I have got Caddyserv to make reverse-proxys to http backends but am unable to get Caddyserv to make a reverse-proxy to https.
I suspect that I don’t have something set in the Caddyfilefor it to make the ssl cert calls. The backend computers 1 and computer 2 have been configured with ssl certs vie lets Encrypt.
2. Error messages and/or full log output:
As stated earlier, I get no error when connecting to http virtual hosts (berryserv01 - berryserv04) but I get ERR_SSL_PROTOCOL_ERROR when trying to connect to mail, dripmail, drippics, dripcoder and driptubes.
3. Caddy version:
2.6.2
4. How I installed and ran Caddy:
Installed via Ubuntus apt command
a. System environment:
All computers are running Ubuntu server 24.04. Backend servers are running Apache2 or NginX Ports 80 and 443 are opened on all computers. hosts files are configured so that all pomuters can ping each other by machine name and via FQDN.
c. Service/unit/compose file:
I am not running docker, LXD or anything like that on any machine.
d. My complete Caddy config:
Final Notes:
I tried running Caddyserv with the debug argument in the config file. But nothing seemed to have changed. I also don’t know where to look for the log file if it generates one.
Note - Reminder that I already have the virtual hosts on the backends setup and configured with ssl via Lets Encrypt. If I point ports 80 and 443 from gateway to the one of the backends, the virtual hosts function perfectly for that computer. I bring this up again because I suspect there is some conflict between Caddyserv and the backends or just Caddyserv not being to create a certificate itself.
Thanks in advance.
My apologies, I thought I had included the Caddyserv configuration Caddyfile in my original post.
I added the debug option into it just now but still do not see anything in the /var/log/caddy directory. Is there another place I should be looking for the log file?
For some reason, the forum software won’t let me past the Caddyfile code directly into reply. I’ll try to upload the file.
Well, I’m having trouble getting my Caddyfile uploaded. I can’t upload it (the forum software will only let me upload images) and I can’t paste it into the reply because it doesn’t like something in the Caddyfile code.
I can’t figure out how to upload the file or insert it into the reply, but here is a link to it.
Caddy logs go to stderr by default, especially when run as systemd service, unless configured to output them elsewhere. You can find Caddy logs by running:
sudo journalctl -u caddy --no-pager | less +G
This version is too old. We’re not at 2.10.x. Don’t use the repository from Ubuntu/Debian. Use our repository to get the latest version.
It is likely the problem is the expected Host in upstream. Caddy passes all headers (except hop-by-hop) to upstream by default, including the Host header. In HTTPS connections, upstream may expect the Host header to match the TLS SNI, which in this case it doesn’t. You can fix this by adding the following line inside the reverse_proxy block:
header_up Host {upstream_hostport}
If the certificate of upstream is not trusted by the system, you need to add this line inside the transport block (which is nested inside reverse_proxy block):
tls_trust_pool file /path/to/cert.pem
You’ll find examples here, and I also recommend going through the page to understand thoroughly the reverse-proxy handler.