1. Caddy version (caddy version
):
2.0.0
2. How I run Caddy:
a. System environment:
Ubuntu 20.04 LTS
b. Command:
systemctl start caddy.service
# or
systemctl reload caddy.service
c. Service/unit/compose file:
Standard file installed by OS package manager. No changes.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
(redirect) {
@http {
protocol http
}
redir @http https://{hostport}{uri} 301
}
(geoserver_reverse_proxy) {
# Reverse proxy to Geoserver running on different host on non-HTTPS port
reverse_proxy 192.168.100.100:8080 {
header_up X-Forwarded-Host {hostport}
}
}
mydomain.com:8080 {
import redirect
import geoserver_reverse_proxy
}
mydomain.com {
# Serve other content on port 80 / 443
}
3. The problem Iām having:
-
I am trying to use Caddy as a reverse proxy for Geoserver.
-
Geoserver is running on host with IP 192.168.100.100:8080 (not HTTPS).
-
The Caddy host will be running another app on the default HTTP(S) ports 80/443.
-
My problem/requirement is that HTTP requests on
mydomain.com:8080
should be re-directed to HTTPS on the same port. -
With Nginx, the relevant working configuration is shown below. Any HTTP request to
mydomain.com:8080
gets redirected to HTTPS.
# Nginx config
server {
listen 8080 ssl;
server_name mydomain.com;
ssl_certificate host.crt;
ssl_certificate_key host.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
error_page 497 =301 https://$host:$server_port$request_uri;
location / {
proxy_pass http://192.168.100.100:8080/geoserver/;
proxy_pass_header Set-Cookie;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /geoserver/ {
proxy_pass http://192.168.100.100:8080/geoserver/;
proxy_pass_header Set-Cookie;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
-
You may notice I have not set up the routes in my Caddyfile the way it is in Nginx, but that can come later. Re-direction from HTTP to HTTPS is more crucial for me.
-
So my question would be - is redirecting HTTP to HTTPS on the same port possible? If so, what changes should I make to the Caddyfile?
4. Error messages and/or full log output:
I get a HTTP 400 Bad Request when visiting http://mydomain.com:8080
. There is also no automatic redirection to https.
If using https
instead of http
, reverse proxying works fine.
5. What I already tried:
I tried using the redir directive with matcher for http protocol
as seen above to no avail. If I use scheme
instead of protocol
as shown in Caddyfile Concepts ā Caddy Documentation , I get an error when validating the Caddyfile
validate: adapting config using caddyfile: getting matcher module 'scheme': module not registered: http.matchers.scheme
Maybe I am not using it in the right place???
I also tried using the Nginx adapter to try and convert the working configuration, but the result doesnāt give me much confidence. Here is the output if anyoneās interested.
{"apps":{"http":{"servers":{"server_0":{"listen":[":8080"],"routes":[{"match":[{"host":["mydomain.com"]},{"path":["/*"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","headers":{"request":{"set":{"Host":["{http.reverse_proxy.upstream.host}"]}}},"upstreams":[{"dial":"tcp
/192.168.100.100:8080"}]}],"match":[{"path":["/*"]}]}]}]},{"match":[{"host":["mydomain.com"]},{"path":["/geoserver/*"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","headers":{"request":{"set":{"Host":["{http.reverse_proxy.upstream.host}"]}}},"upstreams":[{"dial":"tcp/192.168.100.100:8080"}]}],"match":[{"path":["/geoserver/*"]}]}]}]}]}}}}}