Caddy Server reverse proxy
Caddy Server is a powerful HTTP/2 server, that enables HTTPS by default with automatically generated Let’s Encrypt certificates, which allows a simple configuration procces.
Using Caddy as a proxy for Open Peer Power allows you to serve Open Peer Power securely over standard ports. This configuration file and instructions will walk you through setting up Open Peer Power over a secure connection.
1. Get a domain name forwarded to your IP
Chances are, you have a dynamic IP address (your ISP changes your address periodically). If this is true, you can use a Dynamic DNS service to obtain a domain and set it up to update with you IP. If you purchase your own domain name, you will be able to easily get a trusted SSL certificate later.
2. Install Caddy on your server
This will vary depending on your OS. Caddy has a nice utillity that generates an installer script.
3. Port forwarding.
Forward ports 443 and 80 to your server on your router. Do not forward port 8123.
4. Create Caddyfile.
Use this as your Caddyfile, change the domain name to match yours.
example.com {
proxy / localhost:8123 {
websocket
transparent
}
}
5. Configure Open Peer Power
Open Peer Power is still available without using the Caddy proxy. Restricting it to only listen to 127.0.0.1
will forbid direct accesses. Also, Open Peer Power should be told to trust headers coming from Caddy proxy only. Otherwise, incoming requests will always come from 127.0.0.1
and not the real IP address.
On your configuration.yaml
file, edit the http
component.
http:
# For extra security set this to only accept connections on localhost if Caddy is on the same machine
# server_host: 127.0.0.1
# Update this line to be your domain
base_url: https://example.com
use_x_forwarded_for: true
# You must set the trusted proxy IP address so that Open Peer Power will properly accept connections
# Set this to your Caddy machine IP, or localhost if hosted on the same machine.
trusted_proxies: <Caddy IP address here, or 127.0.0.1 if hosted on the same machine>
6. Start Caddy
You can either start Caddy or install it as a service, pass the Caddyfile path as a conf
parameter.
Open Peer Power will be listening on port 443 (HTTPS) and all insecure traffic on port 80 will be redirected.