Caddy with Exchange 2016 and IIS websites

  1. My Caddy version: 1.0.4 Windows

I’ve just stumbled across Caddy having failed to set up IIS ARR Reverse Proxy to achieve what I need.

Specifically, I have a single public static IP address which points to my home lab server.

It’s currently running a few virtual servers, with the following being the ones I may be able to use Caddy with.

192.168.1.3 - Exchange Server and IIS Web Sites
192.168.1.6 - Web Server (or at least I’d like it to be!).

The problem that I’m having is that owing to the fact I only have one static IP address, all traffic from 80 and 443 is being port forwarded from my ISP router to 192.168.1.3 (Exchange Server and IIS Web Sites).

I’m also using WinACME to generate SSL certs for IIS Sites and Exchange (Although the Exchange one does require manual interaction every time it renews).

I’d like to separate the IIS web sites from the Exchange Server and put them on 192.168.1.6 (Web Server) whilst maintaining the Exchange Server on it’s current IP address.

So my questions are,

Can I do this with Caddy?

Will this mean that the SSL certs are no longer needed on the Exchange/IIS VM’s as I’d guess they would be managed by Caddy?

Are there any sample caddyfiles around that I can modify to suit my needs (Exchange/Web/SSL) and also learn from?

My intent would be to spin up another Windows Server 2016 VM on 192.168.1.7 which Caddy would be installed to as the Reverse Proxy.

Port forward 80 and 443 from the ISP router to 192.168.1.7, then let Caddy take care of sending the Exchange traffic to 192.168.1.3 and the web traffic to 192.168.1.6.

Thank you for reading this convoluted post!

Hi @colinr, welcome to the Caddy community!

Yes!

Yes.

There’s almost nothing to it! Just leave your sites where they are and point Caddy back to them, exactly like you said. A basic proxy looks like:

yourwebsite.example.com {
  proxy / 192.168.1.6
}

(Yes, that’s an entire valid Caddyfile with HTTPS!)

Here’s an older thread here on the forums with some discussion on reverse proxying Exchange, including some more examples: Exchange Server and Caddy

Sounds like an excellent setup. Go for it - and come back here if you run into any issues or have any other questions.

1 Like

Thanks for replying Matt.

Not going to plan at the moment.

This is a domain name redacted Caddy file that I’m using:

www.domain1.net, domain1.net {
proxy / 192.168.1.6
}

www.domain2.org.uk, domain2.org.uk {
proxy / 192.168.1.6
}

www.domain3.com, domain3.com {
proxy / 192.168.1.6
}

autodiscover.domain2.org.uk, autodiscover.domain1.net, autodiscover.domain3.com, mail.domain2.org.uk {
proxy / https://192.168.1.3 {
transparent
insecure_skip_verify
}
}

I’m using Windows Server 2016 as the host for Caddy, which is on IP 192.168.1.7, I’ve port forwarded 80 and 443 to this IP (I’ve also disabled Windows firewall on 192.168.1.6 and 7 whilst testing.

I’m executing Caddy by double clicking, it launches as expected and seems to hang with the following message: activating privacy features.

I think this might be to do with LetsEncrypt as I think I’ve exhausted certificate request attempts, so I removed the first 3 proxy / 192.168.1.6 entries and just left the autodiscover ones in, it did appear to request the certificates, but then terminates back to Windows, I guess this is not expected behaviour?

It’s Caddy for Windows 1.0.4, which I assume is the latest version as it was only downloaded yesterday.

Caddy should block when it’s serving (i.e. the window should stay indefinitely).

You probably want to run it from the command line instead of double clicking - this means that when it exits, the window will remain open and you can read the output. The output will be critical to determining why Caddy’s exiting.

My guess is that if you’re seeing it request multiple certificates but then fail out, maybe one of the later sites is not configured properly (in terms of DNS, if this is the case).

v1.0.4 is indeed the latest non-beta version.