Redirect non-WebSocket traffic somewhere else

Help
1

1. The problem I’m having:

I have Headscale running on my birb.it domain. It mainly uses WebSocket traffic to bootstrap Tailscale clients and otherwise doesn’t display anything. (it returns 404).

So I would like to use a redir to instead send visitors to a profile page; Nostree to be exact.

However, how do I distinguish between WS traffic and just HTTP traffic? If a Tailscale client tries to connect, I would prefer them to properly get proxied to the Headscale server - otherwise, redirect.

2. Error messages and/or full log output:

Not an error.

3. Caddy version:

# caddy version
v2.7.4 h1:J8nisjdOxnYHXlorUKXY75Gr6iBfudfoGhrJ8t7/flI=

(Yes, I do need to update that…)

4. How I installed and ran Caddy:

#!/bin/bash
# Run after apt upgrade caddy
xcaddy build \
  --with github.com/gamalan/caddy-tlsredis \
  --with github.com/caddy-dns/cloudflare \
  --output /usr/local/bin/caddy

# /etc/systemd/system/caddy.service
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/local/bin/caddy run --environ --config /srv/Caddyfile
ExecReload=/usr/local/bin/caddy reload --config /srv/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

a. System environment:

Ubuntu 22.04 LTS on arm64

b. Command:

SystemD - unit is above.

c. Service/unit/compose file:

See above.

d. My complete Caddy config:

birb.it {
        #handle /.well-known/lnurlp/ingwie {
        #  header Access-Control-Allow-Origin *
        #  redir https://zaps.birb.it/lnurl
        #}
        handle /.well-known/lnurlp/ingwie {
                reverse_proxy * https://100.64.0.2 {
                        rewrite /lnurl
                        header_up Host zaps.birb.it
                        transport http {
                                tls_server_name zaps.birb.it
                        }
                }
        }
        handle /.well-known/* {
                uri strip_prefix /.well-known
                header Access-Control-Allow-Origin *
                file_server {
                        root /srv/birb.it/well-known
                }
        }
        handle /web* {
                root * /srv/headscale-ui/build
                uri strip_prefix /web
                file_server
        }
        handle {
                reverse_proxy localhost:8080
        }
}

5. Links to relevant resources:

n/a

2

We have an example in the docs for matching websocket requests:

You can simply put not in front (just after the matcher name before the {) to negate it and do whatever with that.

You can simplify these slightly by using handle_path, skips needing uri strip_prefix:

	handle_path /.well-known/* {
		header Access-Control-Allow-Origin *
		root * /srv/birb.it/well-known
		file_server
	}
	handle_path /web* {
		root * /srv/headscale-ui/build
		file_server
	}
1 Like
3

I must’ve overlooked the example, sorry - my bad!

And thanks for the hint! Will use it :slight_smile: Makes the config cleaner.

Thanks for your help!

1 Like
4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.