Fun with Caddy and Dnsmasq
DraftCaddyDockermacOSDnsmasq

Until recently, I avoided making changes to my host system for developing Docker projects. However, for my latest project, I needed multiple local subdomains to better develop and test the production workflow. Adding an entry for each of them in the /etc/hosts file no longer seemed practical. This led me to the idea of redirecting dynamic domains to my Docker Compose stack. A Caddy instance would then handle routing requests to the respective services.

Currently, I have chosen the .localdev tld, but I’m still looking for a shorter alternative. Unfortunately, .local is already reserved for mDNS on macOS.

Step 1: Installing Dnsmasq on the Host

brew install dnsmasq
sudo mkdir -p /etc/resolver
sudo sh -c 'echo "nameserver 127.0.0.1" > /etc/resolver/localdev'
sudo sh -c 'echo "address=/localdev/127.0.0.1" > /opt/homebrew/etc/dnsmasq.d/localdev.conf'
sudo sh -c 'echo "address=/localdev/::1" >> /opt/homebrew/etc/dnsmasq.d/localdev.conf'
sudo brew services restart dnsmasq

The IPv6 declaration is optional. However, in Chrome, there were performance issues because it first attempted to resolve an IPv6 address, which initially caused delays of 4–5 seconds.

2. Schritt: Caddyfile anlegen

api.mycoolservice.localdev:443 {
    tls internal
    reverse_proxy api:8000
}

mycoolservice.localdev:443 {
    tls internal
    reverse_proxy node:3000
}

I placed the Caddyfile at the same level as my docker-compose.yml file. Since no additional configurations were necessary, creating a separate folder seemed unnecessary. Additionally, the services are still accessible via traditional URLs, such as http://127.0.0.1:3000.

Step 3: Adding Caddy to the Docker Compose Stack

# Other Servies
caddy:
  image: caddy:latest
  ports:
    - "443:443"
    - "80:80"
  volumes:
    - ./Caddyfile:/etc/caddy/Caddyfile
    - caddy_data:/data
    - caddy_config:/config

Voilà! The project’s services are now accessible in the browser, for example:

👍

Step 4: Bonus – Trusting the Root Certificate

Nowadays, it can quickly become frustrating if your browser doesn’t trust Caddy’s root certificate. If you want to fix this, you can follow these steps on macOS:

  1. Extract the Root Certificate from the Caddy Volume. As the saying goes, all roads lead to Rome. For me, the easiest way was to open Docker Desktop, navigate to the Volumes tab, and search for “caddy.” Under stored data, go to caddy/pki/local/ and copy the root.crt file to your desktop.
  2. Add the Root Certificate to the Keychain. Double-click the file to open it. This will also launch the Keychain Access application, if it doesn’t open automatically.
  3. Trust the Root Certificate. Right-click the certificate, select “Get Info,” expand the “Trust” section, and set it to “Always Trust.”

Restart your browser (Chrome/Safari) if necessary, and you should now have a fully functional development environment. ✌️

Meta data
Fun with Caddy and Dnsmasq
Date
December 26, 2024
about 1 month ago
Language
de
Updated on
December 31, 2024