Installing Manager Server to redirect only specific hostname to Manager

I have just installed Manager Server and reviewed how the program works. It is very straightforward to install and start the service. I was able to access the website using the local IP address and http.

The instructions advise you to install Caddy to redirect ports 80 and 443 to port 8080 and to install a certificate to enable https.

I have two questions here:

Is there some reason why typing in https://hostname.example.com:8080 does not open Manager using https? It works fine if I don’t use https://. I presume that Manager does not support using a certificate and https? Does caddy provide the backend support for https encryption? I already have an SSL Certificate installed on the server as I use it as a Mail server so it’s not a missing certificate issue.

However, I considered looking at a second option and that was to create a new A record on my registrar such as money.example.com so that all that my accountant would have to do is type in money.example.com and caddy would in theory a: redirect port 80/443 to whatever port Manager was running on and b: enable ssl for Manager. I would prefer this option so that my accountant has a completely different url from my email server.

However the instructions for Caddy on the Manager Server install guide will redirect all 443 requests to port 8080 or whatever port Manager is installed on. This would break the mail server and the video chat software that is running on that server!

I looked at the instructions on the Caddy Server website to see if I could redirect 443 requests only if it matched a specific hostname. I did find some coding, but it included other lines of coding that I was not sure what it did. Is it possible to update the Installing Manager Server guide for this section to include the necessary coding to state that it should only redirect the hostname you are using for Manager as I have no doubt other users are running other services on their servers using port 443. It would also ensure best practice to only redirect port 443 traffic that is relevant to Manager Server instead of redirecting all 443 traffic.

:443 {
  tls { max_certs 1000 }
  proxy / localhost:8080 {
    transparent
  }
}
1 Like

Manager runs on port 8080 and it’s plain HTTP protocol.

Caddy runs on port 443 and it’s HTTPS protocol.

Unless you specifically configure Caddy to use your SSL certificate, it will not use it by default. By default, it will obtain new one from Let’s encrypt on demand (and automatically renew when needed).

Yes, it will work.

You can do that.

In your Caddy configuration file replace :443 with name of your Manager domain such as money.example.com

Then have another entry for different domain which will redirect to your mail server or video chat software.

Have a look at https://caddyserver.com/v1/docs/http-caddyfile

Caddy is really good piece of software to provide automatic SSL for all your web servers.

I was actually thinking of this coding that I found on the website, because if I have understood this correctly, you only have to specify the host for Manager and not all the other services. The video chat software for example uses IIS so I don’t want Caddy and IIS interfering with one another.

But I am not sure if I need to put the tls and proxy and transparent in the section where it has handle. I also don’t have port 80 open. Only port 443.

{
“apps”: {
“http”: {
“servers”: {
“hello”: {
“listen”: [":443"],
“routes”: [
{
“match”: [{
“host”: [“money.example.com”]
}],
“handle”: [{
“handler”: “static_response”,
“body”: “Hello, privacy!”
}]
}
]
}
}
}
}
}

Do you have anything in IIS running on port 443? If yes, then you won’t be able to run IIS and Caddy at the same time.

If you already have IIS, you might as well set up SSL termination proxy in IIS using your own SSL certificate. You don’t have to use Caddy to have HTTPS access to Manager Server. IIS can be configured to do that too. The reason why I’m recommending Caddy is because it’s cross-platform while IIS is Windows-only.

Anyway, this is all beyond the scope of this forum.

Yes the video chat software is set to use port 443 in IIS.

I am in agreement with you. It would make sense to setup IIS to handle Manager Server requests as well so there is no conflict between the two services.

I will look into this today. Thank you.

@Tut or @lubos Could you update the Windows Installing Manager Guide with the instructions for using IIS instead of Caddy Server for the benefit of other users who need to use IIS for whatever reason.

At the section Setting Up HTTPS - I would split that into two sections - one for Caddy and one for IIS

Instructions for using IIS: (This will redirect external port to port 8080 and use IIS for HTTPS.

Install IIS with the default settings
Install Application Request Routing - download from the Internet

Open Application Request Routing in IIS. Click Server Proxy settings.

Then set the following:

Enable Proxy
Enable SSL Offloading

Close Application Request Routing.

Add your Certificate to Server Certificates in IIS and select web certificate as type

Go to sites and add website
Set the physical path to point to wherever you have installed Manager, bind to https and select certificate that you added earlier.

Then you will need to create a webconfig file and save it in the folder where you installed Manager, and add the following:

<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Set header for HTTPS traffic" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="on" />
</conditions>
<action type="Rewrite" url="http://host.domainname.co.uk:8080/{R:1}" />
</rule>
<rule name="HTTP traffic redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Rewrite" url="http://host.domainname.co.uk:8080/{R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>

You will need to open both port 8080 and whatever port you set for the Manager website on both your windows and router firewall. It is recommended to use a port different to port 443 as it makes a bit harder for unauthorised people to access the website as the website will only work if you know the correct port number.

Edit: If you encounter this error message when trying to import your Business - The page was not displayed because the request entity is too large. - This means that the file is too large, presumably because you have lots of attachments in that business.

You will then need to click on Request Filtering, Edit Feature Settings and change the Maximum Allowed Content Length from the default 30 000 000 and add an extra Nought to increase the file upload size allowed. Restart the website.

I would also suggest updating the guide to where it says:

“nssm.exe install ManagerServer C:\path\to\ManagerServer.exe”

and add the -path bit as well, because I suspect most people like myself will forget to add the Data path and then have to remove the service and do it all over again because we are used to the desktop version where the data path is set in preferences.

I have updated my instructions as I discovered that my original instructions redirected all websites to Manager, instead of just Manager. The solution turned out to be to create a webconfig file. I have supplied the coding above.