Problem with reverse_proxy on 2 ports for the same domain

Geni_Lolugu · February 27, 2025, 7:06pm

1. The problem I’m having:

I have a webrtc application that needs 2 ports. one for my server and the other running peerjs. I want to redirect both of them to https. but only the one on top is working.

2. Error messages and/or full log output:

There are no error messages. Just my peerjs is insecure when i open it in my chrome.

3. Caddy version:

v2.9.1

4. How I installed and ran Caddy:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

sudo vim /etc/caddy/Caddyfile

my_domain {
 reverse_proxy localhost:3000
 reverse_proxy /peerjs* localhost:8080
}

sudo systemctl restart caddy

a. System environment:

The app is running inside a docker container. but caddy is not.

b. Command:

sudo systemctl restart caddy
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

FROM node:22.4.0
WORKDIR /app
COPY . /app
RUN npm install
RUN npm install peer -g
# Install concurrently (if you are using it)
RUN npm install -g concurrently
EXPOSE 3000 3001
# Run both commands in parallel using concurrently
CMD ["concurrently", "\"npm run devStart\"", "\"peerjs --port 8080 --path /peerjs\""]
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

5. Links to relevant resources:

Mohammed90 · February 27, 2025, 7:43pm

You will have to share these logs for us to understand what you mean

Geni_Lolugu · February 27, 2025, 8:09pm

These are the logs for caddy:

Feb 27 13:25:28 ip-172-31-4-25 caddy[5749]: {"level":"error","ts":1740680728.1265547,"logger":"http.log.error","msg":"read tcp 127.0.0.1:48414->127.0.0.1:3000: read: connection reset by peer","request":{"remote_ip":"49.43.234.223","remote_port":"63287","client_ip":"49.43.234.223","proto":"HTTP/2.0","method":"GET","host":"zoom-clone.idcxyz.shop","uri":"/socket.io/?EIO=3&transport=polling&t=PL8g09q","headers":{"Accept":["*/*"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Dest":["empty"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept-Language":["en-US,en;q=0.9"],"Referer":["https://zoom-clone.idcxyz.shop/80066684-8d9b-4639-b01b-b7d152c8f56b"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0"],"Priority":["u=1, i"],"Sec-Fetch-Mode":["cors"],"Cookie":["REDACTED"],"Sec-Fetch-Site":["same-origin"],"Sec-Ch-Ua":["\"Not(A:Brand\";v=\"99\", \"Microsoft Edge\";v=\"133\", \"Chromium\";v=\"133\""]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"zoom-clone.idcxyz.shop"}},"duration":0.001464257,"status":502,"err_id":"gpmwi3z8m","err_trace":"reverseproxy.statusError (reverseproxy.go:1373)"}
Feb 27 14:04:04 ip-172-31-4-25 caddy[5749]: {"level":"info","ts":1740683044.5461774,"msg":"got renewal info","names":["zoom-clone.idcxyz.shop"],"window_start":1745623377,"window_end":1745796177,"selected_time":1745645954,"recheck_after":1740704644.5461674,"explanation_url":""}
Feb 27 14:04:04 ip-172-31-4-25 caddy[5749]: {"level":"info","ts":1740683044.5522811,"logger":"tls.cache.maintenance","msg":"updated ACME renewal information","identifiers":["zoom-clone.idcxyz.shop"],"cert_hash":"f6c04fea105eee555f79a1f31dfed341a1f9fd4427881091c35346469396ecc3","ari_unique_id":"nytfzzwhT50Et-0rLMTGcIvS1w0.BGA9eK1d-9JcnKRqND5TTSnL","cert_expiry":1748300607,"selected_time":1745740694,"next_update":1740704644.5461674,"explanation_url":""}

There are more with info and warn tags but this is the only one with error tag.

If you access zoom-clone.idcxyz.shop:8080/ you can see that it’s insecure. if you try it without port number, you can see your own video(only if you allowed camera access) and in the developer console it says “ERR_SSL_PROTOCOL_ERROR”.

Mohammed90 · February 27, 2025, 8:16pm

When you make the request to the host with the port :8080, the request doesn’t go to Caddy. It goes to your app directly which is leaking through the firewall.

For the error in the console, I think this snippet in the code is wrong:

const myPeer = new Peer(undefined, {
	host: '/',
  secure:true,
  port: '8080'
})

Should it point to 8080 and /?

Geni_Lolugu · February 27, 2025, 9:21pm

So, the host here is either my domain or “0.0.0.0”. Honestly idk what ‘/’ would mean in this case, may be localhost. And port is the port number on the domain for peerjs service. The code snippet itself is not throwing any errors and it works fine on my local machine. It’s causing issues on ec2 because it needs ssl certificate i guess. So, I’m trying to use reverse proxy to make it use https.

How can I make both 8080 and 3000 ports redirect to https?

Mohammed90 · February 28, 2025, 12:05am

That code is exactly what’s causing the issue. If you read the error in the console, you’ll see it says:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://zoom-clone.idcxyz.shop:8080/peerjs/id?ts=17407006692560.1646838032716812. (Reason: CORS request did not succeed).

Per the docs of PeerJS, the port is wrong. Omit it or use 443.
https://peerjs.com/docs/#start

You will need to use handle to make the routing mutually exclusive

Geni_Lolugu · February 28, 2025, 12:35am

oh really? I tried setting the port to 443 but then it gave port busy error.

docker: Error response from daemon: driver failed programming external connectivity on endpoint great_bohr (5d4311b80280b52190a1f4f2747d1cdfccfa2c85d44862269923abce2255fb38): Error starting userland proxy: listen tcp4 0.0.0.0:443: bind: address already in use.

I’m new to everything here and these errors are driving me nuts.

Mohammed90 · February 28, 2025, 12:42am

You’re setting it in your back-end, while the issue is in the front-end. Your front-end code is using the wrong port. This isn’t a Caddy issue. It’s an issue with your usage of that library.

Geni_Lolugu · February 28, 2025, 2:03am

okay. setting that port only on peerjs frontend makes the docker error go away but the issue with ssl still persists.

Thanks for letting me know it’s not from caddy. That’s one thing i don’t need to touch.