Caddyfile configuration for reverse proxies - different behaviours

Olliemon · March 5, 2024, 12:30pm

1. The problem I’m having:

Attempting to set up a caddyfile to reverse proxy a series of different ports on a local machine to a subdirectory of a domain name. One of these (ombi) is working as intended, and reverse proxies perfectly. The remainder don’t work - either they result in a black screen (in the case of plex, dynmap) or a 200 error.

2. Error messages and/or full log output:

*   Trying 193.237.139.13:80...
* Connected to www.olliemon.co.uk (193.237.139.13) port 80 (#0)
> GET /plex HTTP/1.1
> Host: www.olliemon.co.uk
> User-Agent: curl/7.81.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://www.olliemon.co.uk/plex
< Server: Caddy
< Date: Tue, 05 Mar 2024 12:22:32 GMT
< Content-Length: 0
< 
* Closing connection 0
* Clear auth, redirects to port from 80 to 443
* Issue another request to this URL: 'https://www.olliemon.co.uk/plex'
*   Trying 193.237.139.13:443...
* Connected to www.olliemon.co.uk (193.237.139.13) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=www.olliemon.co.uk
*  start date: Mar  2 07:25:52 2024 GMT
*  expire date: May 31 07:25:51 2024 GMT
*  subjectAltName: host "www.olliemon.co.uk" matched cert's "www.olliemon.co.uk"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55b9f25c9eb0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /plex HTTP/2
> Host: www.olliemon.co.uk
> user-agent: curl/7.81.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 502 
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< content-length: 0
< date: Tue, 05 Mar 2024 12:22:32 GMT
< 
* Connection #1 to host www.olliemon.co.uk left intact

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

linux package - apt get

a. System environment:

Ubuntu 22.04.4 LTS - x86-64

b. Command:

Editing caddyfile via nano and reloading with caddy reload --config /etc/caddy/Caddyfile

d. My complete Caddy config:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
{
	debug
}
https://www.olliemon.co.uk {
	# Set this path to your site's directory.
	root * /usr/share/caddy
 
	# Enable the static file server.
	file_server
	# Another common task is to set up a reverse proxy:
	# reverse_proxy localhost:8080
 
	# Or serve a PHP site through php-fpm:
	# php_fastcgi localhost:9000#
	route /ombi* {
		reverse_proxy 127.0.0.1:5000
	}
	route /map/* {
		reverse_proxy 127.0.0.1:8123
	}
	route /plex* {
		reverse_proxy 127.0.0.1:32400/web
	}
	route /webmin* {
		reverse_proxy 127.0.0.1:10000
	}
	route /amp* {
		reverse_proxy 127.0.0.1:8080
	}
 
}
 
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

francislavoie · March 5, 2024, 3:59pm

See this article:

You’d be much better off using a subdomain for each service.

You can’t pass a path as part of the upstream address. If you need to rewrite the path, you need to use the rewrite directive to do that. (But again – just use subdomains)

Olliemon · March 5, 2024, 4:12pm

What would the caddyfile look like to reverse proxy to a subdomain? I’ve tried a few configurations and they all fail to validate, I am assuming it’s a syntax error

francislavoie · March 5, 2024, 5:17pm

Just like this (and add the rest as needed):

ombi.example.com {
	reverse_proxy 127.0.0.1:5000
}

map.example.com {
	reverse_proxy 127.0.0.1:8123
}

system · April 4, 2024, 5:18pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.