Running zammad in docker behind caddy in docker

Technical assistance
1

Infos:

  • Used Zammad version: 6.3.1-38
  • Used Zammad installation type: docker-compose
  • Operating system: Linux

Expected behavior:

  • Zammad is working

Actual behavior:

  • I am trying to run zammad in my Coolify instance where I have running caddy container Caddy Docker. I checked several topics, documentation, proxy example in github for running behind proxy. But I am still getting CSRF token verification failed! when I am opening zammad from another browser or machine. I have setup caddy container and zammad on same network, pointed zammad to caddy ip with RAILS_TRUSTED_PROXIES, set up NGINX_SERVER_NAME, NGINX_SERVER_SCHEME=https, VIRTUAL_HOST, but still nothing helps. Did anyone manage to run zammad behind caddy proxy in docker container? I am already out of ideas what can be missconfigured :unamused: Will be grateful for any help. Thank you!
2

Hi @tonven,

Did you set the following env variables as well?

ZAMMAD_HTTP_TYPE="https"
ZAMMAD_FQDN="..."
3

maybe you should share your config and nginx profile for that ; last week we deploy zammad by docker-compose. first time we also met the CSRF when configrate the fqdn and set http_type ;
we check for the following thing:
1.zammad_http_type : must be https
2.fqdn : we use our own domain
we resolved it by using the .env for NGINX_SERVER_SCHEME=https

4

This is my env configs:

BACKUP_DIR=/var/tmp/zammad
BACKUP_TIME=03:00
HOLD_DAYS=10
MEMCACHE_SERVERS=zammad-memcached:11211
NGINX_SERVER_NAME=zammad.domain.space
NGINX_SERVER_SCHEME=https
POSTGRESQL_OPTIONS=?pool=50
POSTGRES_DB=zammad_production
POSTGRES_HOST=zammad-postgresql
POSTGRES_PASS=pass
POSTGRES_PORT=5432
POSTGRES_USER=zammad
RAILS_TRUSTED_PROXIES=["127.0.0.1", "::1", "192.168.16.2", "172.18.0.2"]
REDIS_URL=redis://zammad-redis:6379
VIRTUAL_HOST=zammad.domain.space
ZAMMAD_FQDN=zammad.domain.space
ZAMMAD_HTTP_TYPE=https

This is my caddy coolify config:

https://zammad.domain.space {
	reverse_proxy header_up x-forwarded-proto https
}

172.18.0.2 is the address of my caddy instance. They are running in the same docker network

5

@tschaefer @phoenix Am I missing something? Thanks! :slight_smile:

6

This is a free community without any guarantee to receive a working solution etc. Please be patient, most of us are helping the community in their spare time. If you require commercial grade support, you can get that at zammad.com.

7

I don’t know caddy, i only use nginx for zammad , you use nginx and caddy both? may you should try nginx first…
nginx also can support https ;
also , i set the zammad fqdn in web not in the env ;
my env only have:

NGINX_SERVER_SCHEME=https

What I want to explain here is that my method is not the method recommended in the official documents. I figured it out by myself. There may be certain problems. It is for reference only.

and i use my own nginx profile and passthrough to docker containner.

server {
    listen 80;
    server_name domain;
    
    # 将HTTP请求重定向到HTTPS
    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name domain;
    
    ssl_certificate /etc/nginx/ssl/fullchain.pem;  # 修改为你的SSL证书路径
    ssl_certificate_key /etc/nginx/ssl/privkey.pem;  # 修改为你的SSL证书私钥路径

    # 强制使用较强的SSL协议和加密套件
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    
     # 其他 SSL 配置
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    client_max_body_size 50M;

    location / {
        proxy_pass http://localhost:8080;  # 修改为你的后端服务地址
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

	    # WebSocket 相关的头信息
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
	    proxy_read_timeout 86400;

    }
    # 如果需要添加其他配置,请在此处添加
}