How to use Net Plugin for Proxying a Database Connection?

[orware]

Good morning,

I was wanting to give the net plugin a quick test to see if it would work for proxying a database connection but I may doing things incorrectly so I wanted to check in and see if I'm doing things right.

What I'm trying to do is have a TCP proxy server send database connections to our Oracle Database, which uses Port 1521 for communication.

So we have 3 machines in my test:

• oracle-db (this is where the actual database is running)
• tcp-proxy (this is where Caddy is running)
• workstation (this is where I'm testing creating a connection to the database)

So Caddy with the net plugin has been setup on the tcp-proxy machine and I currently have the following in my Caddyfile:

echo :1521 {
    host oracle-db
    tls off
}

proxy :1522 :1521 {
    host oracle-db
    tls off
}

When I start up Caddy it shows the following output on the command line:

$ caddy -type=net
Activating privacy features... done.
[INFO] Echoing on port  :1521
[INFO] Proxying from  :1522  ->  :1521

So I try initiating a database connection on Port 1522 from the workstation but it's not able to connect to the database and I've since tried some additional variations of the above Caddy file (removing the host, switching the echo port to be 1522 instead of 1521, etc. but either I run into an error mentioning I'm doing things incorrectly when I try to start up Caddy, or there's no change when trying to connect to the database).

I'm mainly hoping that this would serve as an easier to implement TCP Proxy than HA Proxy which doesn't have easy Windows support compared to Caddy, and it'd just be easier for me to implement things on a Windows Server in our environment if I can use Caddy with the net plugin instead.

Thank you for any assistance you might be able to provide!

[pieterlouw]

Hi @orware ,

Thanks for the detailed issue report, it always helps with resolving the problem.

For your case it's not necessary to add the echo directive.

I would suggest trying the following Caddyfile setup:

proxy :1522 oracle-db:1521 {
    host tcp-proxy
    tls off
}

What the above means is that caddy-net will listen on port 1522 on the host tcp-proxy and will proxy any data received on that port to the machine called oracle-db which listens on port 1521

I also suggest making sure that you can access and connect to oracle-db from the tcp-proxy machine by trying a telnet session from the command line : telnet oracle-db 1521

I hope this helps! Pieter

[orware]

Thanks Pieter! I'll give it a try today and see how it behaves :-).

[orware]

@pieterlouw Making the changes as you suggested worked out perfectly! I was able to connect to the Oracle Database through the Proxy port both from my local machine running Caddy with the net configuration, as well as connected successfully through a remote machine via the proxy. This was to test out a way of using a secure ZeroTier network to create a private network amongst our internal and external VMs to see if the connectivity could be made to the database without going through the normal VPN route.

One additional question...it looks like multiple proxy directives (going to different ports) isn't supported at the moment? For example, if I add in an additional proxy directive for our LDAP servers as an example:

proxy :1522 oracle-db:1521 {
    host tcp-proxy
    tls off
}

proxy :390 ldap-server:389 {
    host tcp-proxy
    tls off
}

When I start up Caddy with this configuration it only seems to see the second configuration (and no longer sees the one for the Oracle database):

$ caddy --type=net
Activating privacy features... done.
[INFO] Proxying from  :390  ->  tcp-proxy:389

Does this mean multiple instances of Caddy need to be started up, or is there a different way I need to go about adding multiple entries to a single Caddyfile?

[pieterlouw]

Hi @orware,

It seems to be a bug. I'll look into it !

I've created a seperate issue (#3) for the problem and will close this one.