Common header settings for multiple reverse proxies?

Help
1

1. Caddy version (caddy version):

v2.20-rc1

2. How I run Caddy:

As a service on an EC2 instance.

a. System environment:

Amazon Linux running on a t2.small EC2 instance

b. Command:

caddy start

c. Service/unit/compose file:

d. My complete Caddyfile or JSON config:

proxy-01.hrpartner.company {
	respond "Caddy Proxy Up!"
}

hr.mybookshoponline.com {
	reverse_proxy https://bookshop.hrpartner.company {
	        header_up X-Real-IP {remote_host}
		header_up X-Forwarded-Proto {scheme}
		header_up Access-Control-Allow-Origin *
		header_up Access-Control-Allow-Credentials true
		header_up Access-Control-Allow-Headers Cache-Control,Content-Type
		transport http {
			read_buffer 8192
		}
	}
}

myhr.villageone.biz {
	reverse_proxy https://villageone.hrpartner.company {
                header_up X-Real-IP {remote_host}
                header_up X-Forwarded-Proto {scheme}
                header_up Access-Control-Allow-Origin *
                header_up Access-Control-Allow-Credentials true
                header_up Access-Control-Allow-Headers Cache-Control,Content-Type
                transport http {
                        read_buffer 8192
                }
	}
}

3. The problem I’m having:

I am trying to set up Caddy as a reverse proxy to enable several customers to use their own CNAMEs for our SaaS app (which uses a separate (subdomain).hrpartner.company for each customer).

The headers need to be configured as my Caddyfile above, in order for the authentication cookies to work properly.

So far it is working well, however I can see the Caddyfile getting quite verbose with lots of similar header directives for each customer site (we could have over 1000 sites that we wish to act as a reverse proxy for).

I was wondering if there was another way to format the Caddyfile to specify common header parameters that would apply to ALL reverse proxy redirects (see my suggestion in 5 below)?

4. Error messages and/or full log output:

5. What I already tried:

I was wondering if a Caddyfile layout similar to the following would be possible? I already tried something similar, but caddy would not start, giving an error (invalid ‘header_up’ on line 6, so I assume it is invalid and we need to do it differently?

proxy-01.hrpartner.company {
    respond "Caddy Proxy Up!"
}

reverse_proxy * {
    header_up X-Real-IP {remote_host}
    header_up X-Forwarded-Proto {scheme}
    header_up Access-Control-Allow-Origin *
    header_up Access-Control-Allow-Credentials true
    header_up Access-Control-Allow-Headers Cache-Control,Content-Type
    transport http {
        read_buffer 8192
    }

    from hr.mybookshoponline.com {
        to https://bookshop.hrpartner.company
    }

    from myhr.villageone.biz {
        to https://villageone.hrpartner.company
    }

    ..etc..

}

6. Links to relevant resources:

2

Howdy, Devan!

You’re looking for snippets :slight_smile:

3

Thanks Mohammed, for introducing me to snippets. I tried refactoring my Caddyfile as below, but it doesn’t seem to be working (proxy redirect no longer happening):

proxy-01.hrpartner.io {
	respond "Caddy Proxy Up!"
}

(proxy-headers) {
	header_up X-Real-IP {remote_host}
        header_up X-Forwarded-Proto {scheme}
        header_up Access-Control-Allow-Origin *
        header_up Access-Control-Allow-Credentials true
        header_up Access-Control-Allow-Headers Cache-Control,Content-Type
        transport http {
                read_buffer 8192
        }
}

hr.mybookshoponline.com {
	reverse_proxy https://bookshop.hrpartner.company {
		import proxy-headers
	}
}

myhr.villageone.biz {
	reverse_proxy https://villageone.hrpartner.company {
		import proxy-headers
	}
}

Have I done something wrong? No errors on caddy reload, just no longer can access hr.mybookshoponline.com or myhr.villageone.biz etc.

4

Ok, figured it out - I got the order of the blocks wrong. It turns out the snippet has to be at the top! :stuck_out_tongue: - as so:

(proxy-headers) {
	header_up X-Real-IP {remote_host}
        header_up X-Forwarded-Proto {scheme}
        header_up Access-Control-Allow-Origin *
        header_up Access-Control-Allow-Credentials true
        header_up Access-Control-Allow-Headers Cache-Control,Content-Type
        transport http {
                read_buffer 8192
        }
}

proxy-01.hrpartner.io {
	respond "Caddy Proxy Up!"
}

hr.mybookshoponline.com {
	reverse_proxy https://bookshop.hrpartner.company {
		import proxy-headers
	}
}

myhr.villageone.biz {
	reverse_proxy https://villageone.hrpartner.company {
		import proxy-headers
	}
}

Thanks for your very rapid response @Mohammed90

1 Like
5

This topic was automatically closed after 30 days. New replies are no longer allowed.