path}.matches("(?i)(?:^/docs|^/graphql|^/bundles/|^/_profiler|^/_wdt|\.(?:json|html$|csv$|ya?ml$|xml$))")
)
|| {path} == "/favicon.ico"
|| {path} == "/manifest.json"
|| {path} == "/robots.txt"
|| {path}.startsWith("/_next")
|| {path}.startsWith("/sitemap")`
route {
root * /srv/api/public
mercure {
# Transport to use (default to Bolt)
transport_url {$MERCURE_TRANSPORT_URL:bolt:///data/mercure.db}
# Publisher JWT key
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
# Subscriber JWT key
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
# Allow anonymous subscribers (double-check that it's what you want)
anonymous
# Enable the subscription API (double-check that it's what you want)
subscriptions
# Extra directives
{$MERCURE_EXTRA_DIRECTIVES}
}
vulcain
push
# Add links to the API docs and to the Mercure Hub if not set explicitly (e.g. the PWA)
header ?Link `</docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation", </.well-known/mercure>; rel="mercure"`
# Disable Google FLOC tracking if not enabled explicitly: https://plausible.io/blog/google-floc
header ?Permissions-Policy "interest-cohort=()"
# Comment the following line if you don't want Next.js to catch requests for HTML documents.
# In this case, they will be handled by the PHP app.
# reverse_proxy @pwa http://{$PWA_UPSTREAM}
php_fastcgi unix//var/run/php/php-fpm.sock
encode zstd gzip
file_server
}
结果
我可以在 https://localhost 上访问我的网站,但如果没有 https 我就无法访问它,因为 caddy automatically redirect http 流量到 https
问题 1
当我尝试解决方案 auto_https 时,它不起作用。
这是我尝试过的:
{
auto_https off
# Debug
{$DEBUG}
# HTTP/3 support
servers {
protocol {
experimental_http3
}
}
//...
}
当我尝试访问 http://localhost:80 时,我被重定向到 https://localhost 并且我得到了 This site can’t provide a secure connection
问题 2
当我尝试 solution:
Not providing any hostnames or IP addresses in the config
我从我的 Caddyfile
中删除 {$SERVER_NAME}
当我尝试访问 http://localhost:80 时,我被重定向到 https://localhost 并且我得到了 This site can’t provide a secure connection
问题 3
当我尝试 solution:
Listening exclusively on the HTTP port
services:
# ...
caddy:
build:
context: api/
target: api_platform_caddy
#...
ports:
# HTTP
- target: 80
published: 80
protocol: tcp
# HTTPS
#- target: 443
# published: 443
# protocol: tcp
# HTTP/3
#- target: 443
# published: 443
# protocol: udp
当我尝试访问 http://localhost:80 时,我被重定向到 https://localhost 并且我得到了 This site can’t be reached
问题
如何在我的 caddy 服务器上允许 http(并且仍然在我的 Caddyfile 中保留我的 mercure 配置)?
我在这里找到了解决方案:
https://github.com/caddyserver/caddy/issues/3219#issuecomment-608236439
Caddyfile
{
http_port 8080
# Debug
{$DEBUG}
# HTTP/3 support
servers {
protocol {
experimental_http3
}
}
//...
}
docker-撰写
services:
caddy:
# ...
ports:
# HTTP
- target: 80
published: 80
protocol: tcp
- target: 8080
published: 8080
protocol: tcp
# HTTPS
- target: 443
published: 443
protocol: tcp
# HTTP/3
- target: 443
published: 443
protocol: udp
我知道这个问题已经被问过很多次了:
- Disable caddy ssl to enable a deploy to Cloud Run through Gitlab CI
- How can I disable TLS when running from Docker?
但这是我的问题。
设置
我在他们的 documentation.
之后创建了一个新的 Api 平台项目The easiest and most powerful way to get started is to download the API Platform distribution
我下载了版本2.5.6,我们可以在其中找到:
- 一个docker-compose
- 一个Dockerfile
- 一个Caddyfile
- 和许多其他文件。
docker-compose
我通过删除 pwa 服务和 PostgreSQL 稍微更改了 docker 撰写文件:
version: "3.4"
services:
php:
build:
context: ./api
target: api_platform_php
restart: unless-stopped
env_file:
- api/.env
volumes:
- php_socket:/var/run/php
healthcheck:
interval: 10s
timeout: 3s
retries: 3
start_period: 30s
caddy:
build:
context: api/
target: api_platform_caddy
env_file:
- api/.env
depends_on:
- php
environment:
MERCURE_PUBLISHER_JWT_KEY: ${MERCURE_PUBLISHER_JWT_KEY:-!ChangeMe!}
MERCURE_SUBSCRIBER_JWT_KEY: ${MERCURE_SUBSCRIBER_JWT_KEY:-!ChangeMe!}
restart: unless-stopped
volumes:
- php_socket:/var/run/php
- caddy_data:/data
- caddy_config:/config
ports:
# HTTP
- target: 80
published: 80
protocol: tcp
# HTTPS
- target: 443
published: 443
protocol: tcp
# HTTP/3
- target: 443
published: 443
protocol: udp
volumes:
php_socket:
caddy_data:
caddy_config:
Dockerfile
无变化
Caddyfile
通过注释行 reverse_proxy @pwa http://{$PWA_UPSTREAM}
{
# Debug
{$DEBUG}
# HTTP/3 support
servers {
protocol {
experimental_http3
}
}
}
{$SERVER_NAME}
log
# Matches requests for HTML documents, for static files and for Next.js files,
# except for known API paths and paths with extensions handled by API Platform
@pwa expression `(
{header.Accept}.matches("\btext/html\b")
&& !{path}.matches("(?i)(?:^/docs|^/graphql|^/bundles/|^/_profiler|^/_wdt|\.(?:json|html$|csv$|ya?ml$|xml$))")
)
|| {path} == "/favicon.ico"
|| {path} == "/manifest.json"
|| {path} == "/robots.txt"
|| {path}.startsWith("/_next")
|| {path}.startsWith("/sitemap")`
route {
root * /srv/api/public
mercure {
# Transport to use (default to Bolt)
transport_url {$MERCURE_TRANSPORT_URL:bolt:///data/mercure.db}
# Publisher JWT key
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
# Subscriber JWT key
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
# Allow anonymous subscribers (double-check that it's what you want)
anonymous
# Enable the subscription API (double-check that it's what you want)
subscriptions
# Extra directives
{$MERCURE_EXTRA_DIRECTIVES}
}
vulcain
push
# Add links to the API docs and to the Mercure Hub if not set explicitly (e.g. the PWA)
header ?Link `</docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation", </.well-known/mercure>; rel="mercure"`
# Disable Google FLOC tracking if not enabled explicitly: https://plausible.io/blog/google-floc
header ?Permissions-Policy "interest-cohort=()"
# Comment the following line if you don't want Next.js to catch requests for HTML documents.
# In this case, they will be handled by the PHP app.
# reverse_proxy @pwa http://{$PWA_UPSTREAM}
php_fastcgi unix//var/run/php/php-fpm.sock
encode zstd gzip
file_server
}
结果
我可以在 https://localhost 上访问我的网站,但如果没有 https 我就无法访问它,因为 caddy automatically redirect http 流量到 https
问题 1
当我尝试解决方案 auto_https 时,它不起作用。
这是我尝试过的:
{
auto_https off
# Debug
{$DEBUG}
# HTTP/3 support
servers {
protocol {
experimental_http3
}
}
//...
}
当我尝试访问 http://localhost:80 时,我被重定向到 https://localhost 并且我得到了 This site can’t provide a secure connection
问题 2
当我尝试 solution:
Not providing any hostnames or IP addresses in the config
我从我的 Caddyfile
中删除{$SERVER_NAME}
当我尝试访问 http://localhost:80 时,我被重定向到 https://localhost 并且我得到了 This site can’t provide a secure connection
问题 3
当我尝试 solution:
Listening exclusively on the HTTP port
services:
# ...
caddy:
build:
context: api/
target: api_platform_caddy
#...
ports:
# HTTP
- target: 80
published: 80
protocol: tcp
# HTTPS
#- target: 443
# published: 443
# protocol: tcp
# HTTP/3
#- target: 443
# published: 443
# protocol: udp
当我尝试访问 http://localhost:80 时,我被重定向到 https://localhost 并且我得到了 This site can’t be reached
问题
如何在我的 caddy 服务器上允许 http(并且仍然在我的 Caddyfile 中保留我的 mercure 配置)?
我在这里找到了解决方案:
https://github.com/caddyserver/caddy/issues/3219#issuecomment-608236439
Caddyfile
{
http_port 8080
# Debug
{$DEBUG}
# HTTP/3 support
servers {
protocol {
experimental_http3
}
}
//...
}
docker-撰写
services:
caddy:
# ...
ports:
# HTTP
- target: 80
published: 80
protocol: tcp
- target: 8080
published: 8080
protocol: tcp
# HTTPS
- target: 443
published: 443
protocol: tcp
# HTTP/3
- target: 443
published: 443
protocol: udp