this post was submitted on 23 Jul 2023
61 points (96.9% liked)

Selfhosted

40133 readers
1015 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I am very new to using docker. I have been used to using dedicated VM's and hosting the applications within the servers OS.

When hosting multiple applications/services that require the same port, is it best practice to spin up a whole new docker server or how should I go about the conflicts?

Ie. Hosting multiple web applications that utilize 443.

Thank you!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 1 year ago (1 children)

Thank you! I am using Caddy and was able to define a unique random port for the other containers and access this via reverse proxy!

[–] [email protected] 6 points 1 year ago (3 children)

If the containers are all in the same network. You dont need to expose a port.

Lets assume you create a docker network called reverse_proxy and add all your contaiers that you want to be accessed by the reverse proxy to that network (including caddy).

Then you can address all containers through the hostname in you caddy file and the port would be the default configurated port from the container.

So in the end you just expose the caddy container and nothing more.

[–] [email protected] 3 points 1 year ago

I didn't know this, very handy thanks

[–] [email protected] 2 points 1 year ago (1 children)

In addition to Caddy being apart of the reverse_proxy network. Would I also have to add it to the Bridge network so that I can utilize the machine IP that docker is hosted on for port forwarding 443?

[–] [email protected] 5 points 1 year ago

Caddy would have the bridge proxy network and the port 443 exposed.

version: "3.7"

networks:
  proxy-network:
    external: true
# needs to be created manually bevor running (docker create network proxy-network)
services:
  caddy:
    image: caddy
    container_name: caddy
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./data:/data
      - ./config:/config
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
    networks:
      - proxy-network

Other services:

version: "3.7"

networks:
  proxy-network:
    external: true

services:
  app:
    image: app
    container_name: app
    restart: unless-stopped
    volumes:
      - ./app-data:/data
    networks:
      - proxy-network

Caddy can now talk to the app with the apps container_name.

Caddyfile:

homepage.domain.de {
    reverse_proxy app:80
}

So the reverse proxy network is an extra network only for containers that need to be exposed.

[–] [email protected] 2 points 1 year ago (1 children)

That wouldn't work if multiple containers use the same port (eg. 8000), right?

Without a docker network, I can just map 8001:8000 and don't have that issue.

[–] [email protected] 4 points 1 year ago (1 children)

Yes, it'd work just fine because each container listens on port 8000 of their own IP address, not the docker server's IP address. Caddy/Traefik just redirects traffic to that port.

[–] [email protected] 1 points 1 year ago (1 children)

Okay, thanks! Maybe I'll try it in the future.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

I've just posted a little example. I'd recommend doing it this way. No more thinking about what port is allready exposed etc