502 error getting caught by Cloudflare instead of Caddy

Help
1

1. The problem I’m having:

I have a VPS running services with docker. I use Caddy as a reverse proxy (not running in Docker).

My domain is configured on Cloudflare to point to my server IP. When a request hits my website, it is reverse proxied to my docker service on port 5000. Now, I ran docker compose down to switch off the service and to trigger a 5xx error to test if my maintenance page is working.

However, I get the Cloudflare 502 Bad Gateway page in my browser rather than the custom page from the handle_error Caddy directive.

2. Error messages and/or full log output:

3. Caddy version:

v2.8.4

4. How I installed and ran Caddy:

Installed Caddy via Ansible / apt-get install.
Running it with sudo systemctl start caddy

a. System environment:

Ubuntu 24 Server

b. Command:

sudo systemctl reload caddy

c. Service/unit/compose file:

d. My complete Caddy config:

site1.com, www.site1.com {
    reverse_proxy 127.0.0.1:5000

    reverse_proxy /api/_content 127.0.0.1:5000/api/_content
    reverse_proxy /api/* 127.0.0.1:9000/api

    handle_errors 5xx {
        rewrite * /home/dv/site1.com/maintenance.html
        file_server
    }
}

5. Links to relevant resources:

2

Hello!

It sounds like Cloudflare is reverse proxying your website, not just serving DNS that points to your VPS. Cloudflare does their own rewriting/custom response for 5XX errors, see the Cloudflare Docs

If you run a DNS lookup for your domain, does it return with your VPS Public IP address or a Cloudflare IP address?

Additionally, I’m not sure that serving files from the /home/* folder is recommended on Ubuntu:

If you’re running Caddy as a systemd service, reading files from /home will not work, because the caddy user does not have “executable” permission on the /home directory (necessary for traversal). It’s recommended that you place your files in /srv or /var/www/html instead.

Above quote from the Caddy Docs

I’d recommend moving the file, and additionally, updating your Caddy config to do the rewrite a little differently to restrict access to only the files inside of your site1.com folder:

site1.com, www.site1.com {
    reverse_proxy 127.0.0.1:5000

    reverse_proxy /api/_content 127.0.0.1:5000/api/_content
    reverse_proxy /api/* 127.0.0.1:9000/api

    handle_errors 5xx {
        root * /var/www/html/site1.com/
        rewrite * maintenance.html
        file_server
    }
}