Self signed tls on local and global ip with port fodwarding for snap installed Rocket.Chat with Caddy


(p1ter) #1

Hello everybody.
I’m noob, Please help me and sorry for my Eng

- explain what you are trying to do:
i try to make connections crypted with local and global (port forwarding incoming connections on my global address by port) ip’s

- show what you have already tried:
i install Rocket.Chat and Caddy on Ubuntu 16.04

- include error messages and log output:
if i have config /var/snap/rocketchat-server/current/Caddyfile like that

https://global_ip_here:8443
tls self_signed
proxy / localhost:3000 {
  websocket
  transparent
}

i see error when i try to connect using local ip
421 Site 10.10.1.200:8443 is not served on this interface

And if i have opposite ip’s in config like that

https://10.10.1.200:8443
tls self_signed
proxy / localhost:3000 {
  websocket
  transparent
}

i have
421 Site here_global_ip:8443 is not served on this interface when i try to connect


(Matthew Fay) #2

Hi @p1ter, welcome to the Caddy community.

I think I understand that you want to serve the same site for requests for both the public IP address and the private IP address.

You can just use both, separated by a comma, as your site label:

https://[PUBLIC_IP]:8443, https://[PRIVATE_IP]:8443 {
  tls self_signed
  ...
}

You could also configure Caddy to serve this site for any HTTPS request on port 8443 that doesn’t match another site in your Caddyfile, as a catch-all / wildcard:

https://:8443 {
  tls self_signed
  ...
}

https://caddyserver.com/docs/caddyfile#labels
https://caddyserver.com/docs/http-caddyfile