I'm new to Caddy server but their website looked promising. I want to use it as a reverse proxy for the websites that are hosted on other servers. So, I have 2 websites; a Wiki and a photo gallery, that needs to be hosted outside of my local network.
Caddyfile
My Caddyfile is pretty straight forward:
coppery.<my domain name> {
proxy / http://192.168.1.66:80 {
transparent
}
}
wiki.<my domain name> {
proxy / http://192.168.1.88:8080 {
transparent
}
}
When I first started caddy I saw some HTTPS stuff with lets encrypt but that was succesful so now when I start it I get this output:
root#caddy:~# caddy
Activating privacy features... done.
Serving HTTPS on port 443
https://coppery.<my domain name>
https://wiki.<my domain name>
Serving HTTP on port 80
http://coppery.<my domain name>
http://wiki.<my domain name>
WARNING: File descriptor limit 1024 is too low for production servers. At least 8192 is recommended. Fix with `ulimit -n 8192`.
I think for now I can dismiss the warning, I might solve that in the future but this is not a production environment anyway.
Portforwarding and DNS
I configured the domain names to resolve to my IP address (this already worked) and when I ping the domain names, they resolve the IP address correctly.
When I access the IP-addresses directly from my local network it works, I get the websites I expect. So I added some configuration on my router and port forwarded port 80 and 443 to the local IP address of the machine hosting the Caddy server.
Now when I try to access coppery.<my domain name> on either HTTP or HTTPS it's not showing anything.
So my only guess is that there is something wrong with the Caddyfile configuration but it's a realy simple case and all I've done is using the examples I found online. Which don't seem to work.
So the question is: What am I missing to make this work as intended?
The problem was the DNS. Once I configured the domain names in my local host file it worked. So the configuration in my question is all correct.
Related
I have a server EC2 instance running in AWS, behind a load balancer which currently doesn’t really do anything since I only have one instance (eventually, I planned on using it to scale and distribute traffic among multiple instances). I’m using Rt53 to point my domain name to the load balancer.
The webserver on the instance uses node(js) and express to serve the site over port 443 (https) with the proper certificates loaded in for encryption/identity/etc, generated by certbot using Let’s Encrypt.
The load balancer is configured like so:
load balancer general config
load balancer target config
So for both ports the load balancer points to the same server, using HTTPS:443, which I figured would force all connections to be encrypted. However, when I type in my URL as http://mydomain.tld it takes me to the webserver with no indication that it’s an https connection.
How is this happening? My nodejs server’s not set up to do anything over port 80, and I thought the load balancer should route all connections to port 443.
80 is the default port for the World Wide web. If you type in google.com:80, it will send you to google normally, while if you try google.com:81, you will not connect.
If you disable 80 port and somebody type http://abc it will show error the best way is to redirect 80 requests to 443
create a redirection from 80 to 443.
app.use(function(request, response){
if(!request.secure){
response.redirect("https://" + request.headers.host + request.url);
}
});
Generally most web server has multiple binding 80 and 443 both.Since if certificate expires you can use 80.
There are several methods of enabling an Apache redirect http to https:
Enable the redirect in the Virtual Host file for the necessary domain.
Enable it in the . htaccess file (previously created in the web root folder).
Use the mod_rewrite rule in the Virtual Host file.
Use it in the . htaccess file to force HTTPS.
https://developer.ibm.com/technologies/node-js/tutorials/make-https-the-defacto-standard/
So if traffic is being forwarded to the same target group that means the same server port will be used for forwarded traffic from the load balancer (ALB).
Requests get mapped to this from the listener and translated to the port mapping for the target group instead.
Therefore, there are two possible practical scenarios that result from this configuration:
client--[HTTP:80]-->ALB--[HTTPS:443]-->EC2
client--[HTTPS:443]-->ALB--[HTTPS:443]-->EC2
Beginner question here. I tried plenty of tutorials but I cannot seem to get the domain name up.
Basically, I deployed my node app on DigitalOcean and the link works (I use the port 5000 jic). These are the steps I took from there:
Set up a domain on DigitalOcean.
Copied the 3 DNS links (ns3.digitalocean.com) to namecheap on custom DNS.
Create a new record on DigitalOcean with the IP of my project (without port as thats not accepted).
I can now access the website using the domain name but I need to put the port number as well, ie. mylink.com:5000
How do I avoid that or can someone explain me the right steps to link my namecheap domain with my digitalocean node app? This is my first time doing this.
Basically you cannot, you should either use port 80 for HTTP, or port 443 for HTTPS so the URL won't need a port (it defaults to them automatically) or you will have to use reverse-proxy (e.g. nginx) if you have to keep your port 5000.
I recently got to know about DNS (Domain Name System Or Domain Name Server) and how it works. I want to know - can I access to a website by using its IP address and how?
-ThankYou
TL;DR: It depends how the server is configured but probably not and I would not rely on it.
This is because the website you are trying to access is likely behind a reverse proxy or load balancer. The load balancer acts like a railroad switch depending on the hostname you use to connect to it.
For simplicity, imagine that google.com and mail.google.com are on the same server with the same IP: 192.168.1.1.
If you were to try to connect directly to http://192.168.1.1/, how would the web server know which service you wanted? It wouldn't. In fact there are companies who's business is based solely around load balancing other companies' servers.
When you connect to a host with your browser, for example: https://www.google.com, your browser sends a special HOST=www.google.com header behind the scenes. The load balancer processes this header and routes the request to the correct server (which may be on a completely different server, network, etc).
Digital Ocean has a great tutorial on how to configure a basic virtual host for nginx. This demonstrates the basics of what a multi-host configuration might look like.
If you don't want to mess with DNS servers, you could set up a local lab environment on your desktop simply by modifying your hosts file. You can google where your operating systems hosts file is located.
If you have access to cURL, you can test the results like so:
# if you've configured a virtual host for mysite01.local on port 80
curl --verbose --header 'Host: mysite01.local' 'http://127.0.0.1'
# if you've configured a virtual host for mysite02.local on port 80
curl --verbose --header 'Host: mysite02.local' 'http://127.0.0.1'
# depending on your configuration this may return a 404 or point to one of your previous sites
curl --verbose 'http://127.0.0.1'
Yes, you can access any domain using IP address. Domain is just a name of website, IP address is the address of the page/website.
You can always ping website using command prompt:
ping www.google.com
You get one ip address which in this case is 216.58.197.78. Now when you hit the ip address in browser you will be redirected to google.com.
You can think of DNS (Domain Name System) as a table which provides mapping between IP address(216.58.197.78) and domain name(www.google.com)
I want to point a domain to the nodejs app running on 3000 port.
Currently my app is hosted on aws. If I have to point my domain to the app, so that I don't have to write <domain>:<port_number> in browser then I think I have two options:
use nginx to proxy the request to port 3000
use aws route 53 for the same
Correct me if I'm wrong and please suggest which one should I opt
Route 53 is just a Domain Name Server.
If you fire up a EC2 instance, you can reach it with the IP address. In addition you get a generic domain to connect to your EC2 instance, something like this: ec2-xx-xxx-xxx-xxx.eu-west-1.compute.amazonaws.com
This is ok for testing, but not for a production setup.
So if you want to point a more pleasant domain name to your instance, you need to edit the dns record on your DNS Server. For this you can use Route 53 or any other DNS Service like namecheap or iwantmyname.com.
You can't configure ports there, so use option 1 and set up nginx.
Of cause, as option 3 you can change the port of your nodejs app to port 80, but then you need to run it as root user and that is really bad practice!
So stick with nginx.
More about DNS: https://en.wikipedia.org/wiki/Domain_Name_System
I have a server that runs different websites on different ports. All of them (but one) are Apache servers and thanks to webmin, I managed to have, for instance, example.com point to 123.123.123.123:80 and example.fr to 123.123.123.123:8000, somehow automatically
I am now running a nodejs server on the same machine, so the 80, 8000, and many other ports are already taken. My nodejs listens on 8008. I have another domain name, say example.org, and I want it to point to my nodejs website, but I simply don't know how to do that! I have updated the DNS and everything is pointing to 123.123.123.123 (my server's IP). I want to avoid using an ugly example.org:8008/ for everything on this node server. How can I make it point implicitly to the 8008 port?? I must add that I cannot afford to take down the apache servers ;)
DNS only provides name to ip address mapping. It cannot handle ports. What you can do instead is to set up a proxy server listening on port 80. The proxy server can then return data based on the host header.
Your best option is to just redirect the request from Apache. Otherwise you can use a reverse proxy like Nginx. Also, you can write a lightweight proxy in node... check out this page