1. The problem I’m having:
I would like to be able to run my Caddy reverse proxy on a linode. All of my services are hosted on premises. I have my local server connected to the linode via tailscale. When I am on my LAN or my tailscale network, I do not want all my traffic to proxy through my linode.
When I was using traefik (locally) I simply set a DNS Redirect rule in AdGuard . Now that I have moved my reverse proxy to linode (and switched to Caddy), I can’t quite figure out how to do this. If i only have Caddy on the linode, then all my local traffic is proxied through the linode.
What I’ve shown below is my best attempt to get this work. The idea is the front end transparently passes everything to the backed caddyfile which does all the proxying to services. However when I do this I get an infinite redirect loop or SSL issues depending on how I set it up.
Sorry if this is an obvious question, still learning the vocabulary.
2. Error messages and/or full log output:
* Trying 139.144.172.113:443...
* Connected to netdata.cyborgman.me (139.144.172.113) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection 0
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error
3. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
4. How I installed and ran Caddy:
a. System environment:
Ubuntu 22.04
Caddy installed with apt and started with systemd.
b. Command:
sudo systemctl restart caddy
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateDevices=yes
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
Frontend Caddyfile (on linode)
testvm is the hostname as defined in tailscale
{
debug
}
*.cyborgman.me {
reverse_proxy testvm
log {
output file /var/log/caddy/acess.log
}
}
Backend Caddyfile (on prem)
{
debug
}
netdata.cyborgman.me {
reverse_proxy http://localhost:19999
log {
output file /var/log/caddy/access.log
}
}