Rewriting response body in caddy backend mode

1

I will use the term zrok dynamic endpoint meaning : the https endpoint zrok create every time a share is created, ie: https://6fyfuwuzl6xm.share.zrok.io. I don't know if a go template variable is available today

Hello, i set up a reverse proxy to my sandboxproduction.com upstream PHP server, it outputs pages with absolute links in html (is: http://sandboxproduction.com/logo.png) so I would like to translate links in response body with the zrok dynamic endpoint ( i mean the https endpoint zrok create every time a share is created )

Also I would like to replace 302 header location, because they contain absolute link http://sandboxproduction.com/ with aforementioned zrok dynamic endpoint

This is my current file

TNX in advance

http:// {
    bind {{ .ZrokBindAddress }}
    reverse_proxy https://127.0.0.1 {
        header_up Host sandboxproduction.com
        transport http {
            tls
            tls_insecure_skip_verify
        }
        handle_response {
            header replace Location http://sandboxproduction.com https://{{dynamic endpoint host+port variable???}}
        }        
    }
}
2

Hi @MatteoOreficeGS, welcome to zrok and the community! (and to OpenZiti).

Firstly, are you sure you want to use a dynamic endpiont every time? With zrok front door, or more basically, with just using zrok reserve, you can establish a permanent endpoint url so that you don't have to do all this.

If we start there, would that "solve" your issue or do you like that the endpoint is dynamic? :slight_smile:

For example in my recent blog Play Minecraft with friends safely and securely I used a reserved share so that my zrok endpoint is always mymcserverjan06.share.zrok.io

For example:

zrok reserve public https://whatever.you.want --unique-name myshare
[   0.474]    INFO main.(*reserveCommand).run: your reserved share token is 'myshare'
[   0.475]    INFO main.(*reserveCommand).run: reserved frontend endpoint: https://myshare.share.zrok.io

then:

zrok share reserved myshare

You'll see:
image

And now that url is yours forever :slight_smile:

1 Like
3

Hello @TheLumberjack ! thank you so much for quick reponse, it is a proof there is behind a living community

I tested also reserverd share and it worked perfectly, I omitted this so to not over complicate, sure my final goal is run zrok with this feature

in the meantime (2h) I tested and solved some issues :smiley: :

  1. I tested ngrok and I understood the feature for rewriting or altering proxied response was not implemented in both tools, so maybe I was assuming it as a zrok feature
  2. so I changed my upstream web server config to alter response body and headers, unfortunately I accomplish it with ngrok dynamically but not in zrok
http {
    # rewriting absolute url in location header with relative to omit
    #  original upstream wrong base url
    map $upstream_http_location $us_location_new {
        "~https?://[^/]+/(.*)" "/$1";
    }
}

location ~ \.php$ {
        # replace domain in response body with x_forwarded_host
        # ngrok leave the header so we can dynamically alter response body
        sub_filter 'sandboxproduction.com' $http_x_forwarded_host;
        sub_filter_once off;
        # hide and replace location header with
        fastcgi_hide_header location;
        add_header location $us_location_new;
        fastcgi_pass fastcgi_frontend;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
}

ngrok

image

zrok

It seems zgrok hide x_forwarded_host, and no other header is available to the upstream server application

4

follows zrok detected server vars

image

As I see there is not a trace about original host both reserved or dynamic as ngrok

5

image

I added the line header_up X-Forwarded-Host {http.request.hostport}

sandbox.caddyfile

http:// {
    bind {{ .ZrokBindAddress }}
    reverse_proxy https://127.0.0.1 {
        header_up Host sandboxproduction.com
        header_up X-Forwarded-Host {http.request.hostport}
        transport http {
            tls
            tls_insecure_skip_verify
        }
    }
}

companion files

upstream nginx.conf

http {
    # rewriting absolute url in location header with relative to omit
    #  original upstream wrong base url
    map $upstream_http_location $us_location_new {
        "~https?://[^/]+/(.*)" "/$1";
    }
}

upstream nginx vhost.conf

location ~ \.php$ {
        # replace domain in response body with x_forwarded_host
        # ngrok leave the header so we can dynamically alter response body
        sub_filter 'sandboxproduction.com' $http_x_forwarded_host;
        sub_filter_once off;
        # hide and replace location header with
        fastcgi_hide_header location;
        add_header location $us_location_new;
        fastcgi_pass fastcgi_frontend;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
}
4 Likes