1. Caddy version:
2.6.2
2. How I installed, and run Caddy:
Docker
a. System environment:
Ubuntu 22.04 x64
b. Command:
NA
c. Service/unit/compose file:
NA
d. My complete Caddy config:
NA
3. The problem I’m having:
I have more of a general question about an exotic Caddy configuration I’m looking into implementing.
I have a Caddy server on a public IP (external server), and I’d like it to reverse-proxy other internal IPs, also running Caddy (internal servers). Typically, this means using the external server to generate TLS certicates for each connection. However, I would like to generate the certificates on the internal servers if possible, and reverse-proxy their TLS sessions without terminating them at the external server.
As far as actually generating the certs, I think this can be done with DNS-01 challenges (TXT records) even if the internal servers are not directly connectable by IP by 0SSL/LE, though this is admittedly still in the thought experiment stage. Assuming this is doable, how would the Caddy configuration on the external server look? Is this even possible?
The crucial detail is that the TLS sessions is terminated at the internal server, not the external server – I want to eliminate the possibility of surveillance of sessions by the external server.
So, is this possible?