On Demand TLS and Reverse Proxy Support for Custom Domains
I came into a situation today. Please share your expertise 🙏
I have a project (my-app.com) and one of the features is to generate a status page consisting of different endpoints.
Current Workflow
- User login into the system
- User creates a status page for one of his sites (e.g.google) and adds different endpoints and components to be included on that page.
- System generates a link for a given status page.
For Example.
my-app.com/status-page/google
- But the user may want to see this page in his custom domain.
For Example.
status.google.com
Since this is a custom domain, we need on-demand TLS functionality. For this feature, I used Caddy and is working fine. Caddy is running on our subdomain
status.myserver.comand user's custom domainstatus.google.comhas a CNAME to our subdomainstatus.myserver.comBesides on-demand TLS, I am also required to do reverse proxy as shown below.
For Example.
status.google.com ->(CNAME)-> status.myserver.com ->(REVERSE_PROXY)-> my-app.com/status-page/google
But Caddy supports only protocol, host, and port format for reverse proxy like my-app.com but my requirement is to support reverse proxy for custom page my-app.com/status-page/google. How can I achieve this? Is there a better alternative to Caddy or a workaround with Caddy?
You're right, since you can't use a path in a reverse-proxy upstream URL, you'd have to do rewrite the request to include the path first, before initiating the reverse-proxy.
Additionally, upstream addresses cannot contain paths or query strings, as that would imply simultaneous rewriting the request while proxying, which behavior is not defined or supported. You may use the rewrite directive should you need this.
So you should be able to use an internal caddy rewrite to add the /status-page/google path to every request. Then you can simply use my-app.com as your Caddy reverse-proxy upstream. This could look like this:
https:// {
rewrite * /status-page/google{path}?{query}
reverse_proxy http://my-app.com
}
You can find out more about all possible Caddy reverse_proxy upstream addresses you can use here: https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#upstream-addresses
However, since you probably can't hard-code the name of the status page (/status-page/google) in your Caddyfile, you could set up a script (e.g. at /status-page) which takes a look at the requested URL, looks up the domain (e.g. status.google.com) in your database, and automatically outputs the correct status-page.
- Second nginx route doesn't work when there are two NextJs applications hosted
- Remove a part of a log in Loki
- nginx - nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
- How do I open another port in a docker nginx container (only in the container; so, NOT publishing which is the -p flag)?
- docker private registry with nginx reverse proxy freeze when pushing
- Load balancer on Nginx give 502 Bad Gateway
- nginx: use environment variables
- Nginx rewrite and change timestamp format
- how to serve a specific page for each domain name pointing to my nextjs app using nginx
- Response returned only after kernel.terminate event
- How to redirect a web page with a Hash in URL NGINX Ubuntu Server
- nginx "server_tokens off" does not remove the server header
- Accessing just a specific folder should redirect
- Send nginx logs to both syslog and stdout/stderr
- Use nginx to serve static files from subdirectories of a given directory
- Nginx http call partial transfer in Azure Container App Environment
- Nginx reachable from localhost not outside of network, other programmes are reachable
- NGINX to reverse proxy websockets AND enable SSL (wss://)?
- Nginx ip configuration issue
- Can't disable buffering on a cgi using nginx, fastcgi and bash
- File Not Found when running PHP with Nginx
- Certbot not creating acme-challenge folder
- upstream name comes to url in browser - nginx configuration
- React + Docker + Nginx
- When using proxy_pass, can /etc/hosts be used to resolve domain names instead of "resolver"?
- nginx: trigger slow php-fpm process, but quickly return status 200
- Terraform Kubernetes NGINX Ingress - Host rules not returning 504 (Gateway Timeout)
- nginx-openresty rewrite_by_lua_block and ngx.req.set_uri redirects to a file instead of location
- NGINX Digest, limit_except GET, but allow localhost
- How do I access a server on localhost with nginx docker container?