Internet ===> Router forwards port 443 to 443 of IP 192.168.1.12 where I ran Home Assistant and its Caddy addon, wit the below configuration. I also give duckdns token and email for letsencrypt.
xxx.duckdns.org {
tls {
dns duckdns
}
log data/requests.log {
rotate_size 50 # Rotate after 50 MB
rotate_age 90 # Keep rotated files for 90 days
rotate_keep 20 # Keep at most 20 log files
rotate_compress # Compress rotated log files in gzip format
}
header / {
Strict-Transport-Security "max-age=31536000; includeSubdomains"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "SAMEORIGIN"
Referrer-Policy "same-origin"
-Server
}
proxy / 192.168.1.12:8123 {
websocket
transparent
header_upstream Authorization {>Authorization}
}
}
Inside my LAN (on a different machine 192.168.1.20) I want to add another server (BigBlueButton.org) that is using nginx, There are some processes on the BigBlueButton server that only listen on 127.0.0.1 and rely on nginx to route incoming calls.
For this to work I do need configure Caddy as if it were only a firewall and have it forward incoming request from my external hostname to the BigBlueButton server
Is this possible? COuld you give me the how to/instructions?
I donât find the question very clear, but I think what youâre trying to do is to make Caddy handle requests to a different domain name to your other server? If so, all you need to do is add another site block to your Caddyfile.
In this case, your other domain nameâs DNS would point to the same IP address as your duckdns domain; you can use CNAME to point your other domain to your duckdns domain, so that your other domain doesnât also need a dynamic IP.
Sorry if I misunderstood what youâre asking, if so it would be best if you could give as much detail as you can to help us understand what youâre trying to achieve.
I succesfully installed Rocketchat server on a Ubuntu server 18.04 VM with DOCKER and NGINX in my home LAN and works great. So I know the installation is fine.
But now I need to fix the installation according my home LAN specifications that has other 2 servers.
Basically my situation is as below
Internet ===> Router port 443 ===> Caddy proxy server ====> http://server1
====> http://server2
====> (wish to do this but is not working ) rhttp://ocket.chat server
Basically my Caddy Proxy server forwards all encrypted communication to the appropriate server inside my LAN
In order to make ROCKETCHAT work in my environment, I think I have 2 option
a) make all internat communication of RocketChat unencrypted but I guess will not work
b) make Caddy passthorught all the communications towards the ROCKETCHAT server https://rocketchat-klagio.duckdns.org =====> direct to rockechat server inside LAN (https)
c) othe rsolutions?
https://server1-klagio.duckdns.org ====> ======> http://server1
Caddy proxy server
https://server2-klagio.duckdns.org ====> =====> http://server2
AND
https://rocket-chat-klagio.duckdns.org. bypass Caddy directly to https://192.168.1.13 internal IP of RocketChat (it has Nginx)
Hey thanks a lot. I can definetely try that. On my (already done) installation of rocket chat I will just have to disable the nginx service, modify my Caddy settings, and thatâs it, correct?
On another program (BigBlkueButton) the settings Caddy ==> BBB server without Nginx, was not working, because those servers have a lot of services (voice, video, screen sharing, chat, and so on), and some of those services were relying on local Nginx.
But nevertheless I will try your solution, perhaps this works with rochechat and its jitsi integration (actually what I am interested primarily is VOICE and VIDEO self hosted solution)
My idea was to have a server with Caddy on it that handles port 80 and 443, and instradate the communication to the various servers
Rocketchat is not good, since it relyes on Jitsi-Meet which is not self-hosted. Since my main goal is to have a self-hosted Voice/Video server I go direct to self-hosting JITSY-MEET
I see the ssi on; option in the first block, thereâs no equivalent to that in Caddy. Hopefully that isnât required. SSI is âServer Side Includesâ, Iâve never used it but it seems to read the response from the service, look for HTML comment blocks, and include other HTML content inline to replace that comment.
Thereâs also no tcp_nodelay equivalent option, but I think using websocket for that block should be enough. I hope.
I am not good enoug to understand this, but below there is a post pointing at templates. And somewhere else I red that this SSI is important, will try your solution as is tonight
Yeah, the templates feature is great if youâre building your own site from scratch, but if youâre proxying to another app that you donât control, it wonât help here. Itâs a similar feature, but the syntax is different, therefore theyâre incompatible.
@matt was just saying that the template directive now implements a sub-requests feature, not that it supports SSI.
Hmm. This is where things become hard to debug. That essentially means that Caddy tried to make a request to the proxy backend, but something went wrong.
Make sure the IP addresses in there are correct, I just typed up that Caddyfile example in a hurry, and I also donât know what your network looks like, was just taking guesses based on your earlier comments.
Ahh
When I disable CADDY, and forward my port 443 to the JITSI-MEET server, everything works: I mean JITSI-SERVER NGINX installation is final.
When I switch to CADDY as per above configuration, beside forwarding 443 to CADDY (and not anymore to JITSI-MEET) do I have to do something at the JITSI_MEET installation in regards of its NGINX install?
The first proxy directive has the upstream https://192.168.1.1. Is upstream listening on https? If so, is the certificate self-signed? If not, is the port correct?
If yes, itâs listening on https with the correct port number of 443 and the certificate is self-signed, then you will need to add insecure_skip_verify within the first proxy block. So it becomes:
I spoke to @Mohammed90 elsewhere, he mentioned maybe you need to add the except subdirective to some of those proxies so they properly fall through to the others. See https://caddyserver.com/v1/docs/proxy
Ok, thanks added that. I can connect, so thats an improvement, but the audio/video is not working and I keep being disconnected from the server. I know this is related to trhe server, but the problem lies in Caddy somewhere. This is the console of the Browser, that shows the error 404
ogger.js:154 2020-01-28T08:48:31.618Z [features/base/tracks] Failed to create local tracks (2) [âaudioâ, âvideoâ] a {gum: {âŠ}, name: âgum.not_foundâ, message: âRequested device(s) was/were not found: audio, videoâ, stack: âErrorâ” at new a (https://xxx-video.duckdns.orâŠdns.org/libs/lib-jitsi-meet.min.js?v=3729:6:96997â}
constraints: {video: {âŠ}, audio: {âŠ}}
**strophe.js:5666 POST https://xxx-video.duckdns.org/http-bind?room=test 404**
l @ strophe.js:5666
_processRequest @ strophe.js:5681
_throttledRequestHandler @ strophe.js:5827
_connect @ strophe.js:5150
connect @ strophe.js:3051
_c @ react-dom.production.min.js:272
render @ react-dom.production.min.js:273
(anonymous) @ index.web.js:25
Show 160 more frames
Logger.js:154 2020-01-28T08:48:31.455Z [JitsiMeetJS.js] <Object.getGlobalOnErrorHandler>: **UnhandledError: null Script: null Line: null Column: null StackTrace: Error: Strophe: request id 1.1 error 404 happened**
at Object.i.Strophe.log (strophe.util.js:89)
(anonymous) @ middleware.js:16
(
(anonymous) @ index.web.js:25
Show 167 more frames
Logger.js:154 2020-01-28T08:48:31.459Z [modules/xmpp/strophe.util.js] <Object.i.Strophe.log>: Strophe: request id 1.1 error 404 happened
o @ Logger.js:154
i.Strophe.log @ strophe.util.js:90
Logger.js:154 2020-01-28T08:48:31.461Z [modules/xmpp/strophe.util.js] <Object.i.Strophe.log>: Strophe: request errored, status: 404, number of errors: 1
o @ Logger.js:154
i.Strophe.log @ strophe.util.js:77
warn @ strophe.js:2073
(anonymous) @ index.web.js:25
Show 165 more frames
Logger.js:154 2020-01-28T08:48:31.464Z [modules/xmpp/xmpp.js] <t.value>: (TIME) Strophe disconnecting: 933.5550000000694
Logger.js:154 2020-01-28T08:48:31.465Z [modules/xmpp/xmpp.js] <t.value>: (TIME) Strophe disconnected: 934.7199999999702
Logger.js:154 2020-01-28T08:48:31.466Z [modules/xmpp/xmpp.js] <t.value>: XMPP connection dropped!
Logger.js:154 2020-01-28T08:48:31.469Z [modules/statistics/statistics.js] <Function.S.sendAnalyticsAndLog>: {"type":"operational","action":"connection.failed","attributes":{"error_type":"connection.droppedError","error_message":"connection-dropped-error","suspend_time":0,"time_since_last_success":null}}
Logger.js:154 2020-01-28T08:48:31.470Z [connection.js] <c.l>: CONNECTION FAILED: connection.droppedError
o @ Logger.js:154
l @ connection.js:145
c.emit @ events.js:151
Show 157 more frames
Logger.js:154 2020-01-28T08:48:31.618Z [features/base/tracks] Failed to create local tracks (2) ["audio", "video"] a {gum: {âŠ}, name: "gum.not_found", message: "Requested device(s) was/were not found: audio, video", stack: "Errorâ” at new a (https://xxx-video.duckdns.orâŠdns.org/libs/lib-jitsi-meet.min.js?v=3729:6:96997"}
o @ Logger.js:154
(anonymous) @ functions.js:93
Promise.catch (async)