Understanding Routes and Backends Settings #231
-
|
Hi Team, Before I go into my question, I wanted to share that I did take the time to review the Getting Started docs and the reverse proxy example on GitHub. I also went through the API reference for Backend However, I still don't know what-goes-where (partially because the demos all use 'localhost'). I think more examples are needed, this is one of those cases where API reference is not good enough. I have a very simple reverse proxy need. no load balancing or advanced config, just simple https traffic redirection. External traffic comes from the router and goes directly to the reverse proxy (Caddy in this case). Also, the proxy server has the SSL certs on it. Here's that simple example that represents all of my routes, it shows two scenarios:
hassio.mydomain.com {
reverse_proxy {
to https://internal.hassio.mydomain.com:4567
transport http {
read_buffer 4096
}
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme}
header_down Strict-Transport-Security "max-age=31536000;"
header_down X-XSS-Protection "1; mode=block"
header_down X-Content-Type-Options "SAMEORIGIN"
header_down X-Frame-Options "sameorigin"
header_down Referrer-Policy "strict-origin-when-cross-origin"
}
}
vpn.mydomain.com {
reverse_proxy {
to https://192.168.1.2:1234
transport http {
read_buffer 4096
tls_insecure_skip_verify
}
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.remote.host}
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme}
header_down Strict-Transport-Security "max-age=31536000;"
header_down X-XSS-Protection "1; mode=block"
header_down X-Content-Type-Options "SAMEORIGIN"
header_down X-Frame-Options "sameorigin"
header_down Referrer-Policy "strict-origin-when-cross-origin"
}
}Here is the Yarp appsettings that I tried to use (IP and port values mocked): {
...
"ReverseProxy": {
"Routes": [
{
"RouteId": "hassio_route",
"BackendId": "hassio_backend",
"Match": {
"Host": "hassio.mydomain.com"
}
},
{
"RouteId": "vpn_route",
"BackendId": "vpn_backend",
"Match": {
"Host": "unifi.mydomain.com"
}
}
],
"Backends": {
"hassio_backend": {
"Destinations": {
"destination1": {
"Address": "https://internal.hassio.mydomain.com:1234"
}
}
},
"vpn_backend": {
"Destinations": {
"destination1": {
"Address": "https://192.168.1.55:1234"
}
}
}
}
}
}Do I have it backwards? Header SettingsI'm also having trouble with setting the header_up and header_down setting, I couldn't find any information on how I can use those in the appsettings ReverseProxy definition. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
Yes, we do need more docs and samples. We'll be adding more with each milestone. Yes, your routes and backends look correct. Was it not working for you? As for header customizations, I'm working on that now over at https://github.com/microsoft/reverse-proxy/pull/225/files#diff-5eaf949dff24b9e8ca79381a8eb61de3. Let me know on that PR if those examples make sense to you. I think I've implemented the equivalent of everything your using above, except maybe X-Forwarded-Port which would be included with the Host. For preview1 we hard coded it to add X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Host for every request. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you @Tratcher. Sorry for my delayed response, this notification got lost in the middle of a blizzard of notifications from GitHub at the same time :) I'm peeking at the PR you linked to but am not exactly sure what part is relevant. When that PR is merged and released, I will be able to From your answer, I'm assuming that the defaults in preview1 satisfy the headers I needed for Caddy? I will try this again and eagerly await preview2, kudos to you and the team for building this! [Edit 1] removed duplicate information, fixed typos |
Beta Was this translation helpful? Give feedback.
-
|
I've now written up docs for this as part of the PR. Let me know if it helps explain this better. https://github.com/microsoft/reverse-proxy/blob/bc68e2800068da75c477dea0408506df655a9609/docs/docfx/articles/transforms.md |
Beta Was this translation helpful? Give feedback.
-
|
This looks really good at first glance! Thank you for working on docs to help those of us without Cisco certs 😁 I'll go through it this weekend, try applying my settings only using the doc guidance and let you know if something didn't make sense. |
Beta Was this translation helpful? Give feedback.
Yes, we do need more docs and samples. We'll be adding more with each milestone.
Yes, your routes and backends look correct. Was it not working for you?
As for header customizations, I'm working on that now over at https://github.com/microsoft/reverse-proxy/pull/225/files#diff-5eaf949dff24b9e8ca79381a8eb61de3. Let me know on that PR if those examples make sense to you. I think I've implemented the equivalent of everything your using above, except maybe X-Forwarded-Port which would be included with the Host.
For preview1 we hard coded it to add X-Forwarded-For, X-Forwarded-Proto, and X-Forwarded-Host for every request.