1. The problem I’m having:
I’m trying to use Caddy on a local windows machine as a reverse proxy to serve https traffic to a Docker container running Windows/IIS. I’ve mapped port 80 to 8086 and 443 to 8087 in Docker. I’ve added an entry in my hosts file to point sub.acme.com to 127.27.16.9.
From my machine, if I browse to http://sub.acme.com, it works.
If I browse to https://sub.acme.com:8087, it works.
If I enter an interactive session on my container, add a host value that maps 127.0.0.1 to sub.acme.com and curl it, it returns content.
However, if I browse https://sub.acme.com from my local machine, I get an error in the Caddy logs (see next section).
I’ve enabled Failed Request Tracing in IIS for the container and I’m not seeing anything logged from these requests.
The cert installed in IIS is a PFX cert. Caddy is using a PEM and KEY. I pulled both the PFX and the PEM/KEY from Digicert. The PEM is the full cert with root and intermediate. I’ve tried to omit the cert but then it spins trying to pull a cert from LetsEncrypt.
UPDATE
I got this working using the native Windows netsh service using the following command. I’d still like to get it working with Caddy (it bugs me when things don’t work).
netsh interface portproxy add v4tov4 listenport=443 listenaddress=127.27.16.9 connectport=8087 connectaddress=127.0.0.1
2. Error messages and/or full log output:
2023/08/24 15:42:12.904 ←[31mERROR←[0m http.log.error read tcp 127.0.0.1:60831->127.27.16.9:8087: wsarecv: An existing connection was forcibly closed by the remote host.
{
"request": {
"remote_ip": "127.0.0.1",
"remote_port": "60769",
"client_ip": "127.0.0.1",
"proto": "HTTP/2.0",
"method": "GET",
"host": "sub.acme.com",
"uri": "/",
"headers": {
"Sec-Ch-Ua": [
"\"Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"115\", \"Chromium\";v=\"115\""
],
"Sec-Fetch-Mode": [
"navigate"
],
"Cookie": [],
"Sec-Fetch-User": [
"?1"
],
"Sec-Ch-Ua-Platform": [
"\"Windows\""
],
"User-Agent": [
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"
],
"Sec-Fetch-Site": [
"none"
],
"Accept-Language": [
"en-US,en;q=0.9,la;q=0.8"
],
"Dnt": [
"1"
],
"Upgrade-Insecure-Requests": [
"1"
],
"Accept-Encoding": [
"gzip, deflate, br"
],
"Accept": [
"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
],
"Sec-Fetch-Dest": [
"document"
],
"Pragma": [
"no-cache"
],
"Cache-Control": [
"no-cache"
],
"Sec-Ch-Ua-Mobile": [
"?0"
]
},
"tls": {
"resumed": true,
"version": 772,
"cipher_suite": 4865,
"proto": "h2",
"server_name": "sub.acme.com"
}
},
"duration": 0.0029005,
"status": 502,
"err_id": "33f68vmy0",
"err_trace": "reverseproxy.statusError (reverseproxy.go:1248)"
}
3. Caddy version:
version v2.7.4 h1:J8nisjdOxnYHXlorUKXY75Gr6iBfudfoGhrJ8t7/flI=
4. How I installed and ran Caddy:
a. System environment:
I downloaded the AMD64 executable for Windows from the Caddy download page and installed it. My machine is Windows 7. My Docker is Docker version 24.0.5, build ced0996. I am running Windows containers and not Unix containers. Caddy is not running inside of Docker but directly on my computer.
b. Command:
.\caddy_windows_amd64.exe run
Ran from Powershell. This might look weird, but that’s the name of the executable and I never changed it.
c. Service/unit/compose file:
N/A
d. My complete Caddy config:
sub.acme.com:80 {
reverse_proxy 127.27.16.9:8086
}
sub.acme.com:443 {
reverse_proxy 127.27.16.9:8087
tls star_site_com.pem wildcard_site_com.key
}