Reverse_proxy with custom header_up

5knnbdwm · February 11, 2021, 4:41pm

1. Caddy version (`caddy version`):

v2.2.0-rc.1

2. How I run Caddy:

a. System environment:

CentOS SELinux 8 x64

b. Command:

caddy start;
caddy reload;

c. Service/unit/compose file:

N/A

d. My complete Caddyfile or JSON config:

tableau.soeller.dev {
        route / {
                respond "Hello, world!"
        }
        route /tableau/* {
                uri * strip_prefix /tableau
                reverse_proxy * http://217.79.180.190:8080 {
                        header_up REMOTE_ADDR {http.request.host}
                        header_up X-Forwarded-For {http.request.remote_host}
                        header_up Host {http.request.host}
                        header_up X-Forwarded-Host {http.request.remote_host}
                        header_up X-Forwarded-Proto {http.request.scheme}
                }
        }
        log {
                output file /root/caddy2.log {
                        roll_local_time true
                }
                format json
        }
}

3. The problem I’m having:

I’m trying to put tableau server behind route on my domain. When doing it the way I did it in my Caddyfile and direct to tableau.my_domain/tableau I only receive a white screen with a 200 response. What I want to receive is the signing page for tableau.

My problem is that I do not know how exactly I have to set up the additional header that tableau requires.

everybody_client_access_config
link further down

4. Error messages and/or full log output:

{
  "level": "info",
  "ts": 1613061634.4891918,
  "logger": "http.log.access.log0",
  "msg": "handled request",
  "request": {
    "remote_addr": "82.102.16.198:62324",
    "proto": "HTTP/2.0",
    "method": "GET",
    "host": "tableau.soeller.dev",
    "uri": "/tableau",
    "headers": {
      "Cookie": [
        "workgroup_session_id=null"
      ],
      "Accept": [
        "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
      ],
      "User-Agent": [
        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"
      ],
      "Accept-Language": [
        "en-us"
      ],
      "Accept-Encoding": [
        "gzip, deflate, br"
      ]
    },
    "tls": {
      "resumed": false,
      "version": 772,
      "cipher_suite": 4865,
      "proto": "h2",
      "proto_mutual": true,
      "server_name": "tableau.soeller.dev"
    }
  },
  "common_log": "82.102.16.198 - - [11/Feb/2021:16:40:34 +0000] \"GET /tableau HTTP/2.0\" 0 0",
  "duration": 0.00002172,
  "size": 0,
  "status": 0,
  "resp_headers": {
    "Server": [
      "Caddy"
    ]
  }
}

5. What I already tried:

What I tried is putting Tableau on the root route instead behind a path and that does work.
Here is the log to that Tableau on / · GitHub

So I know that in practice it does work.

6. Links to relevant resources:

francislavoie · February 11, 2021, 4:45pm

Please upgrade to v2.3.0!

You can replace this with just handle_path /tableau/*. The handle_path directive implicitly does strip_prefix for you.

5knnbdwm:

                        header_up X-Forwarded-For {http.request.remote_host}
                        header_up Host {http.request.host}
                        header_up X-Forwarded-Host {http.request.remote_host}
                        header_up X-Forwarded-Proto {http.request.scheme}

Please remove these lines, Caddy does that for you already.

You may also remove this line because that’s not actually a header, but a property of the TCP connection. You don’t need to do anything here. The remote address on requests will always be the IP of the source of the connection.

I think Caddy’s default reverse_proxy behaviour is already appropriate for your needs.

5knnbdwm · February 11, 2021, 4:51pm

Ok, thanks for the infos. Yes it is smaller than before. However it still does not work.

tableau.soeller.dev {
        route / {
                respond "Hello, world!"
        }
        handle_path /tableau/* {
                reverse_proxy * http://217.79.180.190:8080
        }
        log {
                output file /root/caddy2.log {
                        roll_local_time true
                }
                format json
        }
}

francislavoie · February 11, 2021, 4:52pm

Please be specific. What behaviour are you seeing? What’s in your logs? I can’t help with vague statements like that.

Have you upgraded to Caddy v2.3.0?

5knnbdwm · February 11, 2021, 4:54pm

Yes have upgraded to v2.3.0.

Yeah sorry. Still get the logs in the beginning. Still just a white screen with a 200 response.

{
  "level": "info",
  "ts": 1613062133.718863,
  "logger": "http.log.access.log0",
  "msg": "handled request",
  "request": {
    "remote_addr": "82.102.16.198:43346",
    "proto": "HTTP/2.0",
    "method": "GET",
    "host": "tableau.soeller.dev",
    "uri": "/tableau",
    "headers": {
      "Accept": [
        "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
      ],
      "User-Agent": [
        "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"
      ],
      "Accept-Language": [
        "en-us"
      ],
      "Accept-Encoding": [
        "gzip, deflate, br"
      ],
      "Cookie": [
        "workgroup_session_id=null"
      ]
    },
    "tls": {
      "resumed": false,
      "version": 772,
      "cipher_suite": 4865,
      "proto": "h2",
      "proto_mutual": true,
      "server_name": "tableau.soeller.dev"
    }
  },
  "common_log": "82.102.16.198 - - [11/Feb/2021:16:48:53 +0000] \"GET /tableau HTTP/2.0\" 0 0",
  "duration": 0.000020167,
  "size": 0,
  "status": 0,
  "resp_headers": {
    "Server": [
      "Caddy"
    ]
  }
}

francislavoie · February 11, 2021, 4:59pm

Oh, that’s because you have your matcher as /tableau/* but you made a request with /tableau. It doesn’t match because you don’t have a trailing / there.

Two ways to fix:

Easiest way is to change the matcher to /tableau*, but this would mean requests to /tableaufoo would also match (but that might not be a concern)
Add a rewrite /tableau /tableau/ line just above your handle_path which will ensure the / is there for routing purposes. Adds an extra line to your config but won’t have edgecases.

5knnbdwm · February 11, 2021, 5:10pm

Hey, so yeah it did solve a problem. It did load the Tableau signin. Problem now is that Tableau itself redirected me from /tableau to /#/signin which is the other route set-up.

To solve that I again used route /tableau but for that tableau again returned only a white screen.

francislavoie · February 11, 2021, 5:21pm

Generally, it’s better to serve apps like this under their own domain. Read this article for more detail:

Your app may have configuration to allow changing the base path, but if it doesn’t then you’re out of luck and the best thing to do is not serve it under a subpath and give it its own subdomain.

5knnbdwm · February 11, 2021, 5:26pm

Okay, thanks for the help. Yeah have it served on a different domain as well, just had to have some access to tableau on the same domain as other things.

But a coworker came up with the solution that we look at which specific paths we need from tableau and make only them redirect to tableau instead of everything.

system · March 13, 2021, 4:42pm

This topic was automatically closed after 30 days. New replies are no longer allowed.