Using maxmind_geolocation with reverse_proxy

Puto · May 12, 2023, 2:52pm

1. The problem I’m having:

I’m trying to set up caddy so that accesses coming from Portugal get reverse-proxied through, and anything from anywhere else gets a 403 error. Unfortunately, I can’t seem to figure out how to get the config file for it right.

2. Error messages and/or full log output:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version:

v2.6.4 with the porech/caddy-maxmind-geolocation module.

4. How I installed and ran Caddy:

Downloaded the binary from Download Caddy

a. System environment:

Ubuntu Linux Jammy, amd64.

b. Command:

./caddy_geolock start

d. My complete Caddy config:

{
	acme_ca https://api.buypass.com/acme/directory
	email pedro.mcs@gmail.com
	key_type p256
}
syaoran.puto.pt {
	file_server browse
}

ircproxy.puto.pt {
	reverse_proxy * 127.0.0.1:9500
}

projetos.puto.pt {
	@mygeofilter {
		maxmind_geolocation {
			db_path "/home/ubuntu/GeoLite2-Country.mmdb"
			allow_countries PT
		}
	}

	reverse_proxy * 127.0.0.1:5000 {
		@mygeofilter
	}

	basicauth /bridge/* {
		[USERNAME] [PASSWORD GOES HERE]
	}
}

5. Links to relevant resources:

Puto · May 12, 2023, 2:52pm

I’m basically trying to get the @mygeofilter and reverse_proxy sections to work together, but it doesn’t seem to be working – the current attempt just lets anybody through.

matt · May 12, 2023, 5:15pm

That’s because:

The * means “every request”. So you’re allowing every request through the filter. And @mygeofilter inside the block shouldn’t even parse correctly, I’m surprised you don’t get errors.

Do this instead:

reverse_proxy @mygeofilter 127.0.0.1:5000

francislavoie · May 12, 2023, 6:53pm

Technically that syntax used to define a response matcher. But I’m surprised passing no arguments to it doesn’t error, yeah. I’ll look into that.

What you probably want though is to reject the request if the not from PT, so you should do this instead:

@mygeofilter not maxmind_geolocation {
	db_path "/home/ubuntu/GeoLite2-Country.mmdb"
	allow_countries PT
}
error @mygeofilter 403

reverse_proxy 127.0.0.1:5000

matt · May 12, 2023, 6:57pm

Ah good point, forgot about that!

system · June 11, 2023, 6:57pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.