Funkwhale proxy help


(Kieran Wynne) #1

Long story short is there anyway of doing the following in caddy. Here is what I have so far.

The slightly longer story
I 'm attempting to get funkwhale to work behind caddy. I’ve figured a few things from searching around (like alias)

I found a whole 1 post about it on the internet trying to do the same thing. They caved and used nginx. Plus that was using docker too.

I had some success with caddy serving the static files and then nginx serving the api and proxying to it through caddy. Problem is I get a few mixed content errors and not to mention how messy it is to sort out.


  # Transcoding logic and caching
  location = /transcode-auth {
    #!!! include /etc/nginx/funkwhale_proxy.conf;
    # needed so we can authenticate transcode requests, but still
    # cache the result
    internal;
    set $query '';
    # ensure we actually pass the jwt to the underlytin auth url
    if ($request_uri ~* "[^\?]+\?(.*)$") {
        set $query $1;
    }
    proxy_pass http://api:5678/api/v1/trackfiles/viewable/?$query;
    proxy_pass_request_body off;
    proxy_set_header        Content-Length "";
  }

  location /api/v1/trackfiles/transcode/ {
    #!!! include /etc/nginx/funkwhale_proxy.conf;
    # this block deals with authenticating and caching transcoding
    # requests. Caching is heavily recommended as transcoding
    # is a CPU intensive process.
    auth_request /transcode-auth;
    if ($args ~ (.*)jwt=[^&]*(.*)) {
        set $cleaned_args $1$2;
    }
    proxy_cache_key "$scheme$request_method$host$uri$is_args$cleaned_args";
    proxy_cache transcode;
    proxy_cache_valid 200 7d;
    proxy_ignore_headers "Set-Cookie";
    proxy_hide_header "Set-Cookie";
    add_header X-Cache-Status $upstream_cache_status;
    proxy_pass   http://127.0.0.1:5678;
  }



(Matthew Fay) #2

Wow, that looks… interesting.

Best I can tell, a quick and literal translation might look something like…

example.com/transcode-auth {
  internal
  rewrite {
    if {uri} match "[^\?]+\?(.*)$"
    to {1}
  }
  proxy / http://api:5678/api/v1/trackfiles/viewable/ {
    # There is no way to disable sending
    # the request body upstream in Caddy
    header_upstream Content-Length ""
  }
}

example.com/api/v1/trackfiles/transcode/ {
  reauth {
    upstream url=/transcode-auth
  }
  cache {
    default_max_age 7d
    cache_key "{scheme}{method}{host}{uri}{query}"
  }
  proxy / :5678 {
    header_downstream Set-Cookie ""
  }
}

This involves the use of the third-party plugins reauth and cache:

https://caddyserver.com/docs/http.reauth
https://caddyserver.com/docs/http.cache

No guarantees on suitability, but hopefully it’s a useful starting point.


(Kieran Wynne) #3

Thanks I appreciate the help. This one really had me stumped, I was on the verge of going full nginx. If I get it working I’ll post my config here and on the GitHub examples


(Kieran Wynne) #4

Had a few issues with your (@Whitestrake) suggestions. There is no such thing as a cache_key and reauth needs a path. I’m still trying, just figured I’d keep this updated.

I’ve added a more complete idea of what my config looks like. So almost everything is working.

WORKING

  • Logging in and out
  • Adding music to a playlist
  • Playlist functionality
  • All requests in the dev concsole on chrome succeed, so I can’t see where it is failing.
  • Funkwhale are showing everything is okay.
  • Basically everything apart from…

NOT WORKING

  • Actually playing music
  • One js error (probably linked to above
    Uncaught TypeError: Cannot read property 'state' of undefined
    at s.onunlock (Track.vue:41)
    at s.<anonymous> (howler.js:1730)
    onunlock @ Track.vue:41
    (anonymous) @ howler.js:1730
    setTimeout (async)
    _emit @ howler.js:1729
    r.onended @ howler.js:342
    
  • Just found that instance settings are not working either (bunch of vuejs errors in console, just undefined properties)

CONFIG


music.domain.com{
  import ../config/logs
  import ../config/tls
  root /srv/funkwhale/front/dist/

## NGINX config /api ##
#    location /api/ {
#    include /etc/nginx/funkwhale_proxy.conf;
#    # this is needed if you have file import via upload enabled
#    client_max_body_size 30M;
#    proxy_pass   http://api:5000/api/;
#  }
#######################
  proxy /api :5678 {
    transparent
    websocket
  }

## NGINX config /federation ##
#  location /federation/ {
#    include /etc/nginx/funkwhale_proxy.conf;
#    proxy_pass   http://api:5000/federation/;
#  }
##############################
  proxy /federation :5678
}

## NGINX config /media ##
#  location /media/ {
#    alias /srv/funkwhale/data/media/;
#  }
#########################
music.domain.com/media {
    root /srv/funkwhale/data/media
}

## NGINX config /_protected/media ##
#  location /_protected/media {
#    # this is an internal location that is used to serve
#    # audio files once correct permission / authentication
#    # has been checked on API side
#    internal;
#    alias   /srv/funkwhale/data/media;
#  }
####################################
music.domain.com/_protected/media/ {
  internal
  root /srv/funkwhale/data/media
}

## NGINX config /_protected/music ##
#  location /_protected/music {
#    # this is an internal location that is used to serve
#    # audio files once correct permission / authentication
#    # has been checked on API side
#    internal;
#    alias   /srv/funkwhale/data/music;
#  }
####################################
music.domain.com/_protected/music {
    internal
    root   /srv/funkwhale/data/music
}

## NGINX config /staticfiles ##
#  location /staticfiles/ {
#    # django static files
#    alias /srv/funkwhale/data/static/;
#  }
###############################
music.domain.com/staticfiles/ {
    root /srv/funkwhale/data/static/
}

## NGINX config /transcode-auth ##
#  location = /transcode-auth {
#    include /etc/nginx/funkwhale_proxy.conf;
#    # needed so we can authenticate transcode requests, but still
#    # cache the result
#    internal;
#    set $query '';
#    # ensure we actually pass the jwt to the underlytin auth url
#    if ($request_uri ~* "[^\?]+\?(.*)$") {
#        set $query $1;
#    }
#    proxy_pass http://api:5000/api/v1/trackfiles/viewable/?$query;
#    proxy_pass_request_body off;
#    proxy_set_header        Content-Length "";
#  }
##################################
music.domain.com/transcode-auth {
  internal
  rewrite {
    if {uri} match "[^\?]+\?(.*)$"
    to {1}
  }
  proxy / :5678/api/v1/trackfiles/viewable/ {
    header_upstream Content-Length ""
  }
}

## NGINX config /api/v1/trackfiles/transcode/ ##
#  location /api/v1/trackfiles/transcode/ {
#    include /etc/nginx/funkwhale_proxy.conf;
#    # this block deals with authenticating and caching transcoding
#    # requests. Caching is heavily recommended as transcoding
#    # is a CPU intensive process.
#    auth_request /transcode-auth;
#    if ($args ~ (.*)jwt=[^&]*(.*)) {
#        set $cleaned_args $1$2;
#    }
#    proxy_cache_key "$scheme$request_method$host$uri$is_args$cleaned_args";
#    proxy_cache transcode;
#    proxy_cache_valid 200 7d;
#    proxy_ignore_headers "Set-Cookie";
#    proxy_hide_header "Set-Cookie";
#    add_header X-Cache-Status $upstream_cache_status;
#    proxy_pass   http://api:5000;
#  }
################################################

music.domain.com/api/v1/trackfiles/transcode/ {
  reauth {
    upstream url=/transcode-auth
    path /transcode-auth
  }
  cache {
    default_max_age 10080m
    match_path {scheme}{method}{host}{uri}{query}
    path /tmp/caddy-cache
  }
  proxy / :5678 {
    header_downstream Set-Cookie ""
  }
}

(Matthew Fay) #5

Huh, the docs mention it: https://github.com/nicolasazrak/caddy-cache/blob/master/README.md

Strange. Maybe that change wasn’t pushed to the Caddy build server.

Should be able to use / as a catch-all.

No idea about the JS error.