Caddy config for reverse_proxy on *.subd.domain.ltd

Hi, I apologize in advance for redacting the template, but i didn’t find it useful for my question.

I am trying to figure out the reverse proxy with SSL for the * subdomain of a subdomain. Let me give you an example.

$HASH1.on.an.net ->  reverse_proxy localhost:3000/$HASH1
$HASH2.on.an.net ->  reverse_proxy localhost:3000/$HASH2
$HASH2.on.an.net/index.html ->  reverse_proxy localhost:3000/$HASH2/index.html
$HASH2.on.an.net/assets/my_logo.png ->  reverse_proxy localhost:3000/$HASH2/assets/my_logo.png
... and so on

The problem is that the:

  1. *.on.an.net fails on the certificate generation with ZeroSSL
  2. ^^ fails with the Let’sEncrypt too, trying to find a cert but it cannot

Can anyone point me in any proper direction, docs, tutorials, or examples?

Thanks a lot
D

1 Like

For TLS issuance, you’ll need to be using the DNS challenge to issue wildcard domains.

Your config might look like this (TLS config omitted cause it depends on your DNS provider):

*.on.an.net {
	rewrite * /{labels.3}{uri}
	reverse_proxy localhost:3000
}

The placeholders {labels.*} are the segments of the hostname separated by the dots, 0-indexed from the right. So 0 is net, 1 is an, 2 is on and 3 is whatever your hash is.

So you’re performing a rewrite to prepend that bit from the domain to the path, and adding {uri} to preserve the rest of the URI (path + query).

3 Likes

Hi, thanks for such a quick reply.

Where can i read more about the labels and uri and how they are used?

In the meantime i will test your config, then report back. :slight_smile:

1 Like

Just to clarify, in order to get the traffic, i have to put this A *.on.an.net IP_ADDR on Cloudflare, right?

Yeah, you need to configure DNS to resolve to your server.

The solution above works as i imagined it. Sharing here full example without sensitive data. This effectively is a reverse proxy for IPFS gateway with subdomain access for max security

Thank you @francislavoie A LOT. I’ve spent days on this 1 month ago :slight_smile:

 *.on.an.net {
        tls {
                dns cloudflare API_TOKEN
        }

        rewrite * /ipfs/{labels.3}{uri}
        reverse_proxy localhost:8080

        log {
                output file /var/log/caddy/ipfs-gateway-subdomain-access.log
                level INFO
        }
}
2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.