Caddy config how to run multiple blocks

1. The problem I’m having:

I have a section in my caddy config file that looks like this:

{
    on_demand_tls {
        ask https://validation-example.com/validate_domain
    }
    storage dynamodb caddy_ssl_certificates
}
:80 {
    respond /health "Ok" 200
}
:443 {
    tls {
        on_demand
    }
    reverse_proxy destination {
        header_up X-Forwarded-Port {server_port}
    }
}

So for all domains that are pointing to my caddy server, I want to use on demand tls.
But now I also want to add some domain-specific configurations, so I tried to add the following:

faketest.com {
    log {
        output file /var/log/caddy/fake-test.log
    }
}

This was a test just to see if my idea worked, and sure enough, it creates a specific logfile for that domain, however, the :443-block is no longer executing, and therefore the reverse-proxy does no work for faketest.com, how should I write the config in order ensure that both the domain specific config, and the :443 block is executed?

2. Error messages and/or full log output:

No error

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

Generated a binary from Download Caddy, with the following two plugins:

  1. github.com/silinternational/certmagic-storage-dynamodb/v3
  2. GitHub - porech/caddy-maxmind-geolocation: Caddy v2 module to filter requests based on source IP geolocation

a. System environment:

Ubuntu 20.04 LTS

b. Command:

sudo systemctl start caddy

d. My complete Caddy config:

{
    on_demand_tls {
        ask https://validation-example.com/validate_domain
    }
    storage dynamodb caddy_ssl_certificates
}
:80 {
    respond /health "Ok" 200
}

faketest.com {
    log {
        output file /var/log/caddy/test.log
    }
}

:443 {
    tls {
        on_demand
    }

    reverse_proxy destination {
        header_up X-Forwarded-Port {server_port}
    }
}

5. Links to relevant resources:

Site blocks are terminal, meaning if handling goes to a specifically named site block, it will not fall through to your :443 site block.

That means you need to put reverse_proxy in every site block (and tls > on_demand too if you want that).

You can use snippets to avoid repeating the same config everywhere.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.