How to use caddy reverse proxy to forward every request that contains a query argument

1. The problem I’m having:

I’m new to Caddy, but so far it works quite well. I migrated from NPM.
I’m trying to use an search application for Jellyfin called Jellysearch. There’s a hint how to reverse proxy via Traefik and NPM, but I can’t figure out how to use this in Caddy.
In NPM there would be an additional rule:

if ($arg_searchTerm) {
    proxy_pass http://jellysearch:5000;
    break;
}

In Traefik it would look like this

  - traefik.http.routers.jellysearch.rule=Host(`demo.jellyfin.org`) && (QueryRegexp(`searchTerm`, `(.*?)`) || QueryRegexp(`SearchTerm`, `(.*?)`))

2. Error messages and/or full log output:

There's no error message.

3. Caddy version:

v2.8.4

4. How I installed and ran Caddy:

a. System environment:

Docker

b. Command:

I used Portainer stack

c. Service/unit/compose file:

version: "3.7"

services:
  caddy:
    image: caddy
    container_name: caddy
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    ports:
      - 80:80
      - 443:443
      - 443:443/udp
      - 2019:2019
    volumes:
      - portainer/Files/caddy/data:/data
      - portainer/Files/caddy/config:/config
      - portainer/Files/caddy/Caddyfile:/etc/caddy/Caddyfile:ro

d. My complete Caddy config:

the relevant part from the Caddyfile (reverse proxy/Authelia is working on jellyfin)

streaming.domain.com {
        forward_auth ip:9091 {
                uri /api/authz/forward-auth
                ## The following commented line is for configuring the Authelia URL in the proxy. We strongly suggest
                ## this is configured in the Session Cookies section of the Authelia configuration.
                # uri /api/authz/forward-auth?authelia_url=https://auth.example.com/
                copy_headers Remote-User Remote-Groups Remote-Email Remote-Name

                ## This import needs to be included if you're relying on a trusted proxies configuration.
                import trusted_proxy_list
        }
        reverse_proxy ip:8096 {
                ## This import needs to be included if you're relying on a trusted proxies configuration.
                import trusted_proxy_list
        }

5. Links to relevant resources:

This is the project I try to reverse proxy: Dominik / JellySearch · GitLab

You need a query matcher

@search query searchTerm=*
reverse_proxy @search jellysearch:5000
1 Like

Thank you so much for your response and help. I’m feeling like a real noob here, because I can’t get the query to work. Could you please hint me where to put it in my config snippet?

Update:
I did manage to insert the query matcher and start caddy without error, but the redirect won’t work. I stuck at the streaming.domain.com site

This is my Caddyfile snippet:

streaming.domain.com {
        forward_auth ip:9091 {
                uri /api/authz/forward-auth
                ## The following commented line is for configuring the Authelia URL in the proxy. We strongly suggest
                ## this is configured in the Session Cookies section of the Authelia configuration.
                # uri /api/authz/forward-auth?authelia_url=https://auth.example.com/
                copy_headers Remote-User Remote-Groups Remote-Email Remote-Name

                ## This import needs to be included if you're relying on a trusted proxies configuration.
                import trusted_proxy_list
        }
        reverse_proxy ip:8096 {
                ## This import needs to be included if you're relying on a trusted proxies configuration.
                import trusted_proxy_list
}

@search {
        query searchTerm=*
        }
        reverse_proxy @search ip:5000

log {
    output file /data/log/jellyfin.access.log {
        roll_size 10mb
        roll_keep 10
        roll_keep_for 36h
    }
 format json {
            time_format iso8601
        }
  }
}

Please run caddy fmt -w on your config. The indentation is a mess, so it’s really difficult to follow.

I don’t understand what that means. Show evidence. Enable the debug global option in Caddy and show your logs.

You should move to using the global trusted_proxies, instead of per-proxy. See Global options (Caddyfile) — Caddy Documentation

2 Likes

I did run the caddy fmt -w command

streaming.domain.com {
        forward_auth ip/container:9091 {
                uri /api/authz/forward-auth
                ## The following commented line is for configuring the Authelia URL in the proxy. We strongly suggest
                ## this is configured in the Session Cookies section of the Authelia configuration.
                # uri /api/authz/forward-auth?authelia_url=https://auth.example.com/
                copy_headers Remote-User Remote-Groups Remote-Email Remote-Name

                ## This import needs to be included if you're relying on a trusted proxies configuration.
                import trusted_proxy_list
        }
        reverse_proxy ip/container:8096 {
                ## This import needs to be included if you're relying on a trusted proxies configuration.
                import trusted_proxy_list
        }

        @search {
                query searchTerm=*
                }
                reverse_proxy @search ip/container:5000

        log {
                output file /data/log/jellyfin.access.log {
                        roll_size 10mb
                        roll_keep 10
                        roll_keep_for 36h
                }
                format json {
                        time_format iso8601
                }
        }
}

It does work now. I don’t know if it was the command or clearing the cookies.
Thank you very much!

2 Likes