Caddyfile for vCenter

kavaa · October 8, 2017, 10:42am

Hi,

I would like to access my dev vcenter server via Caddy.
But i cannot get it to work.
Since it uses redirects after the 192.168.1.34/ui sso and many more (Witch I don’t know but there are many)

So i did:

vcenter.domain.com {
proxy / https://192.168.1.34 {
    transparent
    insecure_skip_verify
  }
}

But the url vcenter.domain.com/ui than redirects to the local IP

How can i fix this so that it proxy’s everything after the / to the 192.168.1.34/…

Whitestrake · October 9, 2017, 7:07am

Hi @kavaa,

This is something you’ll have to try to configure in your vCenter, since Caddy isn’t the one issuing those redirects.

You might look into using http.filter to modify the response body to change links from 192.168.1.34 to vcenter.domain.com, but I don’t know if it works on headers (e.g. Location).

https://caddyserver.com/docs/http.filter

thizmo · October 18, 2017, 12:44pm

I actually had the same idea yesterday.
Yet not nor all the different Ports/URL but for the webclient.

This is running on Port 9443/vsphere-client

My Problem: I can’t get the proxy with the transparent option to run.

It changes the URL to the proxy-vm (different VM, different network) and just adds the port and /vsphere-client in the browser. Which can’t work since the port is not open from outside this network.

Any ideas on how to the a real transparent proxy working with caddy?
Or at least, where is my thinking wrong?

I dont’t want to change the URL from the browser who is accessing the proxy.
I want the proxy in between the browser and the vcenter and all traffic has to go through it…
Because only the proxy has a public accessible url/ip

|| ---------> || --------->|__|
Client – Caddy – vCenter
1.2.3.4 – 8.9.10.11 – 192.168.1.2

And the same way back, of course.

Thx for your help.

Whitestrake · October 19, 2017, 12:30am

As long as vCenter doesn’t issue redirects to its own IP address, Caddy should handle that configuration just fine.

vcenter.example.com {
  proxy / 192.168.1.2:9443
}

If it does do absolute redirects, you’ll need to find a way to combat that (such as using http.filter or configuring it to use relative redirection instead), or it won’t work with any reverse proxy software.

system · January 17, 2018, 12:30am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.