Setup reverse proxy for radicale


(Tristan) #1

Hey guys,

I am trying to have a radicale docker served behind a caddy reverse proxy. However reading radicale documentation for proxying I had problems adapting that to caddy as there are only nginx and apache examples. Some time ago another user asked here about a similar issue however I do not want to serve radicale via another subdomain but rather at http://example.com/radicale.

The radicale documentation says a proxy has to remove the location at which radicale gets served but using without directive a visit to http://example.com/radicale causes a redirect (default behaviour) to radicale’s webinterface at http://example.com/.web rather than http://example.com/radicale/.web. Skiping without directive causes radicale to think I want to access some ressource under http://example.com/radicale.

My Caddyfile so far:

:80  

proxy /radicale radicale:5232 {
    header_upstream X-Script-Name /radicale
    transparent
    without /radicale
}

I hope somebody might be able to help me out here, any help is very much appreciated as I can not setup subdomains in my home network.


(Tristan) #2

Well I am still stuck with opening Radicale’s port to public and I feel quite uncomfortable with that. I just tried a URL rewrite but that did not work either. I was wondering how one would go about proxying an app that does not support some form of /baseurl as I imagine there might be quite a lot of them out there.

Maybe someone more skilled with caddy and/or radicale can jump to my rescue here as I am at my wit’s end unfortunately.


(Matthew Fay) #3

Hmm.

I just tried this configuration:

cadmus.whitestrake.net/radicale/ {
  proxy / radicale:5232 {
    transparent
    header_upstream X-Script-Name /radicale
  }
}

And it’s working for me currently. This version did not work:

cadmus.whitestrake.net {
  redir /radicale /radicale/
  proxy /radicale/ radicale:5232 {
    transparent
    header_upstream X-Script-Name /radicale
  }
}

I will bring it back down in a little while, but for now you can check https://cadmus.whitestrake.net/radicale/ to see the app in action and see if it’s working as expected.


(Tristan) #4

Well your first example does work indeed. My problem is however that I have Caddy and everything running on my home server and therefore no public domain name I can use to point to.

As I understand in the first example you proxy / which does work fine for me as well but I need to run Radicale at <SERVER-HOSTNAME>/radicale which I figure is the case for the second version?


(Matthew Fay) #5

You can run Caddy without a domain name. A path is a valid site label. This would work:

/radicale/ {
  proxy / radicale:5232 {
    transparent
    header_upstream X-Script-Name /radicale
  }
}

But that would serve on the default port, 2015. You’ll want to use :80/radicale/ as your site label.

https://caddyserver.com/docs/http-caddyfile#addresses


(Tristan) #6

Ok, I feel officially dull, I can not get this to work so I will attach my whole Caddyfile below maybe you want to have a look at it. Thank you so much for your patience. As you can see my proxies for fava and nodered work quite nice but those support baseurl so it was quite easy to setup. All my containers are on a docker bridge network therefore service discovery is possible.

:80/radicale/ {
    proxy / radicale:5232 {
        transparent
        header_upstream X-Script-Name /radicale
    }
}

:80/ {

    ext .html
    gzip
    root /data/srv

    basicauth ... {
        realm ...
        /fava
        /nodered
        /webdav
    }

    webdav /webdav {
        scope /data/srv/webdav
    }

    proxy /fava fava:5000 {
        transparent
    }

    proxy /nodered nodered:1880 {
        transparent
        websocket
    }
}

(Matthew Fay) #7

That looks like it should work. What problem are you running into with this configuration?


(Tristan) #8

Sorry, forgot that: Caddy gives me a 404 when I go to <HOSTNAME>/radicale.


(Matthew Fay) #9

What about if you go to <HOSTNAME>/radicale/? (Note the trailing slash)


(Tristan) #10

Well that worked, thanks a lor :+1:

Do I have to enter that trailing slash for all my other proxies as well? I do not quite get how caddy handles this stuff. In fact right now I am quite confused as to what slash has what effect :smiley:


(Matthew Fay) #11

No worries. Yeah, the trailing slash matters because Caddy matches the requested URL to a site label. With the trailing slash in the site label, if the request doesn’t also have it, they won’t match and the other site label will handle that request (the one for :80/ - P.S. you can probably just use :80).

I put the trailing slash in my example because it looks like Radicale wants it to be there.

You can put a redir /radicale /radicale/ in your other site definition so that whenever someone misses the trailing slash, they get redirected to the right place.