Thanks for the reply, @francislavoie.
I changed the Caddyfile to
go.example.org {
reverse_proxy http://172.96.140.17:25697
}
and this was the response from running curl -v https://go.example.org
* Trying 34.149.204.188:443...
* Connected to go.example.org (34.149.204.188) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=go.example.org
* start date: Jan 10 04:24:33 2023 GMT
* expire date: Apr 10 04:24:32 2023 GMT
* subjectAltName: host "go.example.org" matched cert's "go.example.org"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x101aa20)
> GET / HTTP/2
> Host: go.example.org
> user-agent: curl/7.80.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 308
< date: Tue, 10 Jan 2023 17:38:50 GMT
< expect-ct: max-age=2592000, report-uri="https://sentry.repl.it/api/10/security/?sentry_key=615192fd532445bfbbbe966cd7131791"
< location: https://go.example.org/
< replit-cluster: global
< server: Caddy
< content-length: 0
<
* Connection #0 to host go.example.org left intact
Using the Caddyfile from the top of this reply, my client cannot access 172.96.140.17:25697
.
Discourse disabled posting multiple images: https://i.postimg.cc/GmFqYD6k/joinjeff-online.png
Accessing wss://go.example.org worked with the Caddyfile configuration from @gyfer
This also didn’t work:
go.example.org {
reverse_proxy 172.96.140.17:25697
}
A note on the version, I don’t know what replit uses for their platform like one listed in the dropdown on the binaries download page. (Actually, I forked a template with an old version of caddy)
When I tried Linux amd64, I got the following error when trying to run (./caddy_linux_amd64
) it via the shell: bash: ./caddy_linux_amd64: Permission denied
Linux arm64 failed to upload to replit. These are the only binaries I’ve attempted to use right now.
Also, I’m using a regular CNAME record (with Cloudflare, not proxied) to replit: 415cb4c4-8584-4727-8b5f-223170d04e73.id.repl.co
. Don’t know how that affects caddy, if at all.