API access to ZoneMinder server through Caddy as reverse proxy

gannick · July 20, 2024, 1:41pm

Hello everyone !

I am using Caddy as reverse proxy but I am not very expert in the configuration.

1. The problem I’m having:

I use Caddy as reverse proxy in an Alpine LXC container. This reverse proxy transfer my URL to the appropriate web server (Nextcloud, streaming…). Each different web server is in a different container.

I installed ZoneMinder in an LXC container. ZoneMinder used Apache 2 as web server and expose it on http://192.168.1.150/zm

In Caddy, I set my reverse proxy entry like that :

video.gannick.duckdns.org:443 {
        reverse_proxy 192.168.1.150
        rewrite / /zm
        #redir / /zm
        #uri strip_prefix /zm
}

I can access to ZoneMinder through the web interface (but I am not very pleased, I would like to suppress the /zm from the URL.

But I cannot access to ZoneMinder through the API. I installed on my smartpone zmNinja to access ZoneMinder. The app says it could authenticate, but couldn’t access the API…

Could you help me to set an appropriate configuration ?

I searched on the Internet but didn’t found usefull help.

It is working but I know it is not very clean… I access ZoneMinder with https://video.gannick.duckdns.org:443/zm

2. Error messages and/or full log output:

I do not have journalctl in Alpine container

3. Caddy version:

My version is caddy-2.7.6-r3

caddy:~# apk info caddy
caddy-2.7.6-r3 description:
Fast, multi-platform web server with automatic HTTPS

caddy-2.7.6-r3 webpage:
https://caddyserver.com/

caddy-2.7.6-r3 installed size:
42 MiB

4. How I installed and ran Caddy:

Installed with Alpine APK

caddy:~# history
   0 apk update
   1 apk upgrade
   2 curl
   3 apk install curl
   4 apk add curl
   5 apk add caddy

a. System environment:

Linux Alpine in an LXC container owned by a Proxmox server

caddy:~# cat /etc/os-release 
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.19.2
PRETTY_NAME="Alpine Linux v3.19"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://gitlab.alpinelinux.org/alpine/aports/-/issues"

b. Command:

Using Caddy normally I think

Extract from my bash history :

  16 cd /etc/caddy/
  17 vim Caddyfile
  18 caddy run
  19 rc-status --list
  20 rc-update add caddy
  21 rc-service caddy start

c. Service/unit/compose file:

If using Docker/systemd/Kubernetes/make etc.
Delete the code block below if not relevant.

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

My caddy configuration :

caddy:~# caddy fmt /etc/caddy/Caddyfile
# Caddy's configuration file
# see: https://caddyserver.com/docs/caddyfile
#

nextcloud.gannick.duckdns.org:443 {
        #rewrite /.well-known/carddav /remote.php/dav
        #rewrite /.well-known/caldav /remote.php/dav

        redir /.well-known/carddav /remote.php/dav/ 301
        redir /.well-known/caldav /remote.php/dav/ 301

        reverse_proxy 192.168.1.237
}

musique.gannick.duckdns.org:443 {
        reverse_proxy 192.168.1.243:4533
}

streaming.gannick.duckdns.org:443 {
        reverse_proxy 192.168.1.244:8096
}

maison.gannick.duckdns.org:443 {
        reverse_proxy 192.168.1.245:8123
}

livre.gannick.duckdns.org:443 {
        reverse_proxy 192.168.1.248:8083 {
                header_up X-Scheme https
        }
}

video.gannick.duckdns.org:443 {
        reverse_proxy 192.168.1.150
        rewrite / /zm
        #redir / /zm
        #uri strip_prefix /zm
}

#{
#       order cgi before respond
#}

#video2.gannick.duckdns.org:443 {
#       root * /usr/local/www/zoneminder
#       redir / /zm/ 308
#       handle_path /zm/cache* {
#               root * /var/cache/zoneminder
#       }
#       handle_path /zm*
#
#       handle /api* {
#               rewrite * /api/app/webroot/index.php?p={path}&{query}
#       }
#       cgi /cgi-bin/nph-zms /usr/local/www/zoneminder/cgi-bin/nph-zms {
#               unbuffered_output
#       }
#       php_fastcgi unix//var/run/php-fpm.sock
#       file_server
#}

#airsonic.gannick.duckdns.org:443 {
#       reverse_proxy 192.168.1.239:8080
#}

5. Links to relevant resources:

My setup :

Internet → Router Box → Router OpenWRT → Proxmox Server with Caddy as reverse proxy → ZoneMinder in a container on Proxmox server

francislavoie · July 20, 2024, 7:42pm

That’s an issue with your ZoneMinder or Apache config, not a problem with Caddy.

You could do a rewrite in Caddy, but it may not behave well because paths in the HTML may still have the path prefix.

gannick · July 22, 2024, 6:39am

Hello Francislavoie,

You are right, it is not an Caddy issue. But I think that maybe I have misconfigured my Caddy reverse proxy and I don’t feel confortable with Caddy configuration (nor with Apache…).

I hope that someone better than me in Caddy may help me to better configure my Caddy reverse proxy.

Anyway, thanks for your answer.

francislavoie · July 22, 2024, 6:40am

What I’m saying is ultimately this isn’t something you can solve with Caddy config, it has to be solved by configuring your upstream app. Your Caddy config is fine, reverse_proxy is all you need.

gannick · July 22, 2024, 7:34am

Well, I will try to investigate on the Apache 2 from the ZoneMinder container.

But ZoneMinder is very sensitive to any change. Just modifying the time has broken some links…

That’s why I was trying to see if some configurations was possible from Caddy to access the API.

The ZoneMinder android app can successfully access to the authentication but cannot access the API.

system · August 21, 2024, 7:34am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.