Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Reverse-proxy

What is it?

A reverse proxy takes incoming external connections and sends them to an internal service. In this case, the external connections are HTTPS protected, but the internal ones are not.

owlogger2

caddy

Caddy is a well documented web server (like Apache or Ngnix). Advantages:

  1. Built-in support for free TSL certificates (via Lets Encrypt)
  • Aquires certificates automatically
  • Renews certificates automatically
  1. Relatively light resources
  2. Well documented
  3. Simple configuration file

Caddyfile

Here is an example, using subdomains:

  • Main web server: file hosting from a specific directory root
  • Proxied couchdb access
  • Proxied owlogger access
alfille.online {
        root * /srv/potholder
        encode gzip zstd
        file_server
}

couchdb.alfille.online
        reverse_proxy localhost:5984
}

owlogger.alfille.online {
        reverse_proxy localhost:8001
}

So Caddy serves as a protective intermediary, requiring all external access to owlogger be TSL protected

Installation

apt install caddy

More complete instructions at caddy website