Reverse proxy to subdir

Help
1

1. Caddy version (caddy version):

v2.4.6

2. How I run Caddy:

systemctl restart caddy

a. System environment:

OS, Ubuntu, systemd

b. Command:

systemctl restart caddy

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --resume
#--config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

test2.profile.shop {
    rewrite * /mayaseen{path}
    reverse_proxy https://profile-shop-1zlp7t7b2-badals.vercel.app {
        header_up Host {upstream_hostport}
        header_up X-Forwarded-Host {host}
    }
}

3. The problem I’m having:

Hello, after 200 cigarettes in an attempt to set up this rather complicated thing, I decided that I needed help. All seekers of help related to reverse proxy wanted https://bla.com/v1 to point to https://bla2.com, and how to get https://bla.com to point to https://bla2.com/v1 ?
and when request https://bla.com/blah behind the scene loading bla2.com/v1/blah

And a real example:
https://profile-shop-1zlp7t7b2-badals.vercel.app/mayaseen/product/3837732082

this is what I would like to look like:
https://test2.profile.shop/product/3837732082

Thanks in advance.

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

2

Close, you should use {uri} to make sure the query portion of the URL is preserved as well.

But you had the right approach. What exactly isn’t working? What behaviour are you seeing? What’s in your logs?

3

Do you mean
test2.profile.shop {
rewrite * /mayaseen{uri}
reverse_proxy https://profile-shop-1zlp7t7b2-badals.vercel.app {
header_up Host {upstream_hostport}
header_up X-Forwarded-Host {host}
}
}

?
I changed it now.
Now we expect:
https://profile-shop-1zlp7t7b2-badals.vercel.app/mayaseen

to be able to use this link:
https://test2.profile.shop

as well as

https://profile-shop-1zlp7t7b2-badals.vercel.app/mayaseen/product/3837732082

to be able to use this link:
https://test2.profile.shop/product/3837732082

try these links to see the result, please

4

Understood, but what actually happens instead? You haven’t explained what behaviour you’re seeing instead of what you expect.

5

{"level":"error","ts":1639577925.7824674,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"77.78.36.178:22116","proto":"HTTP/2.0","method":"GET","host":"test2.profile.shop","uri":"/_next/static/QDw40O1ahML08NtVAhGAm/_middlewareManifest.js","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"],"Accept":["*/*"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Dest":["script"],"Referer":["https://test2.profile.shop/mayaseen"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["bg-BG,bg;q=0.9,en;q=0.8"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Fetch-Mode":["no-cors"],"Cookie":["_ga=GA1.2.1763325896.1639141990; _gcl_au=1.1.1404675637.1639141990; _gid=GA1.2.1010298139.1639329921; _temp=_temp; _gat_gtag_UA_44313046_1=1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"test2.profile.shop"}},"common_log":"77.78.36.178 - - [15/Dec/2021:14:18:45 +0000] \"GET /_next/static/QDw40O1ahML08NtVAhGAm/_middlewareManifest.js HTTP/2.0\" 404 3548","user_id":"","duration":0.009874481,"size":3548,"status":404,"resp_headers":{"Access-Control-Allow-Origin":["*"],"Date":["Wed, 15 Dec 2021 14:18:45 GMT"],"X-Robots-Tag":["noindex"],"Etag":["W/\"f1ec0ce184bb72f594be55bd7979dc2b432021149b726c3485d016a3da49a047\""],"Content-Type":["text/html; charset=utf-8"],"Server":["Caddy","Vercel"],"X-Vercel-Id":["fra1:fra1::97q2k-1639577925776-3957efd8cd65"],"Content-Encoding":["br"],"X-Matched-Path":["/en-OM/404"],"Cache-Control":["public, max-age=0, must-revalidate"],"Content-Disposition":["inline; filename=\"404\""],"Age":["115610"],"X-Vercel-Cache":["HIT"],"Strict-Transport-Security":["max-age=63072000; includeSubDomains; preload"]}}

This is what I see in the logs.

What I noticed is that files are used that should stay out of the rewrite of /mayaseen such as this resource https://profile-shop-1zlp7t7b2-badals.vercel.app/_next/static/chunks/webpack-1fffc60e5941818b.js

this should not be:
https://test2.profile.shop/mayaseen/_next/static/chunks/webpack-1fffc60e5941818b.js

rather:
https://test2.profile.shop/_next/static/chunks/webpack-1fffc60e5941818b.js

How can I achieve it?

6

So it seems like it’s a nextjs app. You’ll need to configure the base path on it to make it work.

1 Like
7

Thank you !
I will try to handle this.
But another difficulty arose for me.
Since I can’t find enough information to deal with secure on admin api, I decided to do it this way:
:2015 { basicauth /* { admin JDJhJDE0JFhHdGlnNDBBN2U3ZWNYbzNTRVhuUnV6LkYwYS9UQjA3UVNVbEY5RHVBRURUc3E5ZDhOQmx1 } reverse_proxy localhost:2019 { header_up Host {upstream_hostport} header_up X-Forwarded-Host {host} buffer_requests buffer_responses } }

works except that it does not return a response when adding (POST) or deleting data. Do you have any idea how I can fix this?

`curl -X POST “http://52.58.228.177:2015/config/apps/http/servers/srv1/routes/” -H “Content-Type: application/json” -d @test3.json -v -u admin:password-here
Note: Unnecessary use of -X or --request, POST is already inferred.

  • Trying 52.58.228.177:2015…
  • TCP_NODELAY set
  • Connected to 52.58.228.177 (52.58.228.177) port 2015 (#0)
  • Server auth using Basic with user ‘admin’

POST /config/apps/http/servers/srv1/routes/ HTTP/1.1
Host: 52.58.228.177:2015
Authorization: Basic YWRtaW46cEBzc3cwcmQ=
User-Agent: curl/7.68.0
Accept: /
Content-Type: application/json
Content-Length: 1846
Expect: 100-continue

  • Done waiting for 100-continue
  • We are completely uploaded and fine
  • Mark bundle as not supporting multiuse`

it stops here

2021/12/19 12:43:27.296 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv1"} 2021/12/19 12:43:27.306 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc00053c690"} 2021/12/19 12:43:28.556 INFO http enabling automatic TLS certificate management {"domains": ["www.profile.shop", "api2.badals.uk", "test2.profile.shop"]} 2021/12/19 12:43:37.307 ERROR admin stopping current admin endpoint {"error": "shutting down admin server: context deadline exceeded"}

when i cancel request

INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}

Тhank you very much

8

You can’t proxy to the admin endpoint, because that will cause a deadlock. When the config is being changed, Caddy needs to wait until all incoming connections are closed before it can switch to the new config. Since the request to admin came through the old config, it can’t be closed until that request is done. So you’re stuck.

1 Like
9

Yes, thank you, I understand. Then how to protect it? Is there a sample configuration?
I tried this, but it doesn’t work:

“admin” : {
“listen”:“0.0.0.0:2019”,
“enforce_origin”: true,
“origins” : [“someoriginorkey”]
},

10

Do I understand that there is no way or should I put this in another post?

11

What does “doesn’t work” mean exactly? What requests are you trying, what is their output (use curl -v please) and what do the logs show?

12

Is it possible to set up another caddy instance to proxy the admin API?

1 Like
13

That should work.

14

This topic was automatically closed after 30 days. New replies are no longer allowed.