Caddy - 502 Bad Gateway

Caddy is deployed as HTTPS facing to proxy requests to multiple backends,

non-TLS backends works fine with the below configs,

> https://subA.domain.com 			{
> 	tls /etc/caddy/domain.CRT.PEM /etc/caddy/domain.KEY.PEM
> 	proxy / http://backendA         { transparent }
> 									}

TLS backends does not work fine with the below configs,

> https://subB.domain.com 			{
> 	tls /etc/caddy/domain.CRT.PEM /etc/caddy/domain.KEY.PEM
> 	proxy / https://backendB        { transparent }
> 									}

Such platforms imposes self-signed certificates during install/setup so, my question is; theoretically should certificates be the same for both segments Client/Proxy and Proxy/Backend during the TLS request?
Please advice

Try using insecure_skip_verify inside the proxy directive
https://caddyserver.com/docs/proxy

1 Like

@Nixtren Thanks it works!

insecure_skip_verify overrides verification of the backend TLS certificate, essentially disabling security features over HTTPS.

Is this somehow converting BackendB and get it treated as BackendA in the above example or still Proxy/Backend on secured connection?

With insecure_skip_verify, the HTTPS connection technically works but isn’t secure, since somebody can be MITMing your connection and you would not know it (or any number of other things).

1 Like