Caddy v2 Reverse Proxy Setup?

[JamesMowery]

Does someone have an example of how to get this working with Caddy v2? I have certs and everything with Cloudflare enabled. Websockets are said to "just work" with Caddy v2, so no further setup should be necessary.

Here's my docker-compose.yml for convos:

version: "3.8"

services:
  convos:
    image: ghcr.io/convos-chat/convos:alpha
    container_name: "convos"
    restart: unless-stopped
    ports:
      - "8085:3000"
    networks:
      - caddy
    volumes:
      - $HOME/containers/convos/data:/data
    environment:
      - CONVOS_REVERSE_PROXY=1

networks:
  caddy:
    external: true

And here is my Caddyfile:

{
  https_port 443
  auto_https disable_certs
}

website.com {
  tls /data/certificate.pem /data/key.pem
}

# For wildcard domain handling
*.website.com {
  tls /data/certificate.pem /data/key.pem

  # Subdomain setup for "convos.website.com"
  @convos host convos.website.com
  handle @convos {
    reverse_proxy host.docker.internal:8085 {
      header_up Host {host}                  # not sure if "{host}" is valid; it's literally written as this
      header_up X-Forwarded-For {remote}     # not sure if {remote} is valid; it's literally written as this
      header_up X-Request-Base "https://convos.website.com/"

      # I tried the following options but they don't work (not even sure if they are real options)
      #header_up Upgrade {>Upgrade}
      #header_up Connection {>Connection}
      #request_body {
      #  max_size 0
      #}
    }
  }
}

EDIT: An example of what I tried first (so no one thinks I'm over-complicating it intentionally):

{
  https_port 443
    auto_https disable_certs
}

website.com {
  tls /data/certificate.pem /data/key.pem
}

# For wildcard domain handling
*.website.com {
  tls /data/certificate.pem /data/key.pem

  # Subdomain setup for "convos.website.com"
  @convos host convos.website.com
  handle @convos {
    reverse_proxy host.docker.internal:8085
  }
}

I can see the Convos website when I access it. I get the following error when I attempt to register a username/password:

Failed fetching operationId "registerUser": SyntaxError: Unexpected token '<', "<!DOCTYPE "... is not valid JSON

I asked ChatGPT to generate the above config while trying to convert it from the nginx and apache one (I wasn't expecting it to work, but it at least gets me to the homepage). I don't really know if any of the config sections containing "header_up" is valid or not, but I do have several other services running with a very similar setup (without any "header_up" items) working perfectly.

[asdofindia]

I don't know what's complicating your setup, but mine is convos running as a systemd service on port 3000 and Caddyfile like this:

chat.example.com {
        reverse_proxy localhost:3000
        log
}

Maybe it just works if you let it just work? ;)

[JamesMowery]

@asdofindia "Maybe it just works if you let it just work? ;)"

That sounds wonderful in theory. That was the FIRST thing I tried. To be VERY clear: I wouldn't over-complicate something if I didn't have to, that's just silly. The example of my config I provided above is to show the length of how many different options I have tried. I went back in and updated what I did originally.

That being said, I switched to a different solution that I'm very happy with, and it worked perfectly out of the box with a similar Caddyfile config. So I will close this, but if anyone else has issues, know that you're not alone.

[trymbill]

@JamesMowery You wouldn't mind sharing that Caddyfile config?

I'm stuck with the same error while trying to create the initial user. Website works fine, websocket connection is made, but on "Sign up" I get a 502 from /api/user/register.json coming from openresty, not caddy 🤔

[JamesMowery]

@trymbill I was not able to resolve. I switched to a different solution. The Caddyfile I ended up with is posted above. Didn't really get any help from this thread nor community, which was very dismissive, which was highly disappointing. I went with another open source solution at (REDACTED - because @kraih for some reason thinks I'm advertising an open source competitor???) and it works beautifully with Caddy!

Let me know if you have any luck with it though. I might be willing to give this a try at some point in the future.

Edit: I didn't want @kraih to get offended by offering a link to a solution that worked for me. So I decided to remove the link. Good job @kraih, thanks for the welcome to this community! 👍

[jberger]

The Caddyfile I ended up with is posted above. Didn't really get any help from this thread nor community, which was very dismissive, which was highly disappointing.

Why should it be dismissive or disappointing? We apparently don't have many caddy users.

[JamesMowery]

@jberger I have no idea why. If I received help, I probably would've contributed and wrote a short guide/doc/wiki/example on how to setup everything for future reference for anyone else wanting to try in the future. But, as I mentioned, I'm pretty happy with (REDIACTED because @kraih thinks this open source competitor makes me somehow look "suspicious").

Edit: Removed the link to an OPEN SOURCE project because @kraih thinks I'm advertising it. Yeah... sure buddy.

[kraih]

@JamesMowery Those tacky advertisements for another project do make you look rather dishonest.

[JamesMowery]

@kraih Have you completely lost it, friend?

Let me make two things crystal clear, okay?

First: These are open source projects... who TF cares if they are competing? We're trying to access IRC not become billionaires with open source efforts (well... maybe you are)!
Second: I have no affiliation with any open source project. I'm not even a developer. I am merely a hobbyist who is new to self hosting and wanted to connect to IRC to chat on various Linux distros.

Do you need proof? That project I mentioned in the prior post is stupid. Screw that project. It's stupid!!! There, you happy @kraih? Because I linked to another OPEN SOURCE project that I was able to successfully install. I have no horse in this race, buddy, okay?

[trymbill]

I actually setup Lounge at the same time as well, just to try it out, and that worked with Traefik running as the reverse proxy. I found out that my Convos container was crashing when trying to add the initial user, which was the reason for the 502, and filed a ticket for that here: #885. So not really a reverse proxy issue, just presented itself that way.

Other than that ... I guess we're all happy it's Friday and the weekend is upon us? Yeah? Everyone doing ok? Good! Happy weekend everybody! 👋

[JamesMowery]

@trymbill Be VERY careful. You don't want @kraih accusing you of advertising another open source project here.

But glad you got a solution working for you. I'm also very happy with the project that shall not be named.

Also, thanks for contributing and making a useful comment and actually posting a ticket. 👍 to you.

I wish more were helpful like you unlike people like @kraih who makes insane accusations and pushes people away from this community. I spent time posting details in my initial post what issues I was having and, I spent time responding here. His great contribution here? He dares to accuse me of advertising an open source project for which someone asked for my feedback!!! I wish I could figure out who actually owns this repo (I'm not that good with navigating GitHub, I just use it for uploading my dotfiles and a few hackish projects I worked on in the past) so they could kick this type of behavior to the curb and have more helpful and welcoming people be around.

[kraih]

@JamesMowery Let me spell it out plain and clear. You mention competing projects in this way to put pressure on the maintainers and to manipulate them. You obviously have personal issues, but maybe reflect on the fact that this kind of behaviour is exactly why so many Open Source maintainers throw in the towel. I hope you get better.

[JamesMowery]

You obviously have personal issues

Why would you attack me like that?

[JamesMowery]

@kraih I believe you are in violation of the OpenSUSE Code of Conduct which clearly states:

Examples of unacceptable behavior include:

• Sexist, racist, homophobic, transphobic, ableist, or exclusionary statements, even if they were meant as a joke
• Saying insulting/derogatory comments and making personal attacks

Would you like to revise your prior statements and apologize, or should I bubble this way, WAY up the chain at both OpenSUSE and SUSE? I'm willing to let bygones be bygones and to mutually end this, but I want an apology from you. And I will do the same.

[jberger]

I'm locking this before it gets out of hand, which it is arguably already close to doing. As @trymbill suggested I wonder if the problem was perhaps not the reverse proxy at all, I too have experienced some instances of the container crashing.