1. Caddy version (caddy version
):
v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=
2. How I run Caddy:
I have a Caddy service (automatically created when installing Caddy on Debian Buster) and I reload my Caddyfile configuration using systemctl sudo restart caddy
.
a. System environment:
Debian GNU/Linux 10 (buster) x86_64
b. Command:
systemctl sudo restart caddy
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
sauru.sh, www.sauru.sh {
log {
output file /var/log/caddy/access.log {
roll_size 1gb
}
}
tls me@email.com
root * /var/www/sauru.sh/main
encode gzip
php_fastcgi unix//run/php/php7.3-fpm.sock
file_server
}
verbo.sauru.sh, www.verbo.sauru.sh {
tls me@email.com
root * /var/www/sauru.sh/verbo
encode gzip
php_fastcgi unix//run/php/php7.3-fpm.sock
file_server
# Special /work/ URLs with their own auth credentials (they do not necessarily correspond to filesystem paths)
rewrite /testapp /work/data/testapp/maps.html
route /testapp* {
basicauth {
toto hashedpassword
}
reverse_proxy localhost:8002
}
}
picto.sauru.sh, www.picto.sauru.sh {
tls me@email.com
root * /var/www/sauru.sh/picto
encode gzip
php_fastcgi unix//run/php/php7.3-fpm.sock
file_server
}
fileo.sauru.sh, www.filo.sauru.sh {
tls me@email.com
root * /var/www/sauru.sh/fileo
encode gzip
php_fastcgi unix//run/php/php7.3-fpm.sock
file_server
}
movio.sauru.sh, www.movio.sauru.sh {
tls me@email.com
root * /var/www/sauru.sh/movio
encode gzip
php_fastcgi unix//run/php/php7.3-fpm.sock
file_server
}
3. The problem I’m having:
I use my personal website when testing web applications before they are mature enough to go in production on a dedicated server/website (distinct from my own). I am not a professional, these are just side projects so there is no clear routine there and I don’t have easy access to multiple machines or domains to clearly split things during the testing phase.
Therefore, when I need to share a test applicaton with collaborators, I set up restricted access with credentials, and users end up on domain.tld/subfolder. domain.tld is public and there is nothing to hide, but I don’t want collaborators invited to check out /subfolder to be tempted to browse the full website or even know what the domain name is, it simply is not what I want them to preview.
Can I avoid that with Caddy, and maybe prevent their browser from showing the domain name if they reach the test application using https://IP:PORT? The test application doesn’t need to be indexed by search engines, it is not publicly available anyway.
4. Error messages and/or full log output:
No error really, I just need to find out (1) how to allow access to maps.html by using 194.36.144.124:8002 or 194.36.144.124/testapp in the address bar and (2) find out if, in that case, I can keep users’ browser from redirecting to verbo.sauru.sh/testapp when doing that.
5. What I already tried:
I tried to reach the website by IP but right now it doesn’t seem to resolve. I fiddled with reverse_proxy
using the documentation but probably misused it, accessing the website by IP would never work.
6. Links to relevant resources:
Similar question I asked on Stack: url - Can I hide domain.tld for a specific subfolder and show IP:PORT instead (Caddy webserver)? - Server Fault