Since QuestDB OSS does not yet have basic auth and TLS (it’s on the roadmap), I want to use caddy to proxy it, and it will also auto renew my TLS certificates.
So far I had success on properly serving QuestDB with TLS, but I am stuck at basic auth. I copied an example from the docs and it works fine, but when I try to use env variables basic Auth is not working for me. This is what I have so far:
docker-compose.yaml for Caddy proxy (direct copy/paste from the docs)
version: "3.7"
services:
caddy:
image: lucaslorentz/caddy-docker-proxy:ci-alpine
ports:
- 80:80
- 443:443
environment:
- CADDY_INGRESS_NETWORKS=caddy
networks:
- caddy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./caddy_data:/data
restart: unless-stopped
networks:
caddy:
external: true
volumes:
caddy_data: {}
I already created the caddy network and I have this docker-compose.yml for QuestDB
version: '3.7'
services:
questdb:
image: questdb/questdb:7.3.10
environment:
QDB_PG_USER: ${QDB_PG_USER:-admin}
QDB_PG_PASSWORD: ${QDB_PG_PASSWORD:-password}
QDB_PG_READONLY_USER_ENABLED: "true"
QDB_PG_READONLY_USER: ${QDB_PG_READONLY_USER:-readonly}
QDB_PG_READONLY_PASSWORD: ${QDB_PG_READONLY_PASSWORD:-quest}
networks:
- caddy
labels:
caddy: localhost
caddy.reverse_proxy: "{{upstreams 9000}}"
#caddy.basicauth: "/"
#caddy.basicauth./: "${BASIC_AUTH_USER:-readonly} ${BASIC_AUTH_HASHED_PASSWORD:-quest}"
networks:
caddy:
external: true
When I start this configuration with basic auth commented out, it all works fine and I can go to https://localhost
(http
will get properly redirected). I intend to change my domain name when I deploy this. But the moment I uncomment my basic auth config, the questdb container seems to be starting just fine, but I cannot access from localhost. Any ideas?