Caddy running in system container cannot bind domain

Tetrov · March 11, 2025, 10:11am

Incus 6.10.1

incus launch images:ubuntu/24.04 caddy

incus config device add caddy caddy-port-80 proxy listen=tcp:0.0.0.0:80 connect=tcp:127.0.0.1:80
incus config device add caddy caddy-port-443 proxy listen=tcp:0.0.0.0:443 connect=tcp:127.0.0.1:443

Caddy config

{
    "apps": {
        "http": {
            "servers": {
                "example": {
                    "listen": [
                        "ubuntu.caddy.example.com:80"
                    ],
                    "routes": [
                        {
                            "handle": [
                                {
                                    "handler": "static_response",
                                    "body": "Hello, world!"
                                }
                            ]
                        }
                    ]
                }
            }
        }
    }
}

Caddy config error

{"error":"loading config: loading new config: http app module: start: listening on ubuntu.caddy.example.com:80: listen tcp 11.22.33.444:80: bind: cannot assign requested address"}

When I don’t bind any domain, it works.

                    "listen": [
                        ":80"
                    ],

11.22.33.44 is Incus host IP address. Domain DNS points to 11.22.33.44

Any ideas, please?

bensmrs · March 11, 2025, 11:27am

Your host has the address 11.22.33.44, but not your container. The proxy device proxies stuff from your host to your container, but it doesn’t allow your container to bind to the host’s IP. Binding to the proxy target, in your case 127.0.0.1, works, which is what is demonstrated by your example.

osch · March 12, 2025, 1:41am

On default all containers are assigned an internal “dns” name like "container-name.incus"which doesn’t match “ubuntu.caddy.example.com” and as such it won’t work. As you are adding proxy devices to your container you need to listen on localhost / 127.0.0.1 for caddy or on local devices.

You DNS can still point / resolve to 11.22.33.44 and caddy will serve your web pages as the traffic is routed through the defined proxies.

An alternative approach would be to use a different network device like MacVlan, Routed, etc. (Type: nic - Incus documentation) This way our container will get an IP directly form the same network the host is using. Here is a good guide to read up on networking in Incus A networking guide for Incus – Mi blog lah!.