caddy: one server, 2 secure reverse proxies - caddy

I'd like to set up two secure reverse proxies on the same server with a single Caddyfile. The web server listens on port 8081, and the following successfully accepts outside connections on normal port 443 and directs them internally to 8081.
# this works, accepting requests at https://api.mysite.com
api.mysite.com {
tls webmaster#mysite.com # lets encrypt
reverse_proxy localhost:8081
log
}
Now I want to also be able to connect to a database server that listens on port 7777, but I'd like to keep that port shut to the outside and accept incoming connections at port 9999 (over SSL/TLS). So far my attempts at building a Caddyfile have not just been unsuccessful, they also prevent the initial secure web connection from working.
(Caddy 2.4.3)
api.mysite.com {
tls webmaster#mysite.com # lets encrypt
reverse_proxy localhost:8081
log
}
api.mysite.com:9999 {
reverse_proxy localhost:7777
log
}
Nope
api.mysite.com {
tls webmaster#mysite.com # lets encrypt
reverse_proxy localhost:8081
log
}
localhost:9999 {
reverse_proxy localhost:7777
log
}
Nope
api.mysite.com {
tls webmaster#mysite.com # lets encrypt
reverse_proxy localhost:8081
localhost:9999 {
reverse_proxy localhost:7777
}
log
}
Still nope
I'm having a very difficult time getting much useful information from the Caddyfile docs. Any ideas? Thanks in advance.

Related

nginx re-route all data based on port (nginx proxy)

I'm still new to nginx and I want to accomplish this.
I have two servers (server1 and server2), with an sftp server (bitvise) on server1.
And on server2 I have an nginx docker container running.
I want to configure nginx so when trafic comes to server2 (the one with nginx) on port 22 , it get redirected to server1, where my sftp sever is present.
I have an dns "transfer.test.com" mapped to my server2 public IP (tested).
This is the configuration I have added to nginx conf file.
server {
listen 22;
server_name transfer.test.com;
return 301 https://google.com;
location / {
set $sftp server1-private-ip:22;
proxy_pass $sftp;
}
}
server1-private-ip is the private IP of server1 (the one with sftp).
but till now its not working.
I can connect to sftp using filezile using the private IP of server1 BUT
I can't connect to sftp using filezila using the private IP of server2, means the trafic is not getting redirected.
Thank you for the help.
If you want to use nginx as a proxy to non-HTTP protocols like SSH or SFTP, you should define your server in a stream context rather than http one. Typical main configuration file (usually /etc/nginx/nginx.conf) looks like
user <username>;
worker_processes <number>;
...
events {
worker_connections <number>;
}
http {
include /etc/nginx/mime.types;
... # other global http directives here
include /etc/nginx/conf.d/*.conf;
}
As you can see, configuration files for individual servers (or server groups) are being included within the http context. You should add stream block to your main configuration file:
user <username>;
worker_processes <number>;
...
events {
worker_connections <number>;
}
http {
...
}
stream {
server {
listen 22;
proxy_pass <server1_private_ip>:22;
}
}
Directives like server_name or location are meaningless in the server blocks defined under the stream context. Please note that for using above configuration nginx should be compliled with ngx_stream_core_module and ngx_stream_proxy_module modules.

Nginx Proxy On Custom Port

I have a node process listening on port 11180, and would like to redirect all request from https:example.com:11179 to it. How can I accomplish this with nginx ?
I cannot use port 443, because it is forwarding to a different process. However I do have a certificate for the domain example.com
I have tried using this configuration
server {
listen 11179 ssl
location / {
proxy_pass http://127.0.0.1:11180
...
}
}
but the site just keeps loading, however the same configuration works if i listen on port 443
server {
listen 443 ssl
location / {
proxy_pass http://127.0.0.1:11180
...
}
}
Thanks a bunch for your help
Turns out it was a firewall problem :P

Nginx upstream servers all go down when one of them shuts down

I'm trying to set up upstream servers with nginx. All run the same Node.js app on port 8080 with pm2. Here is the nginx default.conf of the main server
upstream backend {
ip_hash;
server localhost:8080;
server sv1_ip_address;
server sv2_ip_address;
}
server {
listen 443 ssl;
location / {
proxy_pass http://backend;
...
}
...
}
And on sv1 and sv2, I have the same default.conf as follows
server {
listen 80 default_server;
location / {
proxy_pass http://localhost:8080;
...
}
}
Now when I tried shutting down either sv1 or sv2 (using pm2 kill for Node or even reboot), all upstream servers went down and I receive a 500 error (?) when accessing the app by the domain name. So I thought there was something wrong with nginx on those secondary servers and I replaced upstream backend with this
upstream backend {
ip_hash;
server localhost:8080;
server sv1_ip_address:8080;
server sv2_ip_address:8080;
}
and now shutting down or rebooting were handled correctly (meaning nginx will route the requests to one of the living servers). Is this an expected behavior, or am I doing something wrong here? I don't think routing requests directly to port 8080 is a good idea though.
I donot know why you had to install nginx service on sv1 and sv2 servers.
When you reboot sv1 , sv2 servers, it should be enabling nginx first. Please check service nginx status is running or not once reboot is done.
And you kill node meaning application is down, so you got 500 error on nginx

Specify Caddy listening port

"By default, Caddy will bind to ports 80 and 443 to serve HTTPS and redirect HTTP to HTTPS." (https://caddyserver.com/docs/automatic-https)
How can we change this port?
Background:
In our setup, Caddy runs behind an AWS load balancer which forwards requests from port 443 to port 4443. Therefore, we would like to have Caddy listen on 4443. (We use the DNS challenge.)
According to the documentation:
The first line of the Caddyfile is always the address of the site to serve.
In your Caddyfile:
<domain>:<port>
Example:
localhost:8080
You should be able to do this
https://example.com:4443 {
# config info
}
Above answers are both good, but if you want to run on specific port and have other reverse proxy redirecting from yourdomain.com:443 to <MY_SERVER_IP>:4443, you can use global settings
{
http_port 880
https_port 4443
}
mydomain.com {
...
}
Only use this when you want your server to run on 4443 but be able to accept requests where Host: mydomain.com is present (host doesn't have :4443 port)

ExpressJS Server - respond to host header with shared port

Lets say I have corporatewebsite.com listening on port 80. Which is an appache / WordPress site.
I have a node application that I'd like to respond to sub.corporatewebsite.com
The node application is running Express currently. I can get it to listen to a separate port at the moment, but my service won't start if it's pointed to port 80 since it's already in use.
How can I have both apache and node listening to port 80, but having node responding to the subdomain?
You could use a reverse proxy like Nginx to route your subdomains.
Here is an example of nginx configuration, you might probaly have to complete according to your project and server :
server {
listen 80;
server_name corporatewebsite.com;
location / {
[ ... some parameters ... ]
include proxy_params; // Import global configuration for your routes
proxy_pass http://localhost:1234/; // One of your server that listens to 1234
}
}
server {
listen 80;
server_name sub.corporatewebsite.com;
location / {
[ ... some parameters ... ]
include proxy_params;
proxy_pass http://localhost:4567/; // The other server that listens to 4567
}
}
You have to configure, for example, apache2 listening to port 1234 while nodejs is listening to port 4567.
If you do like this, a good practice is to block direct access from the outside to your ports 1234 and 4567 (using iptables for example).
I think this post could be useful to you : Node.js + Nginx - What now?

Resources