N/A

I had realized that I had forgot to add the Docker service with the other containers in my Docker compose file and therefore I could not use the name of the Docker container in my file (for instance backend-django). I updated my code accordingly and now Caddy is acting as a proxy to Django.

so you got everything working how you want it?

I would say to some degree, at least locally, although now when attempting to move to railway I get a a "Mixed Block" error so maybe it is something to do with the url I am passing which has http or https?

Also I had updated my Caddyfile among other files:

:{$PORT} {
    root * /var/www/html

    encode gzip

    handle /api* {
        reverse_proxy {$CADDY_BACKEND_HOST}:{$CADDY_BACKEND_PORT}
    }

    handle {
        root * /var/www/html
        try_files {path} /index.html
        file_server
    }
}

I think you should do three services, frontend, backend, and a proxy. currently you are integrating the proxy into the frontend service, I've seen great success with the 3 service method, and I have ready made solutions for that

Ahh I did see that solution here actually: https://github.com/railwayapp-templates/caddy-reverse-proxy/blob/main/Caddyfile. However, do you know if it is possible to have Caddy statically host the frontend files and reverse proxy the backend?

I'm sure it's possible, but the three service method would be far more optimal

Wouldn't having caddy serve files directly to clients be faster than proxying another frontend service?

it would be extremely negligible when proxying through the private network

you linked the Caddyfile for the reverse proxy, but I'm not sure if you've seen it's example project

oh yes I have seen that actually. The main concern with me doing this is whether or not I can use call my [http://backend/api/v1/*](http://backend/api/v1/*) routes from my frontend -- but only through the proxy. Would I be able to do this with your example?

yes absolutely, you would end up with only a single custom domain in use (on the proxy service only)

you access your frontend from the proxy service and then you make calls with paths (not domains) like fetch('/api/users') and the proxy will route the /api/* calls to the backend service through the private network

Okay another concern is how do you serve the dist folder of the frontend? In your example's case it is Vue.

yeah Vue that is built with vite, I have a ready made drop in solution for vite with react though

though, not that anything actually changes Caddyfile wise

In that case do you have an example of the dist folder being served with a Dockerfile? For instance CMD yarn?

my examples for serving frontend apps all use nixpacks, but if you are absolutely stuck on using a dockerfile I can whip you up a dockerfile to do that, the CMD command would start caddy though

Okay so I was thinking about using more like 3 Dockerfiles for the: frontend, backend, and caddy

here's the vite and react example repo, the magic happens in the nixpacks.toml and Caddyfile

any reason not to use nixpacks?

I am mainly more comfortable with Docker as well as I like to develop locally with Docker and Compose

fair enough, and forgive me if it's already been discussed, but does that mean your backend already deploys from a Dockerfile?

That is correct. So the way I have my monorepo set up is I have a React frontend, a Django Backend, and a Caddyfile.

I assume in separate sub folders right?

Oh and yes they are all in Docker containers

Yes

okay cool, well the reverse proxy is already using a dockerfile, so would you like me to whip you up a Dockerfile for the frontend that uses caddy?

Sure if you don't mind!

will do, can you tell me more about how you want the frontend built?

what node version?
yarn, npm, pnpm?
do you have the accompanying lock file?
is there any environment variables you use in your frontend that I need to be aware about?

• node:21

• yarn

• yes

• yes: VITE_SERVER_URL

I have this for a start:

FROM node:latest

WORKDIR /app

ARG VITE_SERVER_URL

COPY package.json yarn.lock ./ 
RUN yarn && yarn install 

COPY . .

# Build the application
RUN yarn build

good start, I'll finish the rest when I'm back at my computer

Okay thank you. I am curious to see how you will serve the dist directory.

with caddy

Awesome, sounds like a plan

theres so many other options, but i really like caddy and strongly believe is it far more user friendly than something like nginx

I am coming to believe that myself -- mainly because I think the documentation is more organized than Nginx. Although I wish there was a larger community base / community help

and due to a bunch of sane defaults that it comes with, it works great on railway, nginx on the other hand, not so much

Oh true. I did try Nginx without success. I am hoping that with Caddy this time around it will go more smoothly

you can definitely write a caddyfile that isnt going to work on railway, but its much easier to write one that works well than it is to write a nginx.conf that works well

Ahh I see. Caddy seems simple enough but I am still new to it to do anything.

here's the branch for a react app built with vite that uses yarn and deploys from a dockerfile

Ahh so I see that you made the Dockerfile. One thing that interests me is line 10-13 in your Caddyfile where you do:

    # server options
    servers {
        trusted_proxies static private_ranges # trust railway's proxy
    }

Does this allow Caddy to talk to Railway's private IPv6 network?

nope, everything you expose publicly on railway will be behind a proxy (in this case its both railway's proxy and your own caddy proxy), so that just allows caddy to trust the proxy so you will be able to see the actual client ip instead of just the proxy's ip that would be something like 10.0.0.124

Hmm interesting. So does this mean I do not need the:

    handle /api* {
        reverse_proxy {$CADDY_BACKEND_HOST}:{$CADDY_BACKEND_PORT}
    }

lines?

nope no need, you would use the caddyfile that comes in that repo i just linked

Okay I will give it a try thanks! I would just like to know however, how the Caddyfile is able to get to the Django backend I have. I may have missed something.

that would be a job for the caddyfile in the reverse proxy repo you linked, it makes a call through the private network

give the overview a read

might wanna just deploy that template into your project

Hmm this sounds interesting. So I want to see if I have this right? :

• The frontend's static files are served by Caddy (via its Caddyfile)

• The "MySite -Caddy Proxy" is also using Caddy but it is proxing (also via a Caddyfile)

• The Backend basically has no Caddy file (in my case I would use Django in Gunicorn)

yep that's correct

Interesting I never though about using two Docker containers using Caddy.

Thanks Brody I will give this a shot! Perhaps I will come back here if all goes well

caddy is a web server, but it is also a very good reverse proxy

sounds good, let me know if you run into any troubles or even if it all goes well

Hello Brody, I have attempted to deploy the Caddy frontend, Django backend, and Caddy reverse proxy using much of the code you had provided. I have a question concerning the $PORT variable. Does the $PORT need to be the same for all three of these services to work?

it doesnt need to be, it can be if you want to though, but i would do something like 3000, 3001

And the service in which caddy acts as a proxy doesn't need a $PORT right?

correct, railway assigns a random port and the proxy service will use that, but we only need to define fixed ports of the back and frontend since we need to talk to those over the private network and that wouldnt work with random ports that change every deployment

Hmmm I am getting a 502 error although I have set up the FRONTEND_HOST and BACKEND_HOST variables:

FRONTEND_HOST=${{frontend.RAILWAY_PRIVATE_DOMAIN}}:${{frontend.PORT}}
BACKEND_HOST=${{django.RAILWAY_PRIVATE_DOMAIN}}:${{django.PORT}}

502 on the / (root) route?

Yes although I just found that for some reason the FRONTEND_HOST variable was an empty string so I am now redeploying it to see if that helps

does it no longer show as empty?

Okay I may have mistyped something but it is rebuilding now

Okay I got it up sort of but I get a 405 error

is this to the route route?

Yes this one I believe a /api/v1/ route

what is supposed to be returned by that route?

It should just return a JSON response from the backend

what method did you call it with?

POST

it says it only accepts GET and HEAD

Hmmm so is there a way to configure this in railway? It does say the server is railway and not Caddy. I'm not really sure actually

thats just railway's proxy overwriting the server header

the allow header is coming from the backend

That's strange I thought if I left the ALLOWED_HOSTS variable alone in the [settings.py](settings.py) file in Django all methods would be allowed

im not too sure what that setting has to do with request methods?

It probably doesn't, I am actually stumped on this one. I thought it could be CORs thing but I believe I already fixed that

have you tried using GET? thats what it allows

I mean I can directly hit Django with a REST API request if it doesn't go through the proxy

That is a good point, I should try that real quick

Seems like I am getting an unsafe-url Referrer Policy when I do a GET request. I am not sure if that is really relevant to the issue though:

these would be stuff your backend is setting

but are you getting the correct json back?

Actually I don't get anything in my response:

can you send me the link so i can see this stuff for myself?

Yes, please fill out the form to trigger the POST request:
https://apricot.up.railway.app/login

will do when back at my computer!

send me the backend domain please

backend-django.railway.internal

the public one

wouldnt be much of a private network if i could call that internal domain

I didn't know I needed public one if caddy can proxy Django via the internal one?

you dont, this is just for testing

Oh okay that makes sense

I will generate one then

https://backend-django-production.up.railway.app/

show me your caddyfile for the proxy service please

Oops let me re format tat

in a code block if you dont mind

Okay I edited it

i think i have an idea of whats going on

let me test some things

Awesome!

what is BACKEND_HOST set to?

I hardcoded these values because I was getting some parsing issue

okay i was wrong on my first idea, i have a new idea

what is the start command for django

or CMD command in your case

So basically at the end of the Django's Dockerfile there is a CMD command that calls a shell script that looks like this:

exec python manage.py migrate & gunicorn django_project.wsgi:application --bind [::]:${BACKEND_DJANGO_PORT} --timeout 0

what is BACKEND_DJANGO_PORT set to

BACKEND_DJANGO_PORT=8000

also you should use a double && there

Hmm do you think that is what is causing the issue?:

Oh it seems that you had hit the register endpoint a few times so apparently Django is getting something

no but you still should use &&

send me the logs for your proxy service

thats it?

This one right?:

yeah

do you have a start command for django set elsewhere?

Such as python [manage.py](manage.py) runserver? I don't include that in the container I am pretty sure

railway service settings, a procfile, a railway.json, anything

Hmm I haven't used anything like that. I quit using a procfile after moving away from Heroku

make this change, and then send me the new logs from django

Okay sure thing!

Okay new logs:

/usr/local/lib/python3.11/site-packages/langchain/chat_models/__init__.py:31: LangChainDeprecationWarning: Importing chat models from langchain is deprecated. Importing from langchain will no longer be supported as of langchain==0.2.0. Please import from langchain-community instead:

`from langchain_community.chat_models import ChatOpenAI`.

To install langchain-community run `pip install -U langchain-community`.

warnings.warn(

Operations to perform:

Apply all migrations: Core, admin, auth, authtoken, contenttypes, sessions, token_blacklist

Running migrations:

No migrations to apply.

show me this please

That is the Dockerfile and the set_[up.sh](up.sh) file is a one liner basically

send the set_up.sh please

send its logs with this

1217769721739477052

I'm not sure if I used that tool you sent correctly

there's no logs from gunicorn itself, something real fishy is going on here

Oh well isn't that because I am not running gunicorn with the --debug flag or something?

no, gunicorn by default will print logs like what it's listening on

do you have a gunicorn config?

I scraped by without making one

well then something real odd is happening here

I found a link to a "Heroku related deploy issue": https://help.heroku.com/HX4L23I4/debugging-deploy-issues-with-gunicorn

I am not sure if it is relevant though

I found this in the docs: https://docs.gunicorn.org/en/stable/faq.html#:~:text=In%20version%2019.0%2C%20Gunicorn%20doesn,the%20console%20by%20default%20again.

reads like an AI wrote it, all high level help without any actual real solutions

this is for access logs, not applicable here because we don't even see boot logs

set BACKEND_HOST to [https://backend-django-production.up.railway.app](https://backend-django-production.up.railway.app)

Sure thing

what's the current state of the django deployment

I'm talking about the deployment state

like active or completed

Completed

so django never ran

That makes sense I don't see the 0.0.0.0:8000 port information on there

alright well it's 5:50am and I haven't slept yet, so I wish you good luck in finding out why django isn't running! we can pick this back up tomorrow

Okay thanks for the help Brody! I will an eye out for it and see what I have for you tomorrow!

sounds good

Hello Brody I had determined that issue preventing my frontend from accessing backend via the caddy proxy was due to how I had my Caddyfile configured where handle_path should have been handle as the url path of the REST API request was being stripped by caddy as it made its way to the backend. I have now fixed this with the updated Caddyfile:

# Caddy configuration file
{
    # server options
    servers {
        # trust railway's proxy
        trusted_proxies static private_ranges 
    }
}

:{$PORT} {


    handle /api/* {
        # this strips the /api/ prefix from the uri sent to the proxy address
        # proxy all requests for /api/* to the backend, configure this variable in the service settings
        reverse_proxy {$BACKEND_HOST} 
    }

    # proxy all requests for /* to the frontend, configure this variable in the service settings
    reverse_proxy {$FRONTEND_HOST} 
}

Thank you again Brody for your help! It works good now!

haha i did this locally

but wanted to figure out why we weren't seeing gunicorns logs first

Lol. Yeah I so what I found out about the Gunicorn logs is that when I temporarily commented the migrate command in:

exec python manage.py migrate & gunicorn django_project.wsgi:application --bind [::]:${BACKEND_DJANGO_PORT} --timeout 0

Where it became:

exec gunicorn django_project.wsgi:application --bind [::]:${BACKEND_DJANGO_PORT} --timeout 0

The logs appeared. Although I think the real reason why they appeared is because the && used to be & or something. Once I had used handle the backend (Gunicorn) was able to get logs.

the proxy using handle has nothing to do with gunicorn's boot logs

Well I was never hitting Gunicorn so I had never received logs for it.

im not talking about access logs, im talking about boot logs

Right so those were because of the .sh file. Now it shows:

[INFO] Listening at: http://[::]:8000 (7)
[7] [INFO] Using worker: sync
[8] [INFO] Booting worker with pid: 8

those are the boot logs

may i ask why you have omitted admin off, persist_config off, auto_https off, and log ?

Oh. To be honest with you I was not aware of those settings.

they where in the original caddyfile

Oh I see what you are saying. I accidently thought they were comments because my IDE did not have Caddyfile support at that time. I could probably re-add them

ah gotcha

Alright thanks for the help. I think your example repo (https://github.com/railwayapp-templates/caddy-reverse-proxy/tree/main) does the job!

that do be my repo

glad i could help you get this all working!