Use own caddy as reverse proxy
Hello, I'm using netbird selfhosted with an already existing caddy on my host. I removed the caddy container from the docker compose and then set my ports for each container (dashboard, signal, relay, management and zitadel). Then simply reversed all the incoming incoming to the docker from host caddy. Its working but its incredibly slow... How can I solve this?
/etc/caddy/Caddyfile
vpn.abc.dev {
tls /etc/ssl/abc.dev/fullchain.pem /etc/ssl/abc.dev/key.pem
import security_headers
reverse_proxy /relay* localhost:9023
reverse_proxy /signalexchange.SignalExchange/* h2c://localhost:9021
reverse_proxy /ws-proxy/signal/* localhost:9021
reverse_proxy /management.ManagementService/* h2c://localhost:9022
reverse_proxy /ws-proxy/management/* localhost:9022
reverse_proxy /api/* localhost:9022
reverse_proxy /zitadel.admin.v1.AdminService/* h2c://localhost:9019
reverse_proxy /admin/v1/* h2c://localhost:9019
reverse_proxy /zitadel.auth.v1.AuthService/* h2c://localhost:9019
reverse_proxy /auth/v1/* h2c://localhost:9019
reverse_proxy /zitadel.management.v1.ManagementService/* h2c://localhost:9019
reverse_proxy /management/v1/* h2c://localhost:9019
reverse_proxy /zitadel.system.v1.SystemService/* h2c://localhost:9019
reverse_proxy /system/v1/* h2c://localhost:9019
reverse_proxy /assets/v1/* h2c://localhost:9019
reverse_proxy /ui/* h2c://localhost:9019
reverse_proxy /oidc/v1/* h2c://localhost:9019
reverse_proxy /saml/v2/* h2c://localhost:9019
reverse_proxy /oauth/v2/* h2c://localhost:9019
reverse_proxy /.well-known/openid-configuration h2c://localhost:9019
reverse_proxy /openapi/* h2c://localhost:9019
reverse_proxy /debug/* h2c://localhost:9019
reverse_proxy /device/* h2c://localhost:9019
reverse_proxy /device h2c://localhost:9019
reverse_proxy /zitadel.user.v2.UserService/* h2c://localhost:9019
reverse_proxy /* localhost:9020
}
vpn.abc.dev {
tls /etc/ssl/abc.dev/fullchain.pem /etc/ssl/abc.dev/key.pem
import security_headers
reverse_proxy /relay* localhost:9023
reverse_proxy /signalexchange.SignalExchange/* h2c://localhost:9021
reverse_proxy /ws-proxy/signal/* localhost:9021
reverse_proxy /management.ManagementService/* h2c://localhost:9022
reverse_proxy /ws-proxy/management/* localhost:9022
reverse_proxy /api/* localhost:9022
reverse_proxy /zitadel.admin.v1.AdminService/* h2c://localhost:9019
reverse_proxy /admin/v1/* h2c://localhost:9019
reverse_proxy /zitadel.auth.v1.AuthService/* h2c://localhost:9019
reverse_proxy /auth/v1/* h2c://localhost:9019
reverse_proxy /zitadel.management.v1.ManagementService/* h2c://localhost:9019
reverse_proxy /management/v1/* h2c://localhost:9019
reverse_proxy /zitadel.system.v1.SystemService/* h2c://localhost:9019
reverse_proxy /system/v1/* h2c://localhost:9019
reverse_proxy /assets/v1/* h2c://localhost:9019
reverse_proxy /ui/* h2c://localhost:9019
reverse_proxy /oidc/v1/* h2c://localhost:9019
reverse_proxy /saml/v2/* h2c://localhost:9019
reverse_proxy /oauth/v2/* h2c://localhost:9019
reverse_proxy /.well-known/openid-configuration h2c://localhost:9019
reverse_proxy /openapi/* h2c://localhost:9019
reverse_proxy /debug/* h2c://localhost:9019
reverse_proxy /device/* h2c://localhost:9019
reverse_proxy /device h2c://localhost:9019
reverse_proxy /zitadel.user.v2.UserService/* h2c://localhost:9019
reverse_proxy /* localhost:9020
}
4 Replies
docker-compose.yml
dashboard.env
# Endpoints
NETBIRD_MGMT_API_ENDPOINT=https://vpn.abc.dev
NETBIRD_MGMT_GRPC_API_ENDPOINT=https://vpn.abc.dev
# OIDC
AUTH_AUDIENCE=abc
AUTH_CLIENT_ID=abc
AUTH_AUTHORITY=https://vpn.abc.dev
USE_AUTH0=false
AUTH_SUPPORTED_SCOPES="openid profile email offline_access"
AUTH_REDIRECT_URI=/nb-auth
AUTH_SILENT_REDIRECT_URI=/nb-silent-auth
# SSL
NGINX_SSL_PORT=443
# Letsencrypt
LETSENCRYPT_DOMAIN=none
# Endpoints
NETBIRD_MGMT_API_ENDPOINT=https://vpn.abc.dev
NETBIRD_MGMT_GRPC_API_ENDPOINT=https://vpn.abc.dev
# OIDC
AUTH_AUDIENCE=abc
AUTH_CLIENT_ID=abc
AUTH_AUTHORITY=https://vpn.abc.dev
USE_AUTH0=false
AUTH_SUPPORTED_SCOPES="openid profile email offline_access"
AUTH_REDIRECT_URI=/nb-auth
AUTH_SILENT_REDIRECT_URI=/nb-silent-auth
# SSL
NGINX_SSL_PORT=443
# Letsencrypt
LETSENCRYPT_DOMAIN=none
management.json
zitadel.env
ZITADEL_LOG_LEVEL=debug
ZITADEL_MASTERKEY=7IhY/T/u9YCgdbj6S82bNImoXH96a1Y9
ZITADEL_EXTERNALSECURE=true
ZITADEL_TLS_ENABLED="false"
ZITADEL_EXTERNALPORT=443
ZITADEL_EXTERNALDOMAIN=vpn.abc.dev
ZITADEL_FIRSTINSTANCE_PATPATH=/machinekey/zitadel-admin-sa.token
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME=zitadel-admin-sa
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME=Admin
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_SCOPES=openid
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_EXPIRATIONDATE=2025-10-11T13:15:20Z
ZITADEL_DATABASE_POSTGRES_HOST=zdb
ZITADEL_DATABASE_POSTGRES_PORT=5432
ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel
ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel
ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=abc
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=root
ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=abc
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable
ZITADEL_LOG_LEVEL=debug
ZITADEL_MASTERKEY=7IhY/T/u9YCgdbj6S82bNImoXH96a1Y9
ZITADEL_EXTERNALSECURE=true
ZITADEL_TLS_ENABLED="false"
ZITADEL_EXTERNALPORT=443
ZITADEL_EXTERNALDOMAIN=vpn.abc.dev
ZITADEL_FIRSTINSTANCE_PATPATH=/machinekey/zitadel-admin-sa.token
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_USERNAME=zitadel-admin-sa
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_MACHINE_NAME=Admin
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_SCOPES=openid
ZITADEL_FIRSTINSTANCE_ORG_MACHINE_PAT_EXPIRATIONDATE=2025-10-11T13:15:20Z
ZITADEL_DATABASE_POSTGRES_HOST=zdb
ZITADEL_DATABASE_POSTGRES_PORT=5432
ZITADEL_DATABASE_POSTGRES_DATABASE=zitadel
ZITADEL_DATABASE_POSTGRES_USER_USERNAME=zitadel
ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=abc
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=root
ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=abc
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable