Proxy with {labelN}

joshx · October 29, 2018, 3:12am

Hi All!

Trying to use wildcard with a proxy, as follows:

*.foobar.com {
        tls {
            dns cloudflare
        }
        proxy / http://{label1}:1234
}

I should be able to proxy for example test.foobar.com to http://test:1234 (this is done via a Docker network, so it’ll work via DNS).

However, this gives me:
2018/10/29 03:07:19 parse http://{label1}:1234: invalid character "{" in host name

Is this not possible to use labels within proxy? Would be very useful, as it can be done via nginx.

Whitestrake · October 29, 2018, 3:46am

Hi @joshx, welcome to the Caddy community!

No, I don’t believe the proxy target has ever been parsed for placeholders.

It’s one of the features listed on the big proxy rewrite issue #1639, (particularly #990 which is referenced):

Add support for “dynamic” backends (backends based on parameters of the request on-the-fly or based on external environment, see #564, #1630 (?), #1894, #199, #990, and its related PR #998)

– proxy: Rewrite the proxy middleware · Issue #1639 · caddyserver/caddy · GitHub

Feel free to check out the issue and add your thoughts or thumbs-up if you’re interested.

matt · October 29, 2018, 6:00am

And the problem with this particular feature request is that it’s potentially a very bad attack vector. Ultimately the server (or its operator) will need to whitelist which hosts to reverse-proxy to. Making those values dynamic makes it easy to make configuration mistakes. Dynamic subdomains aren’t as bad generally but can still be bad. Anyway, some careful thought is required before that rewrite actually happens…

joshx · October 29, 2018, 1:42pm

Agreed that this is usually a very bad idea.

This is just for a staging server where we want to route APIs to certain hostnames based on branch, walled behind authentication as well a IP based firewall, used only for internal company use.

For example: feature-branch-name.foobarstagingapi.example.com would route the feature branch “feature-branch-name” to the *.foobarstagingapi.example.com URL.

It’s handy in certain circumstances.

system · January 27, 2019, 1:52pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.