1. Caddy version (caddy version
):
v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=
2. How I run Caddy:
I have a Caddy service (automatically created when installing Caddy on Debian Buster) and I reload my Caddyfile configuration using systemctl sudo restart caddy
.
a. System environment:
Debian Buster, php7.3-fpm.
b. Command:
systemctl sudo restart caddy
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
I am sorry I had to redact the domain in my Caddyfile because this website is not into production yet and I don’t want it to be indexed until it’s fully ready, as it involves people who haven’t heard about the project yet.
domain.tld, www.domain.tld {
tls mat@email.com
root * /var/www/domain.tld/wordpress
# Prevent malicious PHP uploads from running
@uploads path_regexp path /uploads\/(.*)\.php
rewrite @uploads /
encode gzip
# Restricted access to /work/ and /misc/
# (except for direct url to files in /misc/)
handle /work/_h5ai/private/* {
respond 404
}
route /work/* {
basicauth {
user <<hashpass>>
}
@no_index not file {path}.html {path} {path}/index.html
rewrite @no_index /work/_h5ai/public/index.php
}
handle /misc/_h5ai/private/* {
respond 404
}
route /misc/* {
@fileNotExists not {
not path */
file
}
basicauth @fileNotExists {
user <<hashpass>>
}
@no_index not file {path}.html {path} {path}/index.html
rewrite @no_index /misc/_h5ai/public/index.php
}
php_fastcgi unix//run/php/php7.3-fpm.sock
file_server
}
3. The problem I’m having:
So as you can see above, my website has two subfolders with authentication, /work/
and /misc/
, the latter being restricted while still giving view permissions to anyone who has the complete URL to a file (but no access to browse with h5ai).
I am running an application that serves something to 127.0.0.0.1:8001
, and I would like that to be accessed within the /work/
subfolder, with the same authentication. Ideally I would like that to be accessed by an URL (possibly just the subfolder, I don’t necessarily need a subdomain here) without forcing visitors to provide the port. I think what I would need is reverse_proxy
but, as a complete newbie in Caddy, didn’t find where to add that line without breaking the rest of my domains, including this new served page.
I am assuming this is a fairly simple issue that I could solve if I was a little bit more skilled in Caddy, but even after reading the documentation, I am still very confused when it comes to nesting different functions since there are always some that I don’t fully understand.
Thanks in advance for any help!