as a second pass to a much belaboured and failed attempt at making caddy work (see here: The key authorization file from the server did not match this challenge), I’m going to try to scale back and describe here what I’m trying to make work.
I have an apache server configured as such:
<VirtualHost *:80>
ServerName safe.arix.com
ProxyPass / http://192.168.1.67:80/
ProxyPassReverse / http://192.168.1.67:80/
</VirtualHost>
<VirtualHost *:443>
ServerName safe.arix.com
ProxyPass / http://192.168.1.67:443/
ProxyPassReverse / http://192.168.1.67:443/
SSLEngine on
SSLCertificateFile /var/www/ssl/safe.arix.com.crt
SSLCertificateKeyFile /var/www/ssl/safe.arix.com.key
</VirtualHost>
and am working on a laptop with IP address 192.168.1.67. on this laptop I have a small listener on port 80. here’s what happens if I query it from my laptop:
$ printf "GET / HTTP/1.1\nHOST: safe.arix.com\n\n" |nc localhost 80
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 20
ETag: W/“14-e+HIZsKbJi8RmnN5tgP/tOfxHEE”
Date: Thu, 16 Mar 2017 00:07:09 GMT
Connection: keep-alive
– listener: [/] –
if I make this query from the outside world (a ubuntu box), it works equally well. this means that my apache virtual host is working as expected
$ echo -e "GET / HTTP/1.1\nHOST: safe.arix.com\n\n" |nc safe.arix.com 80
HTTP/1.1 200 OK
Date: Thu, 16 Mar 2017 00:07:56 GMT
Server: Apache
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 20
ETag: W/“14-e+HIZsKbJi8RmnN5tgP/tOfxHEE”
– listener: [/] –
now, if I kill my listener (on the laptop) and restart it on port 8000, then with this Caddyfile:
safe.arix.com:80 {
proxy / localhost:8000 {
transparent
}
}
I start up caddy like this:
$ ~/Desktop/caddy_darwin_amd64_custom/caddy -conf $PWD/caddy.conf -agree -email x@x.com -log stdout
Activating privacy features… done.
2017/03/15 17:11:13 listen tcp :80: bind: permission denied
aprilis:tmp ekkis$ sudo ~/Desktop/caddy_darwin_amd64_custom/caddy -conf $PWD/caddy.conf -agree -email x@x.com -log stdout
Activating privacy features… done.
http://safe.arix.com
WARNING: File descriptor limit 256 is too low for production servers. At least 8192 is recommended. Fix with “ulimit -n 8192”.
then I make my request from the external ubuntu box again (notice the host name this time includes the port so that it’s an identical match to the declaration in the Caddyfile):
$ echo -e "GET / HTTP/1.1\nHOST: safe.arix.com:80\n\n" |nc safe.arix.com 80
HTTP/1.1 404 Not Found
Date: Thu, 16 Mar 2017 00:20:13 GMT
Server: Caddy
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Content-Length: 19
No such site at :80
and on Caddy’s log output I see:
2017/03/15 17:13:33 [INFO] 192.168.1.67 - No such site at :80 (Remote: 192.168.1.4, Referer: )
now, to make sure my listener is working on port 8000 (run on the laptop):
$ printf "GET / HTTP/1.1\nHOST: safe.arix.com:80\n\n" |nc localhost 8000
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: text/html; charset=utf-8
Content-Length: 20
ETag: W/“14-e+HIZsKbJi8RmnN5tgP/tOfxHEE”
Date: Thu, 16 Mar 2017 00:25:33 GMT
Connection: keep-alive
– listener: [/] –
AND… if I query the proxy on the laptop (notice the query is on port 80 where Caddy is listening):
$ printf "GET / HTTP/1.1\nHOST: safe.arix.com:80\n\n" |nc localhost 80
HTTP/1.1 200 OK
Content-Length: 20
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Mar 2017 00:26:55 GMT
Etag: W/“14-e+HIZsKbJi8RmnN5tgP/tOfxHEE”
Server: Caddy
X-Powered-By: Express
– listener: [/] –
it works! so… why doesn’t it work from the external host given that we’ve proven Apache is correctly forwarding requests?