Ask server for on-demand tls

1. The problem I’m having:

I am using Caddy as a front-end to a Nomad/Consul cluster. The cluster runs Fabio, which automatically does service discovery based upon tags in the Consul catalog and then reverse proxies to the relevant service. Caddy sits behind the firewall and in front of Fabio as a reverse proxy, obtaining TLS certificates for the backend services and terminating TLS connections. All of this works beautifully.

I would like some help on how to set up an “ask” server for this situation. Fabio has an API where I could receive a list of its routes in JSON. Is there a simple way to use this response with Caddy or do I need to write a complete web app in Go or Java to do it? Or is the best approach just to test the domain on Fabio and see if there is a response?

2. Error messages and/or full log output:

No errors, just seeking advice.

3. Caddy version:


4. How I installed and ran Caddy:

a. System environment:

FreeBSD, running in jail with its own IP address

b. Command:

service caddy start

c. Service/unit/compose file:

Not relevant

d. My complete Caddy config:

Not relevant

5. Links to relevant resources:

There’s no way to parse the response in any special way with the ask config option. It just makes an HTTP request and expects either status 2xx for a :+1: and any other status for a :-1: to issue a cert for that domain.

You could write another site in your Caddy config that does the work of fetching and matching the content, but you’d probably be better off writing an endpoint in your app layer that Caddy would make a request to.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.