sander/Hostityourself
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: switch Docker access to TCP via socat proxy; add Caddy error logging

Browse source 
- Add docker-proxy (alpine/socat) sidecar that exposes the Docker Unix
  socket as TCP on port 2375, so server needs no privileged socket mount
- Set DOCKER_HOST=tcp://docker-proxy:2375 in server environment
- App containers are still spawned on the host daemon and join hiy-net,
  so Caddy can still reach them
- Log actual Caddy PUT response body and HTTP status on failure
  instead of a silent warning
This commit is contained in:
Claude 2026-03-19 11:24:50 +00:00
parent 2e98ce957e
commit 2df3c579e4
No known key found for this signature in database
2 changed files with 27 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
builder/build.sh
View file

@ -148,11 +148,22 @@ routes.append(DASHBOARD)
print(json.dumps(routes)) print(json.dumps(routes))
" "$ROUTE_JSON") " "$ROUTE_JSON")
curl --silent --fail "${CADDY_API}/config/apps/http/servers/hiy/routes" \ log "Upstream: ${UPSTREAM}"
log "Routes JSON: ${UPDATED}"
set +e
CADDY_RESP=$(curl --silent --show-error \
--write-out "\nHTTP_STATUS:%{http_code}" \
"${CADDY_API}/config/apps/http/servers/hiy/routes" \
--header "Content-Type: application/json" \ --header "Content-Type: application/json" \
--request PUT \ --request PUT \
--data "$UPDATED" && log "Caddy updated." \ --data "$UPDATED" 2>&1)
|| log "WARNING: Caddy update failed (app is running; fix routing manually)." set -e
if echo "$CADDY_RESP" | grep -q "HTTP_STATUS:2"; then
log "Caddy updated."
else
log "WARNING: Caddy update failed (app is running; fix routing manually)."
log "Caddy response: ${CADDY_RESP}"
fi
else else
log "Caddy admin API not reachable; skipping route update." log "Caddy admin API not reachable; skipping route update."
log "Container ${CONTAINER_NAME} is running on port ${PORT} but not publicly routed." log "Container ${CONTAINER_NAME} is running on port ${PORT} but not publicly routed."

15
infra/docker-compose.yml
View file

@ -6,6 +6,16 @@
services: services:
# ── Docker socket proxy (unix → TCP) ──────────────────────────────────────
docker-proxy:
image: alpine/socat
command: tcp-listen:2375,fork,reuseaddr unix-connect:/var/run/docker.sock
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock
networks:
- hiy-net
# ── Control plane ───────────────────────────────────────────────────────── # ── Control plane ─────────────────────────────────────────────────────────
server: server:
build: build:
@ -16,8 +26,6 @@ services:
- "3000:3000" - "3000:3000"
volumes: volumes:
- hiy-data:/data - hiy-data:/data
# Mount Docker socket so the server can spawn build containers.
- /var/run/docker.sock:/var/run/docker.sock
# Mount the builder script so edits take effect without rebuilding. # Mount the builder script so edits take effect without rebuilding.
- ../builder:/app/builder:ro - ../builder:/app/builder:ro
environment: environment:
@ -25,11 +33,14 @@ services:
HIY_ADDR: 0.0.0.0:3000 HIY_ADDR: 0.0.0.0:3000
HIY_BUILD_SCRIPT: /app/builder/build.sh HIY_BUILD_SCRIPT: /app/builder/build.sh
CADDY_API_URL: http://caddy:2019 CADDY_API_URL: http://caddy:2019
DOCKER_HOST: tcp://docker-proxy:2375
DOMAIN_SUFFIX: ${DOMAIN_SUFFIX:-localhost} DOMAIN_SUFFIX: ${DOMAIN_SUFFIX:-localhost}
RUST_LOG: hiy_server=debug,tower_http=info RUST_LOG: hiy_server=debug,tower_http=info
depends_on: depends_on:
caddy: caddy:
condition: service_started condition: service_started
docker-proxy:
condition: service_started
networks: networks:
- hiy-net - hiy-net
- default - default