caddy - setting https to localhost on mac - https

I am using caddy v2.3.0 on mac
If run caddy run i am getting following
My Caddyfile
{
local_certs
}
demoCart.dev:443 {
reverse_proxy http://localhost:3000
}
If I run caddy validate it says Valid configuration
When I am trying to access it on the browser with https://democart.dev

I may be wrong, but this looks like a DNS issue rather than a caddy issue.
Have you set up your DNS to point democart.dev to your machine? Caddy will only be able to serve it if it points to your machines IP address in the first place.
Try
localhost:443 {
reverse_proxy http://localhost:3000
}
and see if that works.

Related

Mac OS local proxy, connect ECONNREFUSED ::1:3000

I have a create-react-app app running on localhost:3000 and a proxy server running on localhost:4000 that redirects some of my request to port 3000.
Requesting localhost:3000/ correctly returns index.html file,
Requesting localhost:4000/ returns connect ECONNREFUSED ::1:3000 with 502 code.
The exact same setup works properly on Ubuntu (returns index.html from localhost:4000) and Windows so I am sure proxy works fine.
Proxy is built using https://www.npmjs.com/package/http-proxy but i was unable to find any solution to this in documentation.
My question is: Does mac require changing some extra settings to allow this kind of traffic?
One solution is to edit /etc/hosts and remove ::1 localhost mapping or change it to ::1 ip6-localhost (default setting on ubuntu)

how do you enable ssl using laravel 8 sail

I just created a new Laravel 8 project, following the instructions in their docs. Using Laravel Sail I have the site running locally on my machine just fine using sail up. I have set up an entry in /etc/hosts so the url I go to is http://local.dev.domain.com (substituting domain.com for the actual domain name I own, and pointing to localhost in the /etc/hosts file)...all works great.
However, the site needs to use Facebook Login, and Facebook requires https urls only on referrers. I've tried everything I could find online about setting up SSL certs with docker, but setting up nginx with manually created certs (via mkcert) or trying to use letsencrypt all fails for various reasons (conflicts in ports, letsencrypting wanting the domain to be a real one (and failing on the acme challenge if I do create that subdomain), etc. I've copied the certs to /etc/ssl/certs in the docker image and run update-ca-certificates, tried setting the application port 443 in my .env file as well as opening both ports 80 and 443 in the docker-compose.yml file...but all ends in the browser rejecting the request to https://local.dev.domain.com
I've spent hours trying to get this to work but it doesn't seem like anyone has used the Laravel Sail docker image with SSL.
Any pointers?
[Edit for more info]
As pointed out in the comments, you need to set an alias to just use sail ..., but I've already done that:
I also tried without the bash alias using vendor/bin/sail share to no avail:
Problem
In your case you need a real domain, which you have. A self-signed certificate would not work as Facebook would not acknowledge it as trusted. To get a free ssl certificate for that domain you can use Let's Encrypt, the easiest way to obtain that certificate is using certbot. The problem is that you need to install that certificate on your webserver. Laravel Sail uses the build-in webserver that does not support ssl unfortunatly. You need to put a webserver like nginx in front of the app and install the certificate there.
I'm currently working on a fork that enables what you need, however it's not finished.
Workaround
For now you can use the build in tunnel provided by Expose: https://beyondco.de/docs/expose/server/ssl
This is enable by sail share
It might be easier to use ngrok instead, which is essentialy the same but commercial. Than all you have to do is download, register and run ngrok http --region=eu 9000 and it will create a https link for you for development.
I solved this problem by using Caddy as a reverse proxy to the Laravel Sail container. Caddy has a feature called automatic HTTPS which can generate local certificates on the fly.
1 - Add Caddy as a service to your docker-compose.yml
services:
caddy:
image: caddy:latest
restart: unless-stopped
ports:
- '80:80'
- '443:443'
volumes:
- './docker/Caddyfile:/etc/caddy/Caddyfile'
- sailcaddy:/data
- sailcaddy:/config
networks:
- sail
# Remove "ports" from laravel.test service
volumes:
sailcaddy:
driver: local
2 - Create a simple Caddyfile and configure it as a reverse proxy
{
on_demand_tls {
ask http://laravel.test/caddy-check
}
local_certs
}
:443 {
tls internal {
on_demand
}
reverse_proxy laravel.test {
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Port {server_port}
header_up X-Forwarded-Proto {scheme}
health_timeout 5s
}
}
3 - Set up an endpoint for Caddy to authorise which domains it generates certificates for
<?php
namespace App\Http\Controllers;
use App\Store;
use Illuminate\Http\Request;
class CaddyController extends Controller
{
public function check(Request $request)
{
$authorizedDomains = [
'laravel.test',
'www.laravel.test',
// Add subdomains here
];
if (in_array($request->query('domain'), $authorizedDomains)) {
return response('Domain Authorized');
}
// Abort if there's no 200 response returned above
abort(503);
}
}
See this gist for the full code changes involved. This blog post explains how to trust the Caddy root certificates.
For make "sail share" work you have to set alias and run "composer require laravel/sail --dev" on your project. This will install the latest version of sail, version 0.0.6 includes "share" command
There is actually an easier way. I did the following:
changed laravel.test port to something else like 8085
do it from .env so u will avoid issues, add APP_PORT env var
then (this step has been done by our sys admin) since laravel sail is actually installing apache in the system, u can manually set a reverse proxy for both port 80 and 443 to port 8085 and that should do the trick.
of course u will have to install certbot on that apache instance.

Getting subdomains to work locally with Laravel

I am having a hard time getting subdomains to work locally. I have Docker serving the application to port 8080, and I am able to see the Laravel welcome screen. I then have a simple route setup like this:
Route::domain('{name}.localhost:8087')->group(function () {
return 'Hello World';acrylic dns
});
I am using Laravel's basic server, i.e. php artisan serve --host=0.0.0.0 --port=8087
When I try and view the page, nothing happens. It just goes to the welcome screen. I have even tried adding 'test.localhost' to the /etc/hosts file. Couple questions:
1) Can you have the port in the host like I have it there (in the Laravel route)?
2) I have seem somewhat similar posts where the solution was to use acrylic dns (on windows). I am using a Mac. Is this something where I need an actual DNS server?
3) I am planning on using nginx, do I need a 'beefier' web server to accomplish this?
With the basic Laravel server I have tried hard coding test.localhost in the route, with and without the port. I'm sure I am goofing something up, just not sure where. I am on a Mac, and I am running Laravel 5.6. Thanks in advance!
1) No, the web server configuration will listen on the port.
// nginx
server {
listen 8080;
...
}
2) You add the subdomains in your /etc/hosts file and create separate nginx configurations:
// /etc/hosts
subdomain1.foo.localhost 127.0.0.1
subdomain2.foo.localhost 127.0.0.1
subdomain3.foo.localhost 127.0.0.1
// nginx subdomain1.foo.localhost.conf
server {
listen 8080;
server_name subdomain1.foo.localhost;
...
}
// nginx subdomain2.foo.localhost.conf
server {
# set different port if needed
# listen 8082
listen 8080;
server_name subdomain2.foo.localhost;
...
}
// nginx subdomain3.foo.localhost.conf
server {
# set different port if needed
# listen 8083
listen 8080;
server_name subdomain3.foo.localhost;
...
}
3) Nginx is a production ready web server, you may need load balancers and multiple instances of the web servers to scale out, but nginx will be more than sufficient.
If you're using Artisan serve, go to
/etc/hosts (or similar)
127.0.0.1 subdomain.localhost
And open in the browser
subdomain.localhost:8087

Caddy server with proxy to hugo server failing to load CSS

I'm running a caddy server on a linode instance with debian installed. I'm using the caddy server to proxy to a hugo server. The hugo server works locally, but does not through the caddy server. It will load the content, but style.min.css and the favicons won't load with an error like the following:
GET https://localhost:8081/css/style.min.css net::ERR_CONNECTION_REFUSED
Any help getting this working would be great!
Caddyfile:
mycustomdomain.com {
root /home/sean/mycustomdomain.com
gzip
proxy / localhost:8081
tls {
dns linode
}
}
hugo command:
hugo server --disableLiveReload --port 8081
Figured it out, so answering for posterity:
To resolve this, utilize the http.hugo plugin. The new Caddyfile looks like so:
mycustomdomain.com {
root /hugo/site/dir/public
hugo /hugo/site/dir
gzip
tls {
dns linode
}
}

Access an AngularJS app running on a Grunt-Proxy server inside a VM from the host

In our development environment we have Ubuntu VMs running on a Windows 7 host. We found that if we change the Gruntfile's "connect.options.hostname" to '0.0.0.0' we can hit our Angular app running in the VM from Internet Explorer in the host.
In order to avoid a cross-domain error when we hit some web services from Angular, we setup a Grunt-Proxy server. This works fine in the VM. From the host, any time the app tries to hit a web service it fails (since it's not on the proxy port) trying to access a server on port 9000 (the server is running on port 8888). From the host when I try to access the App on the proxy port (8050) I just get a 404 error - I'm not really sure how to proceed with this.
My proxy is setup as follows in the Gruntfile:
proxy: {
proxy1: {
options: {
port : 8050,
host : 'localhost',
router : {
'localhost/rest/*' : 'localhost:8888',
'localhost' : 'localhost:9000'
}
}
}
},
I tried playing with some of these settings but haven't had any luck. Any help would be appreciated.

Resources