(Read this, then delete it before you post.) To get the best help possible, please:
I’m trying to get a subdomain to forward traffic to localhost:5901 {vncserver} in the hopes that I can use caddy tls subdomain in vnc viewer for a tightvncserver session thus sending my password over a secure connection.
I’ve run caddy with “tls off” and without a tls entry and vncviewer still saids “the connection was refused by computer” when i try to connect via the subdomain.
From what I’m reading, VNC needs port x+n, where x is usually the default 5900 and n is the display number (for virtual displays, etc).
Could it be that VNC expects more or different ports to be available? If the ports are open, and Caddy is logging the proxy, I’d have to assume that the connections are being refused at the target port i.e. 5901.
So VNC doesn’t negotiate over the initial port and then connect to a higher port, counting up to the virtual display number?
It would explain this behaviour because connecting over 5901 and then adding port numbers for the virtual display, e.g. 5902, would work, but wouldn’t for 12017 (because Caddy isn’t listening or proxying from 12018).
Yep, they look pretty weird - to me they look more like source ports (from the connecting client) - they tend to be pretty high and a bit random.
The print line in the source code is here, I’ll look in to exactly what it’s echoing…
To clarify, it prints that line when a close signal is sent through the proxy, so either the client or the server (looks like the server) is closing the connection.
I mean, I haven’t ruled it out yet. It should be a straightforward TCP proxy, so as long as everything is configured for VNC’s requirements, it should work just fine. I’m just not familiar enough with VNC to say for sure what it needs re: port behaviour, which prompted the question from my previous comment in this thread.
Not sure if this is useful at all but I was able to make caddy do exactly what you are trying without any trouble. I used this Caddyfile (so obviously no TLS involved)
proxy :12017 :5901 {
host proxy.example.com
tls off
}
When I started a VNC server on that port I was able to access it fine (the connection refused errors were when I tried connecting without starting the VNC server):
$ ./caddy -type=net -conf Caddyfile
Activating privacy features... done.
[INFO] Proxying from :12017 -> :5901
WARNING: File descriptor limit 1024 is too low for production servers. At least 8192 is recommended. Fix with "ulimit -n 8192".
[ERROR] Cannot connect to remote connection: %s Err:dial tcp :5901: connect: connection refused
[ERROR] Cannot connect to remote connection: %s Err:dial tcp :5901: connect: connection refused
Done proxying: [::1]:12017 127.0.0.1:40826
In this case the second port number seems to be the port Caddy is outputting the traffic on so it does make sense - you connect to caddy on port 12017 & it then creates a connection from 127.0.0.1:42862 → 127.0.0.1:5901 to connect to the VNC server.