Accessing page using the IP:PORT of the server and preventing redirection to domain.tld/subfolder when accessed by IP

1. Caddy version (caddy version):

v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=

2. How I run Caddy:

I have a Caddy service (automatically created when installing Caddy on Debian Buster) and I reload my Caddyfile configuration using systemctl sudo restart caddy.

a. System environment:

Debian GNU/Linux 10 (buster) x86_64

b. Command:

systemctl sudo restart caddy

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

sauru.sh, www.sauru.sh {
        log {
                output file /var/log/caddy/access.log {
                        roll_size 1gb
                }
        }

        tls me@email.com

        root * /var/www/sauru.sh/main

        encode gzip

        php_fastcgi unix//run/php/php7.3-fpm.sock
        file_server
}

verbo.sauru.sh, www.verbo.sauru.sh {
        tls me@email.com

        root * /var/www/sauru.sh/verbo

        encode gzip

        php_fastcgi unix//run/php/php7.3-fpm.sock
        file_server

        # Special /work/ URLs with their own auth credentials (they do not necessarily correspond to filesystem paths)
        rewrite /testapp /work/data/testapp/maps.html
        route /testapp* { 
                basicauth {
                toto hashedpassword
            }
        reverse_proxy localhost:8002
        }

}

picto.sauru.sh, www.picto.sauru.sh {
        tls me@email.com

        root * /var/www/sauru.sh/picto

        encode gzip

        php_fastcgi unix//run/php/php7.3-fpm.sock
        file_server
}

fileo.sauru.sh, www.filo.sauru.sh {
        tls me@email.com

        root * /var/www/sauru.sh/fileo

        encode gzip

        php_fastcgi unix//run/php/php7.3-fpm.sock
        file_server
}

movio.sauru.sh, www.movio.sauru.sh {
        tls me@email.com

        root * /var/www/sauru.sh/movio

        encode gzip

        php_fastcgi unix//run/php/php7.3-fpm.sock
        file_server
}

3. The problem I’m having:

I use my personal website when testing web applications before they are mature enough to go in production on a dedicated server/website (distinct from my own). I am not a professional, these are just side projects so there is no clear routine there and I don’t have easy access to multiple machines or domains to clearly split things during the testing phase.

Therefore, when I need to share a test applicaton with collaborators, I set up restricted access with credentials, and users end up on domain.tld/subfolder. domain.tld is public and there is nothing to hide, but I don’t want collaborators invited to check out /subfolder to be tempted to browse the full website or even know what the domain name is, it simply is not what I want them to preview.

Can I avoid that with Caddy, and maybe prevent their browser from showing the domain name if they reach the test application using https://IP:PORT? The test application doesn’t need to be indexed by search engines, it is not publicly available anyway.

4. Error messages and/or full log output:

No error really, I just need to find out (1) how to allow access to maps.html by using 194.36.144.124:8002 or 194.36.144.124/testapp in the address bar and (2) find out if, in that case, I can keep users’ browser from redirecting to verbo.sauru.sh/testapp when doing that.

5. What I already tried:

I tried to reach the website by IP but right now it doesn’t seem to resolve. I fiddled with reverse_proxy using the documentation but probably misused it, accessing the website by IP would never work.

6. Links to relevant resources:

Similar question I asked on Stack: url - Can I hide domain.tld for a specific subfolder and show IP:PORT instead (Caddy webserver)? - Server Fault

That’s not possible. The browser needs the domain name to actually perform the TLS handshake (the domain is important for establishing trust). And it’s not possible to ask the browser to obfuscate anything.

Why not use another domain like testing.sauru.sh and add a subdomain to that for each thing you’re testing? So like testapp.testing.sauru.sh. That way you don’t need to worry about subpath stuff (see The "subfolder problem", OR, "why can't I reverse proxy my app into a subfolder?", it can be a problem sometimes) and if the stuff you don’t care for them to see is on other subdomains, they won’t know to look for it.

You could also serve a site on a different port, but you’ll still need to use a domain name if you want TLS/HTTPS.

1 Like

Thank you for the fast answer as usual @francislavoie!

I don’t really need https in that case, would it be possible to disable TLS handshake and then reach the application by ip:port, while keeping TLS for other webpages?

I want to avoid a subdomain because I want to hide the domain altogether. Nothing bad about it but I’m shy about sharing non-work stuff with work collaborators, don’t necessarily want then to know about my side projects (sauru.sh is just a welcome page that lists non-work subdomains). I have another domain in my caddyfile actually, but the same applies; now I’m being difficult I know, I should just not be that shy.

Yes, you can prefix your site address with http:// to turn off HTTPS. Like this, for example:

http://111.111.111.111:12345 {
	...
}

But obviously, I still strongly recommend using a domain. You could get a free dynamic DNS domain (from DuckDNS maybe, or from any other free subdomain provider you might find). Using HTTPS is still better; looks more professional, is more secure, more private, can’t be tampered with, etc.