Can't access sub-paths in reverse-proxy

Raikatzu · April 19, 2021, 9:37am

1. Caddy version (`caddy version`):

2.0.0-alpine

2. How I run Caddy:

a. System environment:

Docker (docker-compose.yml)

b. Command:

docker-compose up -d

c. Service/unit/compose file:

version: '3'
services:
caddy:
    image: caddy:2.0.0-alpine
    restart: always
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./site:/site
    ports:
      - "8190:8080"

d. My complete Caddyfile or JSON config:

:8080 {
    log {
        format single_field common_log
    }

    basicauth / {
        XXX XXX
    }

    reverse_proxy /grafana/* {
        to grafana:3000
    }

    reverse_proxy /phpldapadmin/* {
        to phpldapadmin:80
    }

    route /influxdb/* {
        uri strip_prefix /influxdb
        reverse_proxy influxdb:8086
    }

    route /ldapum/* {
        uri strip_prefix /ldapum
        reverse_proxy ldapum:80
    }

    root * /site
    file_server browse
}

3. The problem I’m having:

I can’t properly access influxdb and ldapum through reverse_proxy since I can’t get the sub-paths of that applications working. I can access the main page, but can’t access any other ressource when working with the webpage.

In example of Influxdb it remains a blank page since it can’t access a certain js-file
In the case of ldapum I can see the main page, press on log in but after that I get a HTTP 404 because the request to /log_in/ is failed - it can’t find the correct path to that file. When accessing the main page, the URL is :8190/ldapum/ but after pressing on log in, the URL changes to :8190/log_in/.

In both cases, when I manually change the URL to f.e. /influxdb/.js-file or /ldapum/log_in/ it finds the proper ressources and therefore I can access the page. So the files are there (obviously), but I couldn’t find a way to get it running properly.

4. Error messages and/or full log output:

HTTP 404 (can’t find the proper files because of wrong pathing)

5. What I already tried:

I’ve tried a couple of stuff, but here are some examples:

Normal reverse-proxy like grafana etc.

reverse_proxy /influxdb/* {
    to influxdb:8086
}

reverse_proxy /ldapum/* {
    to ldapum:80
}

Not stripping the prefix (couldn’t access anything then as far as I remember)

route /influxdb/* {
    reverse_proxy influxdb:8086
}

route /ldapum/* {
    reverse_proxy ldapum:80
}

Some tries to somehow rewrite the url after reverse_proxy (as you can guess… without success).
I tried something with handle_path but I can’t correctly remind the specific code for granted (sorry for that).

I understand that the problem probably relies in the pathing, but I couldn’t solve it.

6. Links to relevant resources:

None

basil · April 19, 2021, 9:48am

Have you tried without the forward slash before the asterisk?

Raikatzu · April 19, 2021, 9:53am

Hey Basil,

using

route /influxdb* {
    uri strip_prefix /influxdb
    reverse_proxy influxdb:8086
}

route /ldapum* {
    uri strip_prefix /ldapum
    reverse_proxy ldapum:80
}

gives me the same results as mentioned above

francislavoie · April 19, 2021, 1:22pm

Please upgrade to Caddy v2.3.0, you’re using a version of Caddy that’s more than a year old at this point!

This will only apply authentication to exactly /, i.e. the root of your site and nothing else. Remove the / to apply it to everything.

You can use the shorter syntax:

reverse_proxy /grafana/* grafana:3000

After upgrading to v2.3.0, you can use handle_path which shortens this:

    handle_path /influxdb/* {
        reverse_proxy influxdb:8086
    }

As for your problem proxying certain services, you’re running into this problem; many apps weren’t designed to run in subpaths, and unless they expose configuration to make it work, never will. The solution is to use subdomains for those services, or in your case use a different port to proxy them with Caddy.

Raikatzu · April 20, 2021, 7:34am

Hello francis,

thanks for giving me the answer to the question, alongside with many tips and ideas on how I can work cleaner with caddy itself.

For the topic with the basicauth I’d have another question if you don’t mind:
My general idea for what I’m doing now is to create a webpage which is able to include other webpages over iframes (which one is selectable over a nav-bar). If I’m removing the / from the basicauth, Caddy will ask for the authentification each time I want to change the iframe, that’s why I inserted the / (for now) to just make it appear once on the main page (which I know isn’t a good solution since you can access the web-pages over the url without having to authentificate yourself) - is there any possibility to kind of having the basic authentification work for the whole page but yet only having the need to log in once? Like kind of remembering the session?

Greetings

Raikatzu · April 20, 2021, 9:17am

Okay seems like I had a wrong approach here.

Basicauth itself works perfectly fine and as expected, the problem in my case was Grafana which didn’t accept the Authorization Header and threw me back to the login window everytime.
Solved this by emptying the Authorization header before reverse proxying to Grafana and see there, I can use the basicauth without / and have it working on every application.

Thanks for your help!

system · May 19, 2021, 9:38am

This topic was automatically closed after 30 days. New replies are no longer allowed.