Yunohost installation behind caddy acting as a reverse proxy


#1

I installed yunohost on my server, and it worked fine, if I create an SSH port forwarding to it, I can access it, but if I try accessing it from it’s domain name, I get a page saying “The page isn’t redirecting properly”.

At first I set up my domain name to be yunohost.mydomain.org, but I couldn’t access it, then I added another domain name mydomain.org because I want created email addresses not to contain “yunohost.”.
Still I would like yunohost to be accessible from the browser through yunohost.mydomain.org, because there are already other stuff on mydomain.org.
Anyway, whichever of this configuration I tried, I couldn’t get to access yunohost in the browser through the domain name I set up.

The yunohost instance is installed in a virtual machine, I made all the necessary port forwardings from the main machine to the yunohost one (22, 25, 587, 993, 5222, 5269). Also I configured my router caddy like so:

yunohost.mydomain.org {
    proxy / myyunohostvm:80 {
        transparent
    }
}

which is the usual way I proxy services on the server towards virtual machines.

I think my DNS records are properly configured, they look like this:

# Basic ipv4/ipv6 records
@ 3600 IN A myIpv4
@ 3600 IN AAAA myIpv6
* 3600 IN A myIpv4
* 3600 IN AAAA myIpv6
yunohost 3600 IN CNAME mydomain.org.

# XMPP
_xmpp-client._tcp 3600 IN SRV 0 5 5222 mydomain.org.
_xmpp-server._tcp 3600 IN SRV 0 5 5269 mydomain.org.
muc 3600 IN CNAME @
pubsub 3600 IN CNAME @
vjud 3600 IN CNAME @

# Mail (MX, SPF, DKIM and DMARC)
@ 3600 IN MX 5 mydomain.org.
@ 3600 IN TXT "v=spf1 a mx ip4:myIpv4 -all"
mail._domainkey 3600 IN TXT "v=DKIM1; h=sha256; k=rsa; p=loooooongkey"
_dmarc 3600 IN TXT "v=DMARC1; p=none"

# Mail
@ 3600 IN CAA 128 issue "letsencrypt.org"

Any suggestion of where the problem could come from is super welcome :slight_smile:


#2

So uh, what about port 80 and 443 ?


#3

@Aleks Yes, I never tried that, and it actually works to access yunohost yes.
But also it’s not a solution, because then caddy is bypassed and all the traffic that should be properly dispatched is redirected to yunohost vm.
In other words, it breaks every other services the main machine is handling.

The problem must come from the fact that caddy is automatically handling traffic encryption and https, and maybe yunohost is not able to handle that for some reason?


#4

So actually the solution was in the caddy configuration that should look like so:

yunohost.mydomain.org {
  proxy / https://myyunohostvm {
    transparent
  }
}

For details, see here.