hestiacp icon indicating copy to clipboard operation
hestiacp copied to clipboard
verified publisher icon hestiacp

feat(web): Add dynamic reverse proxy backend address configuration

Open AamiRobin opened this issue 4 months ago • 3 comments

Summary

This PR adds a new feature that allows users to specify a backend address/port (e.g., http://127.0.0.1:3000) directly from the HestiaCP web UI when adding or editing a domain. This enables easy reverse proxy configuration for applications like Node.js, Python, Ruby, Go, and other backend services.

Changes

Backend Scripts (bin/)

  • Modified v-add-web-domain - Added BACKEND_ADDRESS as optional parameter 7, stores it in web.conf
  • New v-change-web-domain-backend-address - Script for updating backend address on existing domains
  • Modified v-list-web-domain and v-list-web-domains - Added BACKEND_ADDRESS to all output formats

Frontend (web/)

  • Added "Backend Address" input field to Add Domain form
  • Added "Backend Address" input field to Edit Domain form
  • Input validation with auto-normalization (adds http:// if missing)

Core Functions (func/)

  • domain.sh: Added %backend_address% and %backend_address_ssl% placeholder support
  • main.sh: Added is_backend_address_format_valid() validation function
  • syshealth.sh: Added BACKEND_ADDRESS to known_keys for backward compatibility

Nginx Templates

  • Modified default.tpl and default.stpl - Updated to use %backend_address% placeholder
  • New reverse-proxy.tpl and reverse-proxy.stpl - Dedicated templates with WebSocket support

Features

  • Optional: Domains without backend address continue to work normally (backward compatible)
  • Flexible Input: Accepts 127.0.0.1:3000, http://127.0.0.1:3000, https://api.example.com:8443
  • Auto-normalization: Adds http:// prefix if protocol is missing
  • Proper Proxy Headers: X-Real-IP, X-Forwarded-For, X-Forwarded-Proto, Host
  • WebSocket Support: New reverse-proxy templates include WebSocket upgrade support

Usage

# Add domain with backend address
v-add-web-domain admin app.example.com 192.168.1.1 yes '' '' 'http://127.0.0.1:3000'

# Change backend address for existing domain
v-change-web-domain-backend-address admin app.example.com http://127.0.0.1:8080

# Remove backend address
v-change-web-domain-backend-address admin app.example.com ''

Testing

  • [x] Domain creation with backend address
  • [x] Domain creation without backend address (backward compatibility)
  • [x] Editing existing domain to add/remove/change backend address
  • [x] Nginx config generation with various backend formats
  • [x] SSL domains with backend address
  • [x] Proxy extensions continue to work correctly

AamiRobin avatar Nov 28 '25 23:11 AamiRobin

would it suffice for your use-case to add support for reverse proxy backend unix sockets, instead of dedicated tcp ports?

divinity76 avatar Nov 29 '25 01:11 divinity76

would it suffice for your use-case to add support for reverse proxy backend unix sockets, instead of dedicated tcp ports?

It would be easier to reason about security (we'd use the normal, existing /home/user/ directory ownership system) and user-separation with unix socket support, and there is no contestation for ports (what if multiple people want port 3000? what if one want 0.0.0.0:3000 and another want 127.0.0.1:3000 ? etc..)

divinity76 avatar Nov 29 '25 01:11 divinity76

Sorry, I didn’t think about that. I just added it so the user can enter an IP or address, and it will use that for the backend.

AamiRobin avatar Nov 30 '25 21:11 AamiRobin