From dc96b0f120cefb8fdfd68ff42de6410bb26be491 Mon Sep 17 00:00:00 2001
From: Bhumij Gupta <bhumijgupta@gmail.com>
Date: Sun, 28 Mar 2021 05:54:25 +0530
Subject: [PATCH] Update Caddy to v2 (#216)

Co-authored-by: Konstantin (https://github.com/KonstTz)
Signed-off-by: bhumijgupta <bhumijgupta@gmail.com>
---
 README.md          |  9 ++++++++-
 caddy/Caddyfile    | 42 ++++++++++++++----------------------------
 docker-compose.yml |  3 ++-
 3 files changed, 24 insertions(+), 30 deletions(-)

diff --git a/README.md b/README.md
index d237bee..70cb4a2 100644
--- a/README.md
+++ b/README.md
@@ -14,14 +14,21 @@ Clone this repository on your Docker host, cd into dockprom directory and run co
 git clone https://github.com/stefanprodan/dockprom
 cd dockprom
 
-ADMIN_USER=admin ADMIN_PASSWORD=admin docker-compose up -d
+ADMIN_USER=admin ADMIN_PASSWORD=admin ADMIN_PASSWORD_HASH=JDJhJDE0JE91S1FrN0Z0VEsyWmhrQVpON1VzdHVLSDkyWHdsN0xNbEZYdnNIZm1pb2d1blg4Y09mL0ZP docker-compose up -d
 ```
 
+**Caddy v2 does not accept plaintext passwords. It MUST be provided as a hash value. The above password hash corresponds to ADMIN_PASSWORD 'admin'. To know how to generate hash password, refer [Updating Caddy to v2](#Updating-Caddy-to-v2)**
+
 Prerequisites:
 
 * Docker Engine >= 1.13
 * Docker Compose >= 1.11
 
+## Updating Caddy to v2
+
+Perform a `docker run --rm caddy caddy hash-password --plaintext 'ADMIN_PASSWORD'` in order to generate a hash for your new password. 
+ENSURE that you replace `ADMIN_PASSWORD` with new plain text password and `ADMIN_PASSWORD_HASH` with the hashed password references in [docker-compose.yml](./docker-compose.yml) for the caddy container.
+
 Containers:
 
 * Prometheus (metrics database) `http://<host-ip>:9090`
diff --git a/caddy/Caddyfile b/caddy/Caddyfile
index 2500a04..c899539 100644
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -1,39 +1,25 @@
 :9090 {
-    basicauth / {$ADMIN_USER} {$ADMIN_PASSWORD}
-    proxy / prometheus:9090 {
-            transparent
-        }
-
-    errors stderr
-    tls off
+    basicauth /* {
+        {$ADMIN_USER} {$ADMIN_PASSWORD_HASH}
+    }
+    reverse_proxy prometheus:9090
 }
 
 :9093 {
-    basicauth / {$ADMIN_USER} {$ADMIN_PASSWORD}
-    proxy / alertmanager:9093 {
-            transparent
-        }
-
-    errors stderr
-    tls off
+    basicauth /* {
+        {$ADMIN_USER} {$ADMIN_PASSWORD_HASH}
+    }
+    reverse_proxy alertmanager:9093
 }
 
 :9091 {
-    basicauth / {$ADMIN_USER} {$ADMIN_PASSWORD}
-    proxy / pushgateway:9091 {
-            transparent
-        }
-
-    errors stderr
-    tls off
+    basicauth /* {
+        {$ADMIN_USER} {$ADMIN_PASSWORD_HASH}
+    }
+    
+    reverse_proxy pushgateway:9091
 }
 
 :3000 {
-    proxy / grafana:3000 {
-            transparent
-            websocket
-        }
-
-    errors stderr
-    tls off
+    reverse_proxy grafana:3000
 }
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index c4f0535..50951bc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -115,7 +115,7 @@ services:
       org.label-schema.group: "monitoring"
 
   caddy:
-    image: stefanprodan/caddy
+    image: caddy:2.3.0
     container_name: caddy
     ports:
       - "3000:3000"
@@ -127,6 +127,7 @@ services:
     environment:
       - ADMIN_USER=${ADMIN_USER:-admin}
       - ADMIN_PASSWORD=${ADMIN_PASSWORD:-admin}
+      - ADMIN_PASSWORD_HASH=${ADMIN_PASSWORD_HASH:-JDJhJDE0JE91S1FrN0Z0VEsyWmhrQVpON1VzdHVLSDkyWHdsN0xNbEZYdnNIZm1pb2d1blg4Y09mL0ZP}
     restart: unless-stopped
     networks:
       - monitor-net