Caddy as reverse proxy in local network

1. Caddy version:


2. How I installed, and run Caddy:


a. System environment:


b. Command:

Paste command here.

c. Service/unit/compose file:

version: "3.7"

    image: caddy:latest
    restart: unless-stopped
      - "80:80"
      - "443:443"
      - "443:443/udp"
      - $PWD/Caddyfile:/etc/caddy/Caddyfile
      - $PWD/site:/srv


  # The priv_lan network is already setup, so it is an 'external' network
      name: priv_lan

d. My complete Caddy config:

    auto_https off

x.home.lan {

3. The problem I’m having:

I would like to use Caddy in my local network as reverse proxy. In Adguard home I set DNS rewrite: *.home.lan → So any subdomain at *.home.lan resolves to Caddy’s IP address. I do not need https, so I disabled it. I set ipv4_address, because I would like that the container shows up as a real IP on my local network.

After bringing docker-compose up, I can ping Caddy’s IP, but that’s all, I can’t access services defined in the Caddyfile.

4. Error messages and/or full log output:

mihalkoadrian@Adrian-MacBook-Pro ~ % curl http://x.home.lan
curl: (7) Failed to connect to x.home.lan port 80 after 74 ms: Couldn't connect to server
mihalkoadrian@Adrian-MacBook-Pro ~ % dig x.home.lan

; <<>> DiG 9.10.6 <<>> x.home.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44224
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;x.home.lan.			IN	A

x.home.lan.		10	IN	A

madrian@debian:~/docker/caddy$ docker-compose up
Building with native build. Learn about native build in Compose here:
Starting caddy_caddy_1 ... done
Attaching to caddy_caddy_1
caddy_1  | {"level":"info","ts":1676500201.4216044,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
caddy_1  | {"level":"warn","ts":1676500201.424177,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
caddy_1  | {"level":"info","ts":1676500201.4265282,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//","//localhost:2019","//[::1]:2019"]}
caddy_1  | {"level":"warn","ts":1676500201.427776,"logger":"http","msg":"automatic HTTPS is completely disabled for server","server_name":"srv0"}
caddy_1  | {"level":"info","ts":1676500201.42843,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
caddy_1  | {"level":"info","ts":1676500201.428868,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See for details."}
caddy_1  | {"level":"info","ts":1676500201.4293804,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
caddy_1  | {"level":"info","ts":1676500201.4301066,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy_1  | {"level":"info","ts":1676500201.4305398,"msg":"serving initial configuration"}
caddy_1  | {"level":"info","ts":1676500201.4311547,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00040b420"}
caddy_1  | {"level":"info","ts":1676500201.4316404,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
caddy_1  | {"level":"info","ts":1676500201.4320703,"logger":"tls","msg":"finished cleaning storage units"}

5. What I already tried:

6. Links to relevant resources:

Is priv_lan network configured externally as a Docker macvlan bridge?

Can you please elaborate on “can’t access”? There’s a million possible things that can prevent you from being able to access something - firewalls, routing issues, configuration issues. If you could explain the exact behaviour that occurs when you attempt to access the services and failing - what results or error messages you get, what screens you see, etc - we might be able to suggest what specific kind of issue you’re experiencing.

1 Like

Yes, using:

docker network create -d macvlan
-o parent=ens192 priv_lan

Already included in the log file, but here it is again:

mihalkoadrian@Adrian-MacBook-Pro ~ % curl http://x.home.lan
curl: (7) Failed to connect to x.home.lan port 80 after 74 ms: Couldn't connect to server

x.home.lan is defined in Caddyfile, I can ping it, but I get Couldn’t connect to server when I am trying to connect to this address. I think it is some of network configuration issue, because I don’t see any connection attempt in Caddy’s log.

Thank you,

I found the error, I need to specify port :80, I think because I am not using https.

    auto_https off

service1.home.lan:80 {

service2.home.lan:80 {

First reverse proxy works without any problem, 1.54 is a physical PC on my network.

But, there is a problem with accessing any service on the host (1.155, where the Caddy and other containers are hosted).

caddy_1 | {"level":"error","ts":1676570117.1278238,"logger":"http.log.error","msg":"dial tcp i/o timeout","request":{"remote_ip":"","remote_port":"63823","proto":"HTTP/1.1","method":"GET","host":"x.home.lan","uri":"/","headers":{"User-Agent":["curl/7.86.0"],"Accept":["*/*"]}},"duration":3.001463332,"status":502,"err_id":"03ed6wa13","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.