caddy-l4 icon indicating copy to clipboard operation
caddy-l4 copied to clipboard
verified publisher icon mholt

How can I handle port ranges?

Open OmnesPotens opened this issue 9 months ago • 2 comments

I am attempting to configure an IRC bouncer (via ZNC) to sit behind a Caddy reverse-proxy while supporting DCC via the port-range below. Unfortunately it seems that either this is not supported or I have misconfigured my Caddyfile somehow and I am not sure how to resolve it.

Configs I have attempted:

{
    layer4 {
      # For SSL/TLS IRC connections (port 6697):
      0.0.0.0:6697 {
        route {
          tls            # Terminate TLS here
          proxy {
            proxy_protocol v1
            upstream znc:6697
          }
        }
      }

      # For plain IRC connections (port 6667):
      0.0.0.0:6667 {
        route {
          proxy_protocol
          proxy {
            proxy_protocol v2
            upstream znc:6667
          }
        }
      }

      # For the DCC port range:
      0.0.0.0:30000-31000 { <-------- this causes the error
        route {
          proxy_protocol
          proxy {
            proxy_protocol v2
            upstream znc:30000-31000
          }
        }
      }
    }
}

{
  layer4 {
    # For SSL/TLS IRC connections (port 6697):
    0.0.0.0:6697 {
      route {
        tls {
          tls_wrapping
        }           # Terminate TLS here
        reverse_proxy znc:6697 {
          proxy_protocol v2
        }
      }
    }
  
    # For plain IRC connections (port 6667):
    0.0.0.0:6667 {
      route {
        reverse_proxy znc:6667 {
          proxy_protocol v2
        }
      }
    }
  
    # For the DCC port range:
    0.0.0.0:30000-31000 {
      route {
        reverse_proxy znc:30000-31000 {
          proxy_protocol v2
        }
      }
    }
  }
}

Error message:

Error: loading initial config: loading new config: loading layer4 app module: provision layer4: server 'srv2': route 0: 
position 1: loading module 'proxy': provision layer4.handlers.proxy: upstream 0: znc:30000-31000: port ranges not currently supported

OmnesPotens avatar Mar 15 '25 02:03 OmnesPotens

It's actually this line that errors, the upstream address not the listener address:

upstream znc:30000-31000

So you can listen on a range, but you cannot proxy to a range. The only workaround I can think of is to use a placeholder with a replaceable value, but the port is not available in any of the existing placeholders. What's your use case?

mohammed90 avatar Mar 17 '25 03:03 mohammed90

Hi @mohammed90,

I would like to run a TURN server behind lucaslorentz/caddy-docker-proxy.

The server is configured with such a port configuration [1]:

    ports:
      # STUN/TUR
      - "3478:3478"
      - "3478:3478/udp"
      # TLS-TURN
      - "5349:5349"
      - "5349:5349/udp"
      # RTP/RTCP relays (adjust range if you need fewer ports)
      - "49152-65535:49152-65535/udp"

Even if I used only the range 49125-49200, it would be impractical to repeat all ports.

Any idea how to achieve this?

Thanks

[1] https://www.metered.ca/blog/running-coturn-in-docker-a-step-by-step-guide/#docket-compose-example-optional

darabi avatar Oct 27 '25 13:10 darabi