Rewrite Path and Proxy with Headers and SSL

Help
1

1. Output of caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

I run Caddy on Azure for two sites, and a subdomain. Klabo.blog, lnbits.klabo.blog, and satoshis.lol. They are all reverse proxied to services for each site.

a. System environment:

Ubuntu 18.04

b. Command:

sudo run caddy

d. My complete Caddy config:

(logging) {
    log {
       output file /home/azureuser/logs/caddy.log
    }
}

lnbits.klabo.blog {
    import logging
    reverse_proxy 0.0.0.0:8000
}

spark.klabo.blog {
    import logging
    reverse_proxy http://0.0.0.0:9737
}

klabo.blog {
    import logging
    root * /home/azureuser/klabo-blog/_site/
    encode gzip
    file_server
}

satoshis.lol {
    import logging
    route /.well-known/nostr.json {
	rewrite * /nostrnip5/api/v1/domain/GjxYKGTjwDVawdPBLSLPsr/nostr.json
	reverse_proxy https://lnbits.klabo.blog
    }
    reverse_proxy 0.0.0.0:17422
}

3. The problem I’m having:

I am attempting to handle GET requests to satoshis.lol/.well-known/nostr.json and proxy them to lnbits.klabo.blog with the path /nostrnip5/api/v1/domain/GjxYKGTjwDVawdPBLSLPsr/nostr.json.

When I try this I get a 404 from the satoshis.lol service. redirect doesn’t work here b/c I need the request to appear to be getting returned from satoshis.lol with HTTPS etc.

I’m not an expert at in this type of configuration so forgive me if I’m not explaining well. This is the nginx example I’m attempting to replicate:

## Proxy Server Caching
proxy_cache_path /tmp/nginx_cache keys_zone=nip5_cache:5m levels=1:2 inactive=300s max_size=100m use_temp_path=off;

location /.well-known/nostr.json {
   proxy_pass https://{your_lnbits}/nostrnip5/api/v1/domain/{domain_id}/nostr.json;
   proxy_set_header Host {your_lnbits};
   proxy_ssl_server_name on;

   expires 5m;
   add_header Cache-Control "public, no-transform";

   proxy_cache nip5_cache;
   proxy_cache_lock on;
   proxy_cache_valid 200 300s;
   proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
}

4. Error messages and/or full log output:

2023/01/08 17:56:40.181	error	http.log.access.log3	handled request	{"request": {"remote_ip": "73.170.190.23", "remote_port": "54732", "proto": "HTTP/2.0", "method": "GET", "host": "satoshis.lol", "uri": "/.well-known/nostr.json", "headers": {"Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"], "Accept-Language": ["en-US,en;q=0.9"], "Accept-Encoding": ["gzip, deflate, br"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "satoshis.lol"}}, "user_id": "", "duration": 0.251674802, "size": 19, "status": 404, "resp_headers": {"Content-Type": ["text/plain; charset=utf-8"], "Date": ["Sun, 08 Jan 2023 17:56:40 GMT"], "Server": ["Caddy", "Caddy"], "Alt-Svc": ["h3=\":443\"; ma=2592000"], "Vary": ["Origin"], "X-Content-Type-Options": ["nosniff"], "Content-Length": ["19"]}}

5. What I already tried:

I tried redirect, and also handle instead of route

6. Links to relevant resources:

Link to the guide explaining how to set up with nginx here: lnbits/lnbits/extensions/nostrnip5 at main · lnbits/lnbits · GitHub

2

That reverse_proxy doesn’t override the Host, so the upstream (which is Caddy itself) doesn’t know how to route the request. See the docs:

But really, you don’t need to proxy like that. Just do reverse_proxy localhost:8000 which is the same thing as your other site is doing. Much simpler, avoids having Caddy make an HTTP request to itself which is kinda weird and unnecessary.

1 Like
3

Yeah, that was it. Thank you! Makes a lot of sense now that I think about it. Much appreciated!

2 Likes
4

This topic was automatically closed after 30 days. New replies are no longer allowed.