HTTPS redirects with openvpn on port 443

Lemmmy · March 4, 2017, 1:04am

I am hosting an openvpn server on port 443 to bypass strict firewalls, so I had to move all my caddy sites to port :444, then use openvpns traffic pass through to pass all non-vpn traffic from port 443 to port 444 on local host. This works perfectly fine, except when somebody tries to access a http site, it redirects them to port :444 instead of :443, resulting in an ugly URL. What is the simplest way to make this redirect to the right port with minimal config changes? (My config is already 400 lines long…)

Whitestrake · March 5, 2017, 11:36pm

If you are using Automatic HTTPS, you’ll need to override its default behaviour for the :80 site by defining an explicit vhost. I haven’t tested it but you might be able to get away with a single catch-all:

:80 {
    redir https://{host}{uri} # :443 should be implicit
}

Otherwise you’ll need to write one for each site (i.e. example.com:80, foo.com:80, bar.com:80 etc).

If you run Caddy in a container you might instead be able to write all it’s configuration to target :443 as normal, but wire it up to :444 on the host, with Caddy none the wiser. This would be the solution with the absolute minimum (zero) extra configuration.

Lemmmy · March 6, 2017, 12:10am

Thanks for your reply. Unfortunately the catch-all did not work. Since writing one for each site would probably get annnoying (as well as explicitly defining :444 a lot), I’ll look into running Caddy in a container. That sounds like a much more managable solution altogether. Thanks!

Whitestrake · March 6, 2017, 12:12am

No worries. I run Caddy almost exclusively in Docker, so if you go that route and have any questions, I’ll probably be able to help.

Lemmmy · March 6, 2017, 10:36am

It seems I can’t install Docker on my server since it’s running OpenVZ 6, thus it’s running kernel 2.6 - are there any alternative ways I can do this? The only thing I have in mind right now is an LD_PRELOAD hack which overrides the port bind() uses, which is generally my solution for this kind of problem.

Whitestrake · March 6, 2017, 5:04pm

I’m not familiar with OpenVZ, but isn’t that a container host anyway? If it doesn’t have internal networking features like Docker does, is adding a VM with a newer version of Linux possible?

system · June 4, 2017, 5:11pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.