Maybe something like this:
:443 {
tls internal {
on_demand
}
@portLocalhost header_regexp port Host ^([0-9]+)\.localhost$
handle @portLocalhost {
reverse_proxy localhost:{re.port.1}
}
handle {
respond "Bad hostname" 400
}
}
But a config like this would only be appropriate for development/local use. I cannot recommend this kind of pattern for production. Using on_demand opens you up for abuse unless you configure Caddy with the ask option to limit the domains for which certificates are issued.