Caddy reverse_proxy through Wireguard VPN

,

Hardware #1: VPS (1vCore/1Gb Ram) - Running Wireguard and Caddy
Hardware #2: Home PC (i5-2500k / 16Gb Ram / 35TB Storage)

I have access to my server : VPS can be accessed by SSH or web VNC.
I have access to my server : Home PC can be accessed directly or SSH.

Are you in a special context or did you perform some particular tweaking on your YunoHost instance ?
Debian 11 with YunoHost version: 11.0.6 (testing) and connected through VPN

I’ve managed to get my Yunohost server working through a Wireguard VPN using Caddy, but I had to skip TLS verification and am seeing a few errors in the diagnosis tool that I’ve been unable to resolve.

Diagnosis :

  • Domain mydomainname.com appears unreachable through HTTP from outside the local network.
  • The SMTP mail server cannot send emails to other servers because outgoing port 25 is blocked in IPv4.
  • Could not diagnose if postfix mail server is reachable from outside in IPv4.
  • Could not diagnose if postfix mail server is reachable from outside in IPv6.

Port 25 is shown as OPEN after the test, but the email section says outgoing port 25 is blocked.

Caddyfile :

mydomainname.com {
reverse_proxy https://10.7.0.2 {
transport http {
tls_insecure_skip_verify
}
}
}

:25 {
reverse_proxy 10.7.0.2:25
}

:587 {
reverse_proxy 10.7.0.2:587
}

:993 {
reverse_proxy 10.7.0.2:993
}

:5222 {
reverse_proxy 10.7.0.2:5222
}

:5269 {
reverse_proxy 10.7.0.2:5269
}

Any suggestions on how I can get rid of these error messages?

Caddy I don’t know at all. However, from my experience with WireGuard and iptables (Homemade WireGuard VPN on a VPS server) for port 25 you have to be careful to route it both directions (from internet via VPS to YH and vice versa). I think that currently you don’t do the routing from YH to internet via the VPS.

It seems to be a problem with the routing of port 80. Check in Caddy that you are not forcing traffic to https.

It turns out the block I was seeing was from my VPS provider. I noticed that I wasn’t seeing the same error using a different VPS and asked support about it, who fixed it.

I still haven’t found a proper way to pass traffic through OpenVPN (without an additional reverse proxy).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.