Reverse Proxy without Subdomains via Routes

in route’s { … }

Domain {
        encode zstd gzip

        respond "Hello World!"

        route /nucstation/* {
                insecure_skip_verify
                reverse_proxy http://192.168.178.7:5000 {
                }
        }

        route /nucstationhttps/* {
                insecure_skip_verify
                reverse_proxy https://192.168.178.7:5001 {
                }
        }
}

When i do it like this i get this error:

adapting config using caddyfile: parsing caddyfile tokens for 'route': Caddyfile:7 - Error during parsing: unrecognized directive: insecure_skip_verify

@Titanhunter please always wrap your configs and logs with ``` on a line before and after the contents! You got flagged as a spam account because of repeated URLs in your posts. Using backticks will avoid this problem!

Okay, thank you i didnt know this. Im gonna change it

the directive is not

insecure_skip_verify

but

tls_insecure_skip_verify

and it is used inside a transport http directive.
so the complete example should be

Domain {
        encode zstd gzip

        respond "Hello World!"

        route /nucstation/* {
                reverse_proxy http://192.168.178.7:5000 {
                #tls_insecure_skip_verify # not necessary because upstream is http
                }
        }

        route /nucstationhttps/* {
                reverse_proxy https://192.168.178.7:5001 {
                    transport http {
                       tls
                       tls_insecure_skip_verify
                       }
                    }
                }
        }
}
1 Like

I highly recommend you use the caddy fmt command built into the binary to clean up the indentation in your configs! It’ll make it much easier to read and to discuss it.

Okay my config now looks like this

example.spdns.de {
        encode zstd gzip

        respond "Hello World!"

        route /nucstation/* {
                uri strip_prefix nucstation/
                reverse_proxy https://192.168.178.7:5001 {
                        transport http {
                                tls tls_insecure_skip_verify
                        }
                }
        }

        route /pve/* {
                uri strip_prefix pve/
                reverse_proxy https://192.168.178.99:8006 {
                        transport http {
                                tls tls_insecure_skip_verify
                        }
                }
        }
}
}

I used the url strip_prefix from the documentation. At least i get errors now and the right sorcecode is shown. But javascript doesnt seem to work

Edit: Also the Headers are now shown correctly

What do you mean by that?

Also you have a few issues in your Caddyfile. I think you have an extra closing curly brace, and tls tls_insecure_skip_verify isn’t right; they should be on separate lines.

Yes youre right. There was an extra curly brace. and i made the tls_… in an extra line.
That unfortunately didnt solve the problem

These are the Errors i get when loading example.spdns.de/pve/. The Site is completely white

So i thought that there may be a problem with javascript

Yeah, so now your site’s JS is invalid. But that doesn’t (shouldn’t) have anything to do with Caddy.

So I guess the problem is resolved?

I think you actually want to strip the prefix like this:

uri strip_prefix /nucstation

Slash in front, not after.

Yes it kind of is. But i dont have any real use of the reverse proxy because my Services dont work via the reverse proxy. I dont get these errors when im local.
But maybe this is a new topic.

Okay, thank you i changed it. I get the same result anyway.

What’s the output from curling one of these JS requests e.g. curl -iL example.spdns.de/pve/ext-all.js ?

I wonder if you’re running into the subfolder problem (the upstream app doesn’t know it’s meant to be contained within the /pve/ subfolder, so the indexes reference content irrespective of that base URL), which would cause it to respond with Hello world! per your respond directive (so all of those JS responses would be generating first-line errors).

curl -iL example.spdns.de/pve/ext-all.js
HTTP/1.1 308 Permanent Redirect
Connection: close
Location: https://example.spdns.de/pve/ext-all.js
Server: Caddy
Date: Thu, 07 May 2020 08:40:50 GMT
Content-Length: 0

HTTP/2 501 
cache-control: max-age=0
date: Thu, 07 May 2020 08:40:50 GMT
expires: Thu, 07 May 2020 08:40:50 GMT
pragma: no-cache
server: Caddy
server: pve-api-daemon/3.0
content-length: 0

Then i tried this one

curl -iL example.spdns.de/pve/proxmoxlib.js
HTTP/1.1 308 Permanent Redirect
Connection: close
Location: https://example.spdns.de/pve/proxmoxlib.js
Server: Caddy
Date: Thu, 07 May 2020 08:44:55 GMT
Content-Length: 0

HTTP/1.1 200 OK
Content-Type: application/javascript
Date: Thu, 07 May 2020 08:44:55 GMT
Last-Modified: Thu, 30 Jan 2020 16:49:32 GMT
Server: Caddy
Server: pve-api-daemon/3.0
Transfer-Encoding: chunked

// 2.1-3
Ext.ns('Proxmox');
Ext.ns('Proxmox.Setup');

if (!Ext.isDefined(Proxmox.Setup.auth_cookie_name)) {
    throw "Proxmox library not initialized";
}

// avoid errors related to Accessible Rich Internet Applications
// (access for people with disabilities)
// TODO reenable after all components are upgraded
Ext.enableAria = false;
Ext.enableAriaButtons = false;
Ext.enableAriaPanels = false;

// avoid errors when running without development tools
if (!Ext.isDefined(Ext.global.console)) {
    var console = {
        dir: function() {},
        log: function() {}
    };
}

Ext.Ajax.defaultHeaders = {
    'Accept': 'application/json'
};

Ext.Ajax.on('beforerequest', function(conn, options) {
    if (Proxmox.CSRFPreventionToken) {
        if (!options.headers) {
            options.headers = {};
        }
        options.headers.CSRFPreventionToken = Proxmox.CSRFPreventionToken;
    }
});
...

It displays the whole JS so the first level seem to work just fine

OK, so it’s working with the subfolder.

Lets just make sure the browser is, in fact, making requests to the subfolder properly.

Can you load example.spdns.de/pve/ in your browser with the web console open at the Network tab, and check which path, exactly, those JS requests are going to?

An excerpt of the HTML where the JS resource is specified, for one of the scripts giving errors, might also tell us a bit.

1 Like

As you can see in the secnd picture there are some files filled with Hello World.
So maybe subfolders arent working as expected

Definitely not. I’ve written about this in the past - every now and again I dig out this post, suggest you have a read to get a bit of a grasp on what’s going on and why:

To fix this, you need one of the following:

  • a subdomain (sorry, I know you’ve said this isn’t possible for you on free DynDNS service), OR;
  • the app in question to support a base URL setting, OR;
  • to start filtering all the HTML and headers that come back from the app, to manually replace incorrect references with the correct, subfolder-prepended URLs

HTML filtering was possible in v1 as a third-party plugin, I don’t think v2 has this yet (although it should be pretty straightforward to implement, I think!). Even so, that approach was complex and fraught with potential footguns, as you have to be very precise with your rules to get the results your browser will need.

2 Likes

Thank you very much for your help.
Then I guess I got the solution to my problem.

At least I know why it isn’t working.
I really appreciate your help.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.