How can I set reverse_proxy source address

iceking2nd · August 2, 2024, 5:32pm

1. The problem I’m having:

I want to achieve the effect of nginx “proxy_bind x.x.x.x ;” with Caddy, but I couldn’t find relevant documentation. I need to connect upstream with specific IP address because I have mutiple NICs with differect IP addresses.

2. Caddy version:

v2.8.4

4. How I installed and ran Caddy:

dnf install 'dnf-command(copr)'
dnf copr enable @caddy/caddy
dnf install caddy

a. System environment:

RockyLinux 9.4

b. Command:

systemctl start caddy

Monviech · August 3, 2024, 7:06am

Edit:

Nevermind I understood it wrong.

The outgoing address.

Essentially the local routes of the operating system should decide where to send traffic.

E.g. you have two interfaces in different vlans:
igb0: 192.168.0.20/24
igb1: 172.16.12.3/24

You have two backend servers:
srv01: 192.168.0.101
srv02: 172.16.12.101

When Caddy would proxy to 172.16.12.101 the operating system should use igb1 and send it from 172.16.12.3 as source.

Local routes should have a higher routing precedence as the default gateway route.

Potential Problems:
If there are multiple interfaces with the same layer 3 IP address range in the same Layer2 Broadcast domain, the source address would be random I assume. Idk for sure though.

francislavoie · August 8, 2024, 3:37am

We don’t have configuration for reverse_proxy to choose a specific interface to connect with. We probably should add that though. I haven’t thought about it much because it’s a pretty uncommon need and we haven’t had many people needing it.

Best if you open an issue on Github to track this feature request, and explain your usecase.

PRs welcome if you want to take a shot at implementing it (but it might be tricky).

iceking2nd · August 10, 2024, 10:38am

It’s a special network environment.
igb0: 10.244.233.10/24
igb0: x.x.x.x/24 (secondry address in the same vlan)

srv: y.y.y.y/24 (on remote subnet, acl restrictions, and no permission to operate the server)

So I want to define the source address connect to y.y.y.y with x.x.x.x，but supply services on 10.244.233.10

Monviech · August 10, 2024, 11:29am

So its a VIP on the same interface.

Thats indeed a very special network if the ACLs are that strict for the same subnet.

I would solve that with Source NAT on the router that receives the pakets of the Caddy machine from 10.244.234.10. Just put x.x.x.x/24 on it as additional IP (VIP)

Then do a rule like this and your router will take care of it.

Original Source: 10.244.234.10
Translated Source: x.x.x.x
Destination: y.y.y.y

This will also prevent things like assymetric TCP traffic.

francislavoie · August 13, 2024, 11:44pm

This is being worked on here

system · September 12, 2024, 11:44pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.