How to assign secondary subdomain to my app without the app knowing it

zilexa · March 25, 2021, 11:01am

1. Caddy version (`caddy version`):

2.3.0

2. How I run Caddy:

Caddy-docker-proxy

a. System environment:

Caddy-docker-proxy via docker-compose on host Ubuntu Budgie 20.10.

b. Command:

Not aware. caddy-docker-proxy takes care of everything.

c. Service/unit/compose file:


version: "2.3"
services: 
##_____________________ Caddy [CLOUD/web-proxy]
  caddy:
    container_name: caddy-proxy
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    restart: always
    networks:
      - web-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - $DOCKERDIR/caddy/caddy_data:/data
      - $DOCKERDIR/caddy/config:/config
    ports:
      - 80:80
      - 443:443
##____________________ FileRun [CLOUD/FileRun]
  filerun:
    image: afian/filerun
    container_name: filerun
    restart: always
    networks:
      - web-proxy
      - filerun
    environment:
      FR_DB_HOST: filerun-db
      FR_DB_PORT: 3306
      FR_DB_NAME: filerundb
      FR_DB_USER: $USER
      FR_DB_PASS: $PW_INT
      APACHE_RUN_USER: $USER
      APACHE_RUN_USER_ID: $PUID
      APACHE_RUN_GROUP: $USER
      APACHE_RUN_GROUP_ID: $PGID
    depends_on:
      - filerun-db
      - filerun-tika
      - filerun-search
    volumes:
      - $DOCKERDIR/filerun/html:/var/www/html
      - $DATAPOOL/Users:/user-files:rw
      # Mount local host user containing family shared files, into home users folders
      - $DATAPOOL/Users/Family:/user-files/$USER1/Family
    labels:
      caddy: files.$DOMAIN
      caddy.reverse_proxy: "{{upstreams 80}}"
      caddy.tls: $EMAIL
      # Required extra headers
      caddy.file_server: ""                                         # required for fileservers
      caddy.encode: gzip                                            # required for fileservers
      caddy.header.Strict-Transport-Security: '"max-age=31536000;"' # Recommended security hardening for fileservers
      caddy.header.X-XSS-Protection: '"1; mode=block;"'             # Recommended security hardening for fileservers
      caddy.header.X-Content-Type-Options: "nosniff"                # Seems required to open files in OnlyOffice
      caddy.header.X-Frame-Options: "SAMEORIGIN"                    # Seems required to open files in OnlyOffice

d. My complete Caddyfile or JSON config:

files.mydomainname.tld {
       encode gzip
       file_server
}
		Strict-Transport-Security max-age=31536000;
		X-Content-Type-Options nosniff
		X-Frame-Options SAMEORIGIN
		X-XSS-Protection "1; mode=block;"
		}
	reverse_proxy 172.26.0.7:80
	tls mydomainname@mydomainname.tld
}

3. The problem I’m having:

FileRun (a Nextcloud alternative). is running fine via files.mydomainname.tld but I now want users to access it via drive.mydomainname.tld (or both subdomains, that’s also fine).

Unfortunately, FileRun itself must “think” it is being accessed via files.mydomainname.tld, because it’s free tier license is linked to the subdomain and Support won’t allow me to change for free tiers. They told me I might be able to do it myself by configuring my domain host and https proxy with a proper redirect. I don’t know how to do that.
→ Question: how to change the caddy file to access this service via drive.mydomainname.tld while the application itself thinks it is being accessed via files.mydomainname.tld?

4. Error messages and/or full log output:

no errors.

5. What I already tried:

I don’t know where to start.

6. Links to relevant resources:

francislavoie · March 25, 2021, 2:18pm

You can change the Host header passed to your upstream like this:

reverse_proxy 172.26.0.7:80 {
	header_up Host example.com
}

Therefore the label would be:

caddy.reverse_proxy.header_up: "Host example.com"

You can change this label to serve the same content on two domains in Caddy:

caddy: "files.$DOMAIN, drive.$DOMAIN"

zilexa · March 25, 2021, 10:56pm

Thanks I tried 2 things.
If I only change files.example.com > drive.example.com, the service gives the message
This software application is registered to a different server hostname.

Now I add your two suggestions (Host files.example.com instead of Host example.com otherwise I get the same message) and I can actually access the service at drive.example.com… but cannot get passed the login page, the popup for 2FA code does not appear, nothing happens if I press login, I can even enter wrong credentials, no message.
I can still login just fine at files.example.com.

Apparently, the service still ‘knows’ it’s not coming from the right domain. I have no clue how they check this unfortunately.

This is FileRun (filerun.com). It’s really cool software (not open-source unfortunately) but a pity once linked to your subdomain, you cannot change the subdomain.

    labels:
      caddy: files.$DOMAIN, drive.$DOMAIN
      caddy.reverse_proxy: "{{upstreams 80}}"
      caddy.reverse_proxy.header_up: "Host files.$DOMAIN"
      # Required extra headers
      caddy.file_server: ""                                         # required for fileservers
      caddy.encode: gzip                                            # required for fileservers
      caddy.header.Strict-Transport-Security: '"max-age=31536000;"' # Recommended security hardening for fileservers
      caddy.header.X-XSS-Protection: '"1; mode=block;"'             # Recommended security hardening for fileservers
      caddy.header.X-Content-Type-Options: "nosniff"                # Seems required to open files in OnlyOffice
      caddy.header.X-Frame-Options: "SAMEORIGIN"

system · April 24, 2021, 11:02am

This topic was automatically closed after 30 days. New replies are no longer allowed.