gmichaelr
March 7, 2022, 7:37pm
1
caddy version):
2.4.6
I currently use reverse proxy for two internal services.
raspbian - pi 4
#Security headers for www.rupel.org caddyfile
header /* {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Xss-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Content-Security-Policy "upgrade-insecure-requests"
Referrer-Policy "strict-origin-when-cross-origin"
Cache-Control "public, max-age=15, must-revalidate"
Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture *; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'"
Server "No."
www.rupel.org {
tls /home/user/Caddy/server.pem /home/user/Caddy/key.pem
reverse_proxy /plex* 192.168.55.205:5000
reverse_proxy /tautulli* 192.168.55.205:8181
import /home/user/Caddy/caddy_security.conf
}
I want to be able to redirect guests from my root https://www.rupel.org to my reverse proxy /plex. Can I do this along with keeping the reverse proxy? If so, how?
Looked at reference material about redirection rule but was uncertain about how to apply it in this situation.
You mean if they hit the root /, you want to redirect them to Plex?
Then yeah, just add this line:
redir / /plex
I strongly suggest using a subdomain for each service though.
Have you ever tried to reverse proxy an app into its own little subfolder of your domain name?
Makes things neat, doesn’t it? Using example.com/foo/ for one app, example.com/bar/ for another. If you’re coming here from one of the selfhosted communities, you might be thinking along the lines of example.com/sonarr/, example.com/radarr/ etc.
Chances are, you’ve tried some configuration along these lines:
example.com {
redir /sonarr /sonarr/
handle_path /sonarr/* {
reverse_proxy localhost…
2 Likes
gmichaelr
March 8, 2022, 4:57am
3
Currently, I have the two sub-directories for the site. I’m assuming you advise to keep it that way for the services this way someone or something doesn’t just hit it by scanning the domain?
I’m not sure I follow your line of thinking, but:
Security through obscurity (or security by obscurity) is the reliance in security engineering on design or implementation secrecy as the main method of providing security to a system or component. Security experts have rejected this view as far back as 1851, and advise that obscurity should never be the only security mechanism.[citation needed]
An early opponent of security through obscurity was the locksmith Alfred Charles Hobbs, who in 1851 demonstrated to the public how state-of-the-art locks...
Relying on hiding domains/paths from users for security is a losing battle.
1 Like
system
April 6, 2022, 7:37pm
5
This topic was automatically closed after 30 days. New replies are no longer allowed.