1. The problem I’m having:
Hi, because I would like to hide credentials inside url params I tried to change redir
(works with config posted below) to proxy_reverse
but with no success. What I do wrong? Any response what will kick me right direction is appreciated a lot
Bob:admin@172.20.10.22:11000?receiver=999999999&smstext=hello&report=1
4. How I installed and ran Caddy:
c. Service/unit/compose file:
version: '3.3'
services:
caddy:
image: caddy:latest
restart: unless-stopped
volumes:
- ./caddy/Caddyfile:/etc/caddy/Caddyfile
ports:
- 11000:80
- 2019:2019
networks:
- default
networks:
default:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.30.169.0/24
d. My complete Caddy config:
Using redir
works:
{
admin :2019
}
:80 {
log
skip_log /health
handle /health {
respond 200
}
route {
basicauth {
# admin pass
Bob $2a$14$bIpj.rzTSiXPQb7bdqv13.3LgpX5xc/nFuDLBRnhlUfpJGzD9NXgS
}
redir https://aweg.t-mobile.cz:443{uri}&auth=:
}
}
Logs:
proxy-caddy-1 | 2024-03-06T23:09:03.123457536Z {"level":"info","ts":1709766543.123074,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
proxy-caddy-1 | 2024-03-06T23:09:03.124778526Z {"level":"warn","ts":1709766543.1247246,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
proxy-caddy-1 | 2024-03-06T23:09:03.125547135Z {"level":"info","ts":1709766543.1255016,"logger":"admin","msg":"admin endpoint started","address":":2019","enforce_origin":false,"origins":["//:2019"]}
proxy-caddy-1 | 2024-03-06T23:09:03.125551787Z {"level":"warn","ts":1709766543.1255202,"logger":"admin","msg":"admin endpoint on open interface; host checking disabled","address":":2019"}
proxy-caddy-1 | 2024-03-06T23:09:03.125704085Z {"level":"warn","ts":1709766543.1256318,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
proxy-caddy-1 | 2024-03-06T23:09:03.125830843Z {"level":"info","ts":1709766543.1257858,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0004b8980"}
proxy-caddy-1 | 2024-03-06T23:09:03.126696743Z {"level":"info","ts":1709766543.12624,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
proxy-caddy-1 | 2024-03-06T23:09:03.126701108Z {"level":"info","ts":1709766543.1264043,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
proxy-caddy-1 | 2024-03-06T23:09:03.126702842Z {"level":"info","ts":1709766543.1264107,"msg":"serving initial configuration"}
proxy-caddy-1 | 2024-03-06T23:09:03.127625622Z {"level":"info","ts":1709766543.1272583,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/data/caddy"}
proxy-caddy-1 | 2024-03-06T23:09:03.127629753Z {"level":"info","ts":1709766543.1275725,"logger":"tls","msg":"finished cleaning storage units"}
proxy-caddy-1 | 2024-03-06T23:09:44.004152808Z {"level":"error","ts":1709766584.0039504,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"172.18.64.255","remote_port":"61307","client_ip":"172.18.64.255","proto":"HTTP/1.1","method":"GET","host":"172.20.10.22:11000","uri":"/?receiver=607690844&smstext=Foo&report=1","headers":{"Connection":["keep-alive"],"User-Agent":["PostmanRuntime/7.36.3"],"Accept":["*/*"],"Cache-Control":["no-cache"],"Postman-Token":["98faa423-174e-45ef-a79e-4d5ad9300d85"],"Accept-Encoding":["gzip, deflate, br"]}},"bytes_read":0,"user_id":"","duration":0.000175151,"size":0,"status":401,"resp_headers":{"Server":["Caddy"],"Www-Authenticate":["Basic realm=\"restricted\""]}}
proxy-caddy-1 | 2024-03-06T23:09:53.959489214Z {"level":"info","ts":1709766593.9593055,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"172.18.64.255","remote_port":"61307","client_ip":"172.18.64.255","proto":"HTTP/1.1","method":"GET","host":"172.20.10.22:11000","uri":"/?receiver=607690844&smstext=Foo&report=1","headers":{"Accept-Encoding":["gzip, deflate, br"],"Connection":["keep-alive"],"Authorization":[],"User-Agent":["PostmanRuntime/7.36.3"],"Accept":["*/*"],"Cache-Control":["no-cache"],"Postman-Token":["f10fd3bc-3591-4729-a801-dc222607e6b0"]}},"bytes_read":0,"user_id":"Bob","duration":0.877850188,"size":0,"status":302,"resp_headers":{"Location":["https://aweg.t-mobile.cz:443/?receiver=607690844&smstext=Foo&report=1&auth="],"Content-Type":[],"Server":["Caddy"]}}
My not working attempt to change it to reverse_proxy
:
{
admin :2019
}
:80 {
log
skip_log /health
handle /health {
respond 200
}
route {
basicauth {
# admin pass
Bob $2a$14$bIpj.rzTSiXPQb7bdqv13.3LgpX5xc/nFuDLBRnhlUfpJGzD9NXgS
}
rewrite {uri}&auth=
reverse_proxy https://aweg.t-mobile.cz:443
}
}
proxy-caddy-1 | 2024-03-06T23:19:52.571367911Z {"level":"info","ts":1709767192.5708518,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
proxy-caddy-1 | 2024-03-06T23:19:52.572131638Z {"level":"warn","ts":1709767192.5720925,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
proxy-caddy-1 | 2024-03-06T23:19:52.572812593Z {"level":"info","ts":1709767192.572775,"logger":"admin","msg":"admin endpoint started","address":":2019","enforce_origin":false,"origins":["//:2019"]}
proxy-caddy-1 | 2024-03-06T23:19:52.572816497Z {"level":"warn","ts":1709767192.5727894,"logger":"admin","msg":"admin endpoint on open interface; host checking disabled","address":":2019"}
proxy-caddy-1 | 2024-03-06T23:19:52.573020457Z {"level":"warn","ts":1709767192.5729144,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
proxy-caddy-1 | 2024-03-06T23:19:52.573024881Z {"level":"info","ts":1709767192.5729926,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0004e0380"}
proxy-caddy-1 | 2024-03-06T23:19:52.573765807Z {"level":"info","ts":1709767192.5736394,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
proxy-caddy-1 | 2024-03-06T23:19:52.573823615Z {"level":"info","ts":1709767192.5737946,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
proxy-caddy-1 | 2024-03-06T23:19:52.573827061Z {"level":"info","ts":1709767192.5738046,"msg":"serving initial configuration"}
proxy-caddy-1 | 2024-03-06T23:19:52.574465429Z {"level":"info","ts":1709767192.5742824,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/data/caddy"}
proxy-caddy-1 | 2024-03-06T23:19:52.574470939Z {"level":"info","ts":1709767192.5744262,"logger":"tls","msg":"finished cleaning storage units"}
proxy-caddy-1 | 2024-03-06T23:19:58.743943421Z {"level":"info","ts":1709767198.7437723,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"172.18.64.255","remote_port":"61709","client_ip":"172.18.64.255","proto":"HTTP/1.1","method":"GET","host":"172.20.10.22:11000","uri":"/?receiver=607690844&smstext=Foo&report=1","headers":{"Accept-Encoding":["gzip, deflate, br"],"Connection":["keep-alive"],"Authorization":[],"User-Agent":["PostmanRuntime/7.36.3"],"Accept":["*/*"],"Cache-Control":["no-cache"],"Postman-Token":["609f43ba-93a0-4047-9aca-14dcfc479da2"]}},"bytes_read":0,"user_id":"Bob","duration":0.986487807,"size":384,"status":200,"resp_headers":{"Last-Modified":["Fri, 16 Nov 2018 15:21:05 GMT"],"Etag":["W/\"5beee061-264\""],"Content-Encoding":["gzip"],"Date":["Wed, 06 Mar 2024 23:19:58 GMT"],"Server":["Caddy","nginx/1.14.0 (Ubuntu)"],"Content-Type":["text/html"]}}