Problems setting up https proxy locally

Sher_Chowdhury · July 16, 2018, 11:04am

Hello,

I am quite new to Caddy, I only started using it a few days ago. I’m trying to get the following example working:

In my case, my php application that’s running on the centos7 apache server is called LibreNMS:

In my case, my vhost file contains:

$ cat /etc/httpd/conf.d/librenms.conf
Listen 8080
<VirtualHost *:8080>
  DocumentRoot /opt/librenms/html/
  ServerName librenms.mysite.co.uk

  AllowEncodedSlashes NoDecode
  <Directory "/opt/librenms/html/">
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews
  </Directory>
</VirtualHost>

I then configured https like this:

$ cat /etc/caddy/Caddyfile
librenms.mysite.co.uk {
  proxy / librenms.mysite.co.uk:8080
  tls {
    dns route53
  }
}

I’m using the following version of caddy:

$ /usr/bin/caddy -version
Caddy 0.11.0 (non-commercial use only)

In my case, I have added the route53 dns plugin to my caddy binary:

$ /usr/bin/caddy -plugins
Server types:
  http

Caddyfile loaders:
  short
  flag
  default

Other plugins:
  http.basicauth
  http.bind
  http.browse
  http.errors
  http.expvar
  http.ext
  http.fastcgi
  http.gzip
  http.header
  http.index
  http.internal
  http.limits
  http.log
  http.markdown
  http.mime
  http.pprof
  http.proxy
  http.push
  http.redir
  http.request_id
  http.rewrite
  http.root
  http.status
  http.templates
  http.timeouts
  http.websocket
  on
  tls
  tls.dns.route53
  tls.storage.file

Then I started caddy by running:

$ /usr/bin/caddy -conf /etc/caddy/Caddyfile -agree -email admin@mysite.co.uk
Activating privacy features... done.
https://librenms.mysite.co.uk
http://librenms.mysite.co.uk

Now when I try to access the website (using google chrome) using http via port 8080, everything looks good:

However when I then try to access the same website via the caddy https proxy, i get:

https://imgur.com/a/oYaYjZF

Basically the website still loads, but it looks like it only partially loaded. Some stuff, e.g. css, appears to have been blocked by google chrome. Also google reports that website is not secure even though a valid letsencrypt certifcate has been installed. I can force google chrome to allow the blocked stuff by clicking on the shield icon, then selecting ‘load unsafe scripts’:

https://imgur.com/a/EQiwk0I

This ends allowing all the blocked stuff, but the website becomes insecure:

https://imgur.com/a/GbX728o

Does anyone have any ideas what could be wrong?

Whitestrake · July 17, 2018, 12:09am

At a guess, it’s trying to load its assets (CSS, JS, and images) over port 8080 instead of HTTPS.

The “Network” tab of the web inspector tools would be helpful in identifying if this is the case or not.

If there’s no option to configure the app with the correct hostname and port, it might be determining that information from the connecting client. If that’s the case, adding the transparent preset to your proxy may help.

On an unrelated note, is there any reason you’re proxying from librenms.mysite.co.uk to the exact same hostname? If the app’s on the same host, why not just proxy / :8080 and avoid the ambiguity/fragility of DNS entirely?

Sher_Chowdhury · July 17, 2018, 9:11am

Hi Matthew,

You’re right! It’s the php app (LibreNMS) that wasn’t properly configured:

All I had to to do was make this link https, and then the css and javascript started loading successfully.

Many thanks for your help

system · October 15, 2018, 9:11am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.