Caddy - Accessing the CISO assistant application from other computers within same network

Help
1

1. The problem I’m having:

Hi,
I am new to CISO Assistant application. I have installed it on Windows, and it works fine locally, but my other users are having trouble opening it. I have imported the certificate on the user’s computer, disabled the firewall, and even other items from a Google search, but it didn’t help in solving my issue.
I would appreciate any help.

2. Error messages and/or full log output:

Mostly, it's giving a timeout. the other computers are pinging the main computer with the docker and caddy etc.

3. Caddy version:

caddy:2.10.0

4. How I installed and ran Caddy:

I downloaded latest Docker and stalled on windows and installed CISO Assistant from GitHub.

a. System environment:

Windows 11

b. Command:

c. Service/unit/compose file:

services:
backend:
container_name: backend
image: Package ciso-assistant-community/backend · GitHub
pull_policy: always
restart: always
environment:

  • ALLOWED_HOSTS=backend,localhost,192.168.110.41,192.168.110.3
  • CISO_ASSISTANT_URL=https ://localhost:8443
  • DJANGO_DEBUG=True
  • AUTH_TOKEN_TTL=7200
    volumes:
  • ./db:/code/db
    healthcheck:
    test: [“CMD-SHELL”, “curl -f http ://backend:8000/api/health/ || exit 1”]
    interval: 10s
    timeout: 5s
    retries: 20
    start_period: 100s
    huey:
    container_name: huey
    image: Package ciso-assistant-community/backend · GitHub
    pull_policy: always
    depends_on:
    backend:
    condition: service_healthy
    restart: always
    environment:
  • ALLOWED_HOSTS=backend,localhost,192.168.110.41
  • CISO_ASSISTANT_URL=https ://localhost:8443
  • DJANGO_DEBUG=False
  • AUTH_TOKEN_TTL=7200
    volumes:
  • ./db:/code/db
    entrypoint:
  • /bin/sh
  • -c
  • |
    poetry run python manage.py run_huey -w 2 --scheduler-interval 60
    frontend:
    container_name: frontend
    environment:
  • PUBLIC_BACKEND_API_URL=http ://backend:8000/api
  • PUBLIC_BACKEND_API_EXPOSED_URL=https ://localhost:8443/api
  • PROTOCOL_HEADER=x-forwarded-proto
  • HOST_HEADER=x-forwarded-host
    image: Package ciso-assistant-community/frontend · GitHub
    pull_policy: always
    restart: always
    depends_on:
    backend:
    condition: service_healthy
    caddy:
    container_name: caddy
    image: caddy:2.10.0
    environment:
  • CISO_ASSISTANT_URL=https ://192.168.110.41:8443
    depends_on:
    backend:
    condition: service_healthy
    restart: unless-stopped
    ports:
  • 8443:8443
    volumes:
  • ./caddy_data:/data
    command: |
    sh -c ‘echo $$CISO_ASSISTANT_URL “{
    reverse_proxy /api/* backend:8000
    reverse_proxy /* frontend:3000
    tls internal
    }” > Caddyfile && caddy run’

d. My complete Caddy config:

https ://localhost {
reverse_proxy localhost:5173 {
header_up Origin http ://localhost
}
}

5. Links to relevant resources:

2

This means local computer only. That’s why it works from the local computer but not from the other computers.

3

Thank you for the response. So what do I need to do so that other users can access this application in the same office local network?

One computer (Windows 11) has Docker+CISO Assistant on Caddy (192.168.110.41) and other computer (192.168.110.3) on the same network is trying to access the application by Https ://192.168.110.41:8443/login. Its giving timeout, we had tried everything available on google but no success.

I even tried the following in Caddyfile

https:// {
reverse_proxy localhost:5173 {
header_up Origin http ://localhost

}
}

also

https://192.168.110.41 {
reverse_proxy localhost:5173 {
header_up Origin http ://localhost

}
}

4

Please use proper code blocks when posting your configuration. Otherwise, it’s really hard to read.

You have a few options.

  1. you can use Caddy’s own internal CA:
your-lan-ciso-site-name {
    tls internal
    reverse_proxy localhost:5173 {
        header_up Origin http://localhost
    }
}

Then install Caddy’s CA on your clients’ computers.

  1. or you can use a real domain with a trusted certificate, if you have one. In that case, you’ll need to use the DNS challenge (preferred).

  2. or expose port 443 on your computer to the internet (not recommended unless you know what you’re doing).

  3. You could also manually add a trusted certificate and key to Caddy, but that mostly defeats the purpose of automated HTTPS, so it’s not ideal.

You can find more details and examples here:

1 Like