Caddy reverse proxy https variables

Hi I’m a little new to Caddy coming from the nginx side of the equation.

I hate to litter the forums with questions but I can’t seem to find anything in the documentation

  1. It appears Caddy has the ability to proxy_pass to upstream servers simply by using something like:

    proxy / https://192.168.1.221:8484 {
    keepalive 32
    transparent
    }

Coming from the ngnix side of the equation I’m used to add options similar to

proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
proxy_ssl_session_reuse on;
#proxy_ssl_verify off;
proxy_ssl_server_name on;

proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;

are there equivalent caddy settings in regards to ssl_protocols to include/exclude

  1. Are the use of client SSL certificates possible with Caddy? Is there documentation for this use case?

Thanks I’m sure this will be the first group of questions of many more to come.

1 Like

In Caddy v2 it would look like this:

reverse_proxy https://192.168.1.221:8484 {
    transport http {
        tls_trusted_ca_certs /etc/ssl/certs/ca-certificates.crt
    }
}

It’s as simple as that! Caddy uses secure defaults. See the docs here for the rest of the configuration options for the reverse_proxy directive:

No worries, that’s what the forums are for!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.