My instance of Yacy sits behind two firewalls and reverse proxy. The HTTP runs on localhost:8090 which is then forwarded through Caddy server to 10.0.1.2:443, which is then forwarded through my router’s to the DHCP obtained IP address (ex. 120.240.12.32:443).
Currently, the staticIp is set to my domain (ex. mydomain.com), the public port is set to 443, and the seed.txt file has been configured for sharing.
So, it is currently reachable from the outside, but still claims peers are unable to connect. Is this a false flag due to being behind a reverse proxy? What is needed to allow peer connection?
Anoduck
That is not a good advertisement to the service you linked, if that setup does not work.
You did not give a link, however, to your own domain, which you say is accessible to the outside. If you gave it, we could confirm if it can be reached from outside.
I’m sorry I am not able to provide more help. I have had a somewhat easy time setting up Yacy only if it’s on a dedicated IP address. I have one peer running on a setup like yours that uses a domain name and a home ISP using a tunnel and IPv6 address, but I struggle to understand it.
The IP addresses and domain names are for exemplary purposes only due to privacy concerns.
I do not have a static IP, the domain is resolved through Dynamic DNS.
I believe the issue lies in the configuration of Caddy as a reverse proxy, specifically the passing of headers.
1 Like
Hallo,
dein Anliegen ist mir noch nicht vollständig klar, aber ich kann vielleicht anknüpfen, da ich selbst einen Server mit DynDNS-Anbindung hinter einer Firewall unter dem Schreibtisch betreibe. Falls es dir darum geht, welche Systemumgebung ich nutze: Eine detaillierte Beschreibung findest du in meinem Projektbericht „Planung und Bau des Büroservers“ auf meiner privaten Webseite (ramfresser.de).
Unser aktuelles Ziel ist es, einen VPN-Server in einem deutschen Rechenzentrum zu betreiben und den gesamten Datenverkehr des Büroservers über diesen externen Knotenpunkt zu routen. So können wir die leistungsstarke Firewall-Infrastruktur des Rechenzentrums mitnutzen, um unseren Büroserver besser abzusichern.
Wenn wir den Traffic unserer internen YaCy-Instanz über die VPN-Verbindung in das Rechenzentrum umleiten, erwarten wir zudem, dass viele der Einschränkungen und Probleme einer reinen DynDNS-Lösung dadurch umgangen werden können.
Ich hoffe, dass dieser Ansatz in etwa mit deiner Fragestellung übereinstimmt und für dich nachvollziehbar ist.
FG Patrick
1 Like
Wow, that’s really cool. The VPN solution makes sense, considering one of the tutorials suggests using stunnel. It is also a solution available to me, since I am fortunate to have a VPS instance which is currently not being used. I will definitely look into it and give it a try.
Thank you.
@okybaca The issue is how reverse proxies work versus a firewall redirection works. Reverse proxies modify the request header, and Yacy apparently isn’t a big fan of this. Both redirects and tunnels leave the header alone, and simply redirect the traffic from one address/port to another. This is why Patrick’s solution works. The VPN is a tunnel, and doesn’t modify the request header during transport.
What bothers me is that supposedly you can use Nginx to reverse proxy Yacy successfully. So, why isn’t Caddy able to do the same?
there have been a nice blog post about yacy & caddy, recently. it may help.
