Only internal redirect doesnt work

Help
1

1. Caddy version (2.1.1):

2. How I run Caddy:

Installed with repository. Started with systemd. And using caddyfile. Reverse proxy is set for different applications. Never had an error.

a. System environment:

Rock64 or RPI3 (tested both, but not at the same time) Debian buster based DietPi. arm64 and armhf.

b. Commands

systemctl restart caddy.service

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=root
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy$
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddy$
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

#runs smooth:
domain1.com {
file_server
encode zstd gzip
reverse_proxy 192.168.178.32:3000
}

#this one has trouble
domain2.com {
  reverse_proxy /_matrix/* http://192.168.178.27:8008
}

3. The problem I’m having:

On domain1 runs a rocket.chat, it works perfectly. But I want to replace it with Matrix-Synapse. Actual they are running parallel but on different sbc’s.
I modified the caddyfile example from the Matrix docs, because I dont want to use the federation features.

matrix.example.com {
  reverse_proxy /_matrix/* http://localhost:8008
}

example.com:8448 {
  reverse_proxy http://localhost:8008
}

The only trouble here is: If I try to connect to the .com-domain from inside my network it doesnt work. From the inside of my network, only the localhost ip works. If I leave my network, the .com-Domain runs perfect.
I have never seen something before, and didnt have this mess with the rocket.chat one.

I am not clear if this is a caddy specific error, but there must be a way to get this running, because it smells like a reverse proxy fail.

4. Error messages and/or full log output:

Found no error messages for this.

5. What I already tried:

  • Tried to set my domain in /etc/hosts
  • checked networking in Browser, ends with dns-resolution, no connection buildup.
  • deactivate pi-hole and unbound (runs on another sbc)
  • changed the dns-resolver on the matrix-sbc from my own to a third-party one, quad9.
  • Commented all tls settings out in synapse config, because of caddy using.
  • ping domain2.com from internal network runs with no errors.
  • cleared Browser cache, tried different browsers.
  • added “file_server” to caddyfile, nothing changed.

Element-App couldnt connect to the external-Domain from inside of my network, too. So it is not a browser fault. Any ideas what could be wrong?

2

FYI, I don’t think the /_matrix/* matcher is necessary here since you’re not serving anything else on that domain.

Anyways, not being able to connect to your domain from inside of your network is pretty common. Essentially what happens is that your browser (or whatever client) uses DNS to resolve your domain, and it gets the external IP address in response. So then the client tries to make a request to that IP. If your router at the edge of your local network doesn’t support hairpinning then the connection will fail.

A common fix is to run a DNS server locally that resolves that domain to the LAN IP instead of the external/WAN IP.

2 Likes
3

Okay, but I am actually running a DNS server locally… wait a moment… holy sh**.
Damn, what a shame. I had a dns resolve running to domain2.com but with an older setting to 192.168.178.33 Thats why the resolve doesnt work from inside the network. It searches on the wrong ip. Thanks for pointing me to this.

FYI, I don’t think the /_matrix/* matcher is necessary here since you’re not serving anything else on that domain.

True. Had it running without this matcher, and works anyway. Setting the matcher was one of my “lets check if it works this way” -solutions. It breaks/changes nothing.

2 Likes
4

This topic was automatically closed after 30 days. New replies are no longer allowed.