Caddy / Docker / Whatnot Part 2

What do we want?

To add few well known services to our simple-so-far setup, namely mariadb, mssql and mongodb.

What do we need?

Two files that have, hopefully, remained from the last session: Caddyfile and compose.yml.

How shall we do it?

All of servers that we want to add basically follows the same pattern:

1. create docker volume
2. update compose.yml
3. update Caddyfile (if needed)

mariadb

1. create volume for mariadb to use:

   docker volume create --label reco-mariadb reco-mariadb
   

2. update compose.yml:

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

   volumes: reco-caddy-data: external: true reco-caddy-config: external: true reco-mariadb: external: true services: caddy: image: caddy:2.6 ports: - 80:80 - 443:443 - 443:443/udp volumes: - ./Caddyfile:/etc/caddy/Caddyfile - reco-caddy-data:/data - reco-caddy-config:/config mariadb: image: mariadb:10.3 environment: - MYSQL_ROOT_PASSWORD=pass volumes: - reco-mariadb:/var/lib/mysql phpmyadmin: image: phpmyadmin/phpmyadmin:5 environment: - PMA_HOST=mariadb - PMA_VERBOSE="Reco mariadb server" - PMA_USER=root - PMA_PASSWORD=pass - PMA_ABSOLUTE_URI=https://mariadb.domain.com

   What are we doing here?

   We have added another volume declaration that mariadb container will use to store data:

   reco-mariadb:
       external: true
   

   To existing (and unchanged) caddy declaration. we have added mariadb service declaration:

   mariadb:
       image: mariadb:10.3
       environment:
           - MYSQL_ROOT_PASSWORD=pass
       volumes:
           - reco-mariadb:/var/lib/mysql
   

   mariadb configuration is very simple for now: we just set default root password to “pass”. Yes, horrible.

   As we do not want to expose raw mariadb ports to the outside of the docker stack, we have added another service - phpmyadmin:

   phpmyadmin:
       image: phpmyadmin/phpmyadmin:5
       environment:
           - PMA_HOST=mariadb
           - PMA_VERBOSE="Reco mariadb server"
           - PMA_USER=root
           - PMA_PASSWORD=pass
           - PMA_ABSOLUTE_URI=https://mariadb.domain.com
   

   phpmyadmin has few more settings:

   Variable	Desc
   PMA_HOST	mariadb server host name (default: service name)
   PMA_VERBOSE	some verbose name to be displayed somewhere in phpmyadmin
   PMA_USER	root username declared in mariadb service
   PMA_PASSWORD	root password declared in mariadb service
   PMA_ABSOLUTE_URI	as we already have caddy and tls key setup, we would like to have access to phpmyadmin reverse proxied behind caddy. In order to do that phpmyadmin has to know its “external” absolute url

3. Update Caddyfile

   Set your Caddyfile to this:

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

   { auto_https disable_certs } *.domain.com { tls /config/cert.pem /config/server.key @mariadb host mariadb.domain.com handle @mariadb { reverse_proxy phpmyadmin:80 } handle { respond "Hello world!" } }

   Additional part:

       @mariadb host mariadb.domain.com
   
       handle @mariadb {
           reverse_proxy phpmyadmin:80
       }
   

   declares one caddy “matcher” named @mariadb which is matched when requested host (url) is “mariadb.domain.com”. You should change this to domain of your choice, or to the one that you have ssl certificates for.

   When this (this = @mariadb matcher is matched - aka, request is for the host that is specified) happens, handle directive describes how the request should be handled. In this case, very simply: do a reverse proxy to phpmyadmin on default port that it works on, that is port 80.

   On that account, if one pays some more attention to compose.yml file, one may find lack of ports directive on mariadb and phpmyadmin service declarations, thus meaning that both of those are visible only to the docker containers in the stack, and that external access is, again, provided by caddy. Und das ist gut!

Execute docker compose up -d again to create mariadb / phpmyadmin additional containers. If everything goes well there should be phpMyAdmin waiting for you on mariadb.domain.com. If not, you may try docker compose ps to check if all containers are running or docker compose logs to view logs from the containers.

MSSQL

As usual: create volume, add volume and service declaration to the compose.yml:

1. create volume for mssql to use:

   docker volume create --label reco-mssql reco-mssql
   

2. update compose.yml:

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

   volumes: reco-caddy-data: external: true reco-caddy-config: external: true reco-mariadb: external: true reco-mssql: external: true services: caddy: image: caddy:2.6 ports: - 80:80 - 443:443 - 443:443/udp volumes: - ./Caddyfile:/etc/caddy/Caddyfile - reco-caddy-data:/data - reco-caddy-config:/config mariadb: image: mariadb:10.3 environment: - MYSQL_ROOT_PASSWORD=pass volumes: - reco-mariadb:/var/lib/mysql phpmyadmin: image: phpmyadmin/phpmyadmin:5 environment: - PMA_HOST=mariadb - PMA_VERBOSE="Reco mariadb server" - PMA_USER=root - PMA_PASSWORD=pass - PMA_ABSOLUTE_URI=https://mariadb.domain.com mssql: image: mcr.microsoft.com/mssql/server:2019-latest volumes: - reco-mssql:/var/opt/mssql environment: - ACCEPT_EULA=Y - SA_PASSWORD=<Pl3asePutSome0th3r!Passw0rd!H3re> - MSSQL_PID=Express ports: - 1433:1433

   Nothing special here, we have to expose port 1433 to the outside world if we want to use any of the management tools. And we want, of course. SA_PASSWORD is password for the sa user, of course.

Another docker compose up -d should set all up, but this time we have no fancy web tool to manage database - you will have to use mssql server management studio or some tool like that to create / manage databases.

MongoDB

Same old story and dance:

1. create volume for mongodb to use:

   docker volume create --label reco-mongodb reco-mongodb
   

2. update compose.yml:

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63

   volumes: reco-caddy-data: external: true reco-caddy-config: external: true reco-mariadb: external: true reco-mssql: external: true reco-mongodb: external: true services: caddy: image: caddy:2.6 ports: - 80:80 - 443:443 - 443:443/udp volumes: - ./Caddyfile:/etc/caddy/Caddyfile - reco-caddy-data:/data - reco-caddy-config:/config mariadb: image: mariadb:10.3 environment: - MYSQL_ROOT_PASSWORD=pass volumes: - reco-mariadb:/var/lib/mysql phpmyadmin: image: phpmyadmin/phpmyadmin:5 environment: - PMA_HOST=mariadb - PMA_VERBOSE="Reco mariadb server" - PMA_USER=root - PMA_PASSWORD=pass - PMA_ABSOLUTE_URI=https://mariadb.domain.com mssql: image: mcr.microsoft.com/mssql/server:2019-latest volumes: - reco-mssql:/var/opt/mssql environment: - ACCEPT_EULA=Y - SA_PASSWORD=<Pl3asePutSome0th3r!Passw0rd!H3re> - MSSQL_PID=Express ports: - 1433:1433 mongodb: image: mongo:4.2 environment: - MONGO_INITDB_ROOT_USERNAME=root - MONGO_INITDB_ROOT_PASSWORD=pass ports: - 27017:27017 volumes: - reco-mongodb:/data/configdb - reco-mongodb:/data/db

   Simple settings as environment values for mongodb - root username, root password, volumes to use for data storage.

Fire up another docker compose up -d and there should be mongodb server listening on default port, also visible to the world outside of the docker stack. Same as for mssql, there is no management tool included.

Right now we should have basic database servers set up, openauth server is next.