Skip to content

Layer4 label not recognized after build #765

New issue
New issue
Open
Open
Layer4 label not recognized after build#765
@AliD201

Description

@AliD201
AliD201
opened on Dec 2, 2025

Hello !
hope you all well

i have been trying to setup layer4 routing with postgess through docker labels but the proxy keep saying unrecognized global option
{"level":"info","ts":1764650267.9354663,"logger":"docker-proxy","msg":"Process Caddyfile","logs":"[ERROR] Removing invalid block: Caddyfile:2: unrecognized global option: layer4

partial compose:

supabase-db:
    image: 'supabase/postgres:15.8.1.085'
    healthcheck:
      test: 'pg_isready -U postgres -h 127.0.0.1'
      interval: 5s
      timeout: 5s
      retries: 10
    depends_on:
      supabase-vector:
        condition: service_healthy
    command:
      - postgres
      - '-c'
      - config_file=/etc/postgresql/postgresql.conf
      - '-c'
      - log_min_messages=fatal
    environment:
      - POSTGRES_HOST=/var/run/postgresql
      - 'PGPORT=${POSTGRES_PORT:-5432}'
      - 'POSTGRES_PORT=${POSTGRES_PORT:-5432}'
      - 'PGPASSWORD=${SERVICE_PASSWORD_POSTGRES}'
      - 'POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}'
      - 'PGDATABASE=${POSTGRES_DB:-postgres}'
      - 'POSTGRES_DB=${POSTGRES_DB:-postgres}'
      - 'JWT_SECRET=${SERVICE_PASSWORD_JWT}'
      - 'JWT_EXP=${JWT_EXPIRY:-3600}'
    volumes:
      - 'supabase-db-data:/var/lib/postgresql/data'
      -
        ....
    labels:
      - 'caddy_0.layer4.:5432.@postgres: tls sni supabasedb.example.com'
      - 'caddy_0.layer4.:5432.route: @postgres'
      - 'caddy_0.layer4.:5432.route.proxy: {{upstreams 5432}}'
      - 'caddy_0.layer4.:5432.route.tls.connection_policy.alpn: postgresql'

caddy image build command:

# Build Caddy with the desired plugins
ARG CADDY_VERSION=2.10.2
FROM caddy:${CADDY_VERSION}-builder AS builder

RUN xcaddy build \
    --with github.com/lucaslorentz/caddy-docker-proxy/v2 \
	--with github.com/caddyserver/transform-encoder \
	--with github.com/hslatman/caddy-crowdsec-bouncer/http@main \
	--with github.com/hslatman/caddy-crowdsec-bouncer/appsec@main \
	--with github.com/mholt/caddy-l4/layer4 \
	--with github.com/hslatman/caddy-crowdsec-bouncer/layer4@main
    
# Final stage: minimal runtime image
FROM caddy:${CADDY_VERSION}-alpine

# Copy the custom-built Caddy binary
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

# Run the docker-proxy command instead of normal Caddy
CMD ["caddy", "docker-proxy"]

am aware that

	--with github.com/mholt/caddy-l4/layer4 \
	--with github.com/hslatman/caddy-crowdsec-bouncer/layer4@main

both should load the same first module but i did try with each one alone and am still facing the same issue.

note that am using all of this in coolify if that somehow matters.

Sidequestion: is this the correct and secure way to connect to a postgress db using a domain behind caddy ?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions