I'm having trouble setting a custom http and https port on caddy in my Caddyfile and could not find an answer using google and stackoverflow
I can set a custom http port like this :
http://example.com:2015
but I can't set a custom https port
http://example.com:2015
https://example.com:2016
as caddy only reads the first line as valid.
Starting the file with https://example.com:2016 will try to bind http to port 80 which is already taken
I simply want to bind http to port 2015 and https to port 2016
Here is my current Caddyfile:
http://example.com:2015
https://example.com:2016
gzip
log access.log
basicauth / username password
filemanager / /path {
database dbname.db
no_auth
}
thank you for your time :)
If you are using multiple hosts
http://example.com:2015 {
tls off
gzip
log access.log
basicauth / username password
filemanager / /path {
database dbname.db
no_auth
}
}
https://example.com:2016 {
tls self_signed
gzip
log access.log
basicauth / username password
filemanager / /path {
database dbname.db
no_auth
}
}
If you wish for Caddys Automagic HTTPS you will need to use 443 but if you want to supply your own cert or self_sign (or us DNS challenge) then you should be ok.
Also well worth checking out https://caddy.community/
Related
I'm still new to nginx and I want to accomplish this.
I have two servers (server1 and server2), with an sftp server (bitvise) on server1.
And on server2 I have an nginx docker container running.
I want to configure nginx so when trafic comes to server2 (the one with nginx) on port 22 , it get redirected to server1, where my sftp sever is present.
I have an dns "transfer.test.com" mapped to my server2 public IP (tested).
This is the configuration I have added to nginx conf file.
server {
listen 22;
server_name transfer.test.com;
return 301 https://google.com;
location / {
set $sftp server1-private-ip:22;
proxy_pass $sftp;
}
}
server1-private-ip is the private IP of server1 (the one with sftp).
but till now its not working.
I can connect to sftp using filezile using the private IP of server1 BUT
I can't connect to sftp using filezila using the private IP of server2, means the trafic is not getting redirected.
Thank you for the help.
If you want to use nginx as a proxy to non-HTTP protocols like SSH or SFTP, you should define your server in a stream context rather than http one. Typical main configuration file (usually /etc/nginx/nginx.conf) looks like
user <username>;
worker_processes <number>;
...
events {
worker_connections <number>;
}
http {
include /etc/nginx/mime.types;
... # other global http directives here
include /etc/nginx/conf.d/*.conf;
}
As you can see, configuration files for individual servers (or server groups) are being included within the http context. You should add stream block to your main configuration file:
user <username>;
worker_processes <number>;
...
events {
worker_connections <number>;
}
http {
...
}
stream {
server {
listen 22;
proxy_pass <server1_private_ip>:22;
}
}
Directives like server_name or location are meaningless in the server blocks defined under the stream context. Please note that for using above configuration nginx should be compliled with ngx_stream_core_module and ngx_stream_proxy_module modules.
I'd like to set up two secure reverse proxies on the same server with a single Caddyfile. The web server listens on port 8081, and the following successfully accepts outside connections on normal port 443 and directs them internally to 8081.
# this works, accepting requests at https://api.mysite.com
api.mysite.com {
tls webmaster#mysite.com # lets encrypt
reverse_proxy localhost:8081
log
}
Now I want to also be able to connect to a database server that listens on port 7777, but I'd like to keep that port shut to the outside and accept incoming connections at port 9999 (over SSL/TLS). So far my attempts at building a Caddyfile have not just been unsuccessful, they also prevent the initial secure web connection from working.
(Caddy 2.4.3)
api.mysite.com {
tls webmaster#mysite.com # lets encrypt
reverse_proxy localhost:8081
log
}
api.mysite.com:9999 {
reverse_proxy localhost:7777
log
}
Nope
api.mysite.com {
tls webmaster#mysite.com # lets encrypt
reverse_proxy localhost:8081
log
}
localhost:9999 {
reverse_proxy localhost:7777
log
}
Nope
api.mysite.com {
tls webmaster#mysite.com # lets encrypt
reverse_proxy localhost:8081
localhost:9999 {
reverse_proxy localhost:7777
}
log
}
Still nope
I'm having a very difficult time getting much useful information from the Caddyfile docs. Any ideas? Thanks in advance.
I've been issues to get the HTTPS address for my server. Let's say I have a domain www.mydomain.com
If I run this command it just works fine. I can get the HTTPS.
caddy -host www.domain.com
But I have some proxies that I use for django. So I have a CaddyFile. This is how the CaddyFile is set:
# Django
www.mydomain.com {
root /root/my_projects/my_project
proxy / 127.0.0.1:8000 {
transparent
except /static
}
log /var/log/caddy.log
So if I run this command
caddy -host CaddyFile
, it's not giving me HTTPS. Instead this is what the output is:
Activating privacy features... done.
Serving HTTP on port 2015
http://.:2015/caddyfile
So how should I configure the file or what command should I use to get HTTPS on my server with the proxy and the root folder that I set in the CaddyFile?
Thanks.
I'm guessing you use caddy v1.
From the caddy docs said:
-host
The default hostname or IP address to listen on. Sites defined in the Caddyfile without a hostname will assume this one. This is usually used with -port to quickly get simple sites up and running without a Caddyfile.
The -host option maybe ignored your Caddyfile.
If your Caddyfile is in the same directory with caddy binary, try remove all args, just run caddy. It will automatically picks up the Caddyfile.
Otherwise, try this caddy -conf <path/to/your/Caddyfile>
"By default, Caddy will bind to ports 80 and 443 to serve HTTPS and redirect HTTP to HTTPS." (https://caddyserver.com/docs/automatic-https)
How can we change this port?
Background:
In our setup, Caddy runs behind an AWS load balancer which forwards requests from port 443 to port 4443. Therefore, we would like to have Caddy listen on 4443. (We use the DNS challenge.)
According to the documentation:
The first line of the Caddyfile is always the address of the site to serve.
In your Caddyfile:
<domain>:<port>
Example:
localhost:8080
You should be able to do this
https://example.com:4443 {
# config info
}
Above answers are both good, but if you want to run on specific port and have other reverse proxy redirecting from yourdomain.com:443 to <MY_SERVER_IP>:4443, you can use global settings
{
http_port 880
https_port 4443
}
mydomain.com {
...
}
Only use this when you want your server to run on 4443 but be able to accept requests where Host: mydomain.com is present (host doesn't have :4443 port)
I am trying to run multiple NodeJs server for (official) Kik Chatbots with different webhooks from one Subdomain on my webserver.
However, I am not able to do that. For one bot it works just fine. This is my setup for one working NodeJs server only:
Lets assume all webhooks are located at https://bots.mydomain.com
app.js:
'use strict';
let util = require('util');
let http = require('http');
let request = require('request');
let Bot = require('#kikinteractive/kik');
let bot = new Bot({
username: "foo",
apiKey: "bar",
baseUrl: "https://bots.mydomain.com"
});
bot.updateBotConfiguration();
// ... code ...
let server = http.createServer(bot.incoming()).listen(process.env.PORT || 8080);
So this Nodejs server is basically listening on port 8080. Therefore, my nginx config for the site https://bots.mydomain.com looks like this:
server {
root /var/www/bots.mydomain.com/public_html;
index index.php index.html index.htm;
server_name bots.mydomain.com;
location / { proxy_pass http://localhost:8080/; } # Port 8080
}
So far so good. This works perfectly fine! But here comes the issue:
If I try to run multiple NodeJs server, by making directories in the public_html folder, lets say /bot1 and /bot2 and adapt my nginx config like that:
server {
root /var/www/bots.mydomain.com/public_html;
index index.php index.html index.htm;
server_name bots.mydomain.com;
location /bot1 { proxy_pass http://localhost:8080/; } # Port 8080
location /bot2 { proxy_pass http://localhost:8090/; } # Port 8090
}
and finally setting the second server to listen on port 8090 instead of 8080 and of course setting the base URL to https://bots.mydomain.com/bot1 or https://bots.mydomain.com/bot2, nothing works anymore. And by that I mean the webhooks do no pass any data to the NodeJs server. They are, however running! I know this because if I navigate to (for example) https://bots.mydomain.com while the bot is offline, I obviously receive the error 502 Bad Gateway but if the bot is online I get a timeout (which means the server is indeed listening).
Am I missing something or does Nginx just not allow multiple webhooks or proxy_passes for directories?
A workaround would be to make a subdomain for each bot, which would work (I tried). But I'd like to use sub directories rather than subdomains for the bots.
EDIT:
I noticed a strange behavior: If I set a proxy_pass for /
like: location / { proxy_pass http://localhost:8080; }
to port 8080 and set the baseurl in the bot1 script to bots.mydomain.com/bot1, Bot-1 works.
But I obviously still can't get other bots to work aswell because I'm using the root (/).
Does that mean it's a problem with Kik-API's way of listening?
EDIT 2:
I checked the Nginx Log now and it seems like the Kik Wrapper tries to listen on a directory which doesn't exists. I did the following: Start the bot on port 8080 & message it. This is the log output:
https://pastebin.com/7G6TViHM
2017/04/13 09:07:05 [error] 15614#15614: *1 open() "/var/www/bots.mydomain.com/public_html/incoming" failed (2: No such file or directory), client: 107.XXX.XXX.XXX, server: bots.mydomain.com, request: "POST /incoming HTTP/1.1", host: "bots.mydomain.com"
2017/04/13 09:07:13 [error] 15614#15614: *1 open() "/var/www/bots.mydomain.com/public_html/incoming" failed (2: No such file or directory), client: 107.XXX.XXX.XXX, server: bots.mydomain.com, request: "POST /incoming HTTP/1.1", host: "bots.mydomain.com"
But I still don't know how to fix this. As a test I created the directory incoming in public_html. This returned the following in the log:
2017/04/13 09:32:41 [error] 15614#15614: *10 directory index of "/var/www/bots.mydomain.com/public_html/incoming/" is forbidden, client: 107.XXX.XXX.XXX, server: bots.mydomain.com, request: "GET /incoming/ HTTP/1.1", host: "bots.mydomain.com"
Does anyone have an idea on how to fix it?
I think your issue lies with a trailing slash in proxy_pass, which removes the /bot1 and /bot2 prefixes once passed to upstream (replacing both with mere /), so, each bot in your nodejs code has a mismatched baseUrl setting as a result (as you mention that you did change those settings appropriately to match the external URL).
-location /bot1 { proxy_pass http://localhost:8080/; } # Port 8080
-location /bot2 { proxy_pass http://localhost:8090/; } # Port 8090
+location /bot1 { proxy_pass http://localhost:8080; } # Port 8080
+location /bot2 { proxy_pass http://localhost:8090; } # Port 8090
It probably doesn't wok because your target servers get the path that includes the /bot1 and /bot2 prefix, which they may not expect.
Maybe try:
location /bot1 {
rewrite ^/bot1/(.*)$ /$1 break;
proxy_pass http://localhost:8080/;
}
location /bot2 {
rewrite ^/bot2/(.*)$ /$1 break;
proxy_pass http://localhost:8090/;
}
In case anyone comes across this question:
It's just not possible by Kik's API design.
When you initialize your bot with
let bot = new Bot({
username: "foo",
apiKey: "bar",
baseUrl: "https://bots.mydomain.com"
});
this baseUrl is essentially a webhook and cannot be re-used. It has to be somewhat unique.
A possible work-around would be specifying a port directly in the base-url.