C
Coder.com2y ago
Hannsr

Coder behind Reverse Proxy and Port Forwarding

Good evening everyone, just a quick question since I'm kinda Stuck: Does Coder Server need any open Ports besides 443 by default? 80 should only be used for Let's Encrypt but since I'm using DNS Challenge it shouldn't matter. Or am I missing something? To clarify, my current setup is as follows: Router with Port Forwarding -> Reverse Proxy -> Coder Server I'm forwarding port 443 currently but I either get certificate errors or bad Gateway. According to my browser the certificate is issued by localhost in case of a certificate error. Caddy Logs show it has succesfully generated new certificates for the domain and wildcard subdomain. Bad Gateway usually happens when I try to generate the certificate on my reverse proxy already, while a straight passthrough gives me the cert error. Probably because it's forwarding using http instead? Hope somebody has an Idea.
68 Replies
Phorcys
Phorcys2y ago
what port is coder listening to ? I think you should just proxy coder via http and let caddy handle the certs
Hannsr
Hannsr2y ago
Coder is listening to 3000 iirc, from the coder docs, then caddy maps it to 443. I did try to proxy via http only, but then I get an invalid Certificate, despite Caddy logs saying it got the requested certificates.
Phorcys
Phorcys2y ago
can you show me your caddy conf http or https ?
Hannsr
Hannsr2y ago
This is the caddy file: 
my.domain.dev, *.my.domain.dev {
        # Set this path to your site's directory.
        root * /usr/share/caddy

        # Enable the static file server.
        file_server

        # Another common task is to set up a reverse proxy:
        reverse_proxy localhost:3000

        # Or serve a PHP site through php-fpm:
        # php_fastcgi localhost:9000

  tls {
     dns cloudflare my_cloudflare_token
   }
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
my.domain.dev, *.my.domain.dev {
        # Set this path to your site's directory.
        root * /usr/share/caddy

        # Enable the static file server.
        file_server

        # Another common task is to set up a reverse proxy:
        reverse_proxy localhost:3000

        # Or serve a PHP site through php-fpm:
        # php_fastcgi localhost:9000

  tls {
     dns cloudflare my_cloudflare_token
   }
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
` Just removed the token and domains Now that's a good question, I'd have to check but iirc it is https. In my first test server I blocked all traffic despite 22 and 443 and it worked just fine. So I'm kind of at a loss here
Phorcys
Phorcys2y ago
here's your issue then this config scares me I don't think it can work
Hannsr
Hannsr2y ago
It's with caddy DNS Challenge, it works just like that on my other dev system
Phorcys
Phorcys2y ago
my.domain.dev, *.my.domain.dev {
  # remember to always specify scheme
  reverse_proxy http://localhost:3000

  tls {
     dns cloudflare my_cloudflare_token
   }
}
my.domain.dev, *.my.domain.dev {
  # remember to always specify scheme
  reverse_proxy http://localhost:3000

  tls {
     dns cloudflare my_cloudflare_token
   }
}
this would work but the file_server is likely what's breaking it all
Hannsr
Hannsr2y ago
hm, that's from the coder docs and what is also working on the other system. But I'll try commenting that out
Phorcys
Phorcys2y ago
can you link me to that docs page ? cause I don't see a way this is working in that case I think the file_server directive takes over your reverse_proxy one
Hannsr
Hannsr2y ago
It's linked here: https://coder.com/docs/coder-oss/latest/admin/configure#system-packages to: https://github.com/coder/coder/tree/main/examples/web-server/caddy
GitHub
coder/examples/web-server/caddy at main · coder/coder
A tool that provisions remote development environments via Terraform - coder/examples/web-server/caddy at main · coder/coder
Configuration - Coder OSS main docs
Learn how to configure Coder
Phorcys
Phorcys2y ago
😶
No description
Hannsr
Hannsr2y ago
oh no wait, it's not, lol
Phorcys
Phorcys2y ago
i think you just pasted it into your example caddy host
Hannsr
Hannsr2y ago
Guess it's residue from the base caddyfile then 🫠
Phorcys
Phorcys2y ago
for the record here's mine 
https://*.code.mydomain.tld, https://code.mydomain.tld {
        tls {
                resolvers 1.1.1.1
                dns cloudflare <hello>
        }

        reverse_proxy http://172.23.0.2:7080
}
https://*.code.mydomain.tld, https://code.mydomain.tld {
        tls {
                resolvers 1.1.1.1
                dns cloudflare <hello>
        }

        reverse_proxy http://172.23.0.2:7080
}
btw, if you're using a fresh domain and it won't fetch the certs then resolvers 1.1.1.1 is a nice tip they update almost instantly
Want results from more Discord servers?
Add your server