Caddy with reverse proxy + dns

First of all, excuse my lack of networking knowledge.

I’m trying to use Caddy as a reverse proxy for some services on a machine in my home network.

I’m just stuck when trying to grok the link between my self-hosted DNS and Caddy, and how to make a domain name resolve to the correct Caddy service.

The setup I have is as follows:

1 machine running CoreDNS. This machine has A records for machines on my network, i.e:

nuc.home.lab.    IN  A
pi.home.lab.       IN  A

This is currently working, and when I hit nuc.home.lab or pi.home.lab I am directed to the correct place.

Now, the missing link I have is how does Caddy fit into this setup?

I have a service on pi.home.lab for example, which is listening on port 8081, so I can go to in a browser and I can see the correct thing.

I’ve tried running Caddy on with:

pi.home.lab {
  reverse_proxy localhost:8081

But it doesn’t seem to work, the request hangs when it’s forwarded from the DNS server, is there something I’m fundamentally missing about how this should work? Should I have Caddy running on the same server as my DNS?


This seems at odds - you said your DNS for pi.home.lab is but you’re running Caddy with that domain on Those need to match.

Also, I think Caddy will attempt to issue a cert from Let’s Encrypt here, unless you tell it not to. Since pi.home.lab is not a publicly accessible name, that won’t work. Let’s Encrypt needs to be able to reach pi.home.lab to verify that it’s a real server. You can read about this here:

I’ll look at the docs in order to stop the TLS cert generation, no worries there. I’m just curious if this is the right setup at all, in general.

Would my DNS server pointing pi.home.lab at, with Caddy listening on port 80 on with a config similar to:

automatic_https off

pi.home.lab {
  reverse_proxy localhost:8081

work? I can’t try it right now unfortunately, but I’m curious if this is a setup that could work for Caddy. Does the hostname directive (pi.home.lab) in Caddy match the request URL or something?

Yes that should work, but the global options need to be enclosed within a block (curly braces) and auto_https off is the option.

The hostname is matched using SNI (Server Name Identification) for HTTPS connections if available, and the Host header for HTTP connections. Well behaved HTTP clients will set those automatically.

If you want Caddy to accept any connection on port 80 (i.e. making a request with just the IP address directly, or another name that resolves to that machine, like localhost when the request is being made from the machine Caddy runs on) then you could replace pi.home.lab with :80 in your Caddyfile. This would skip the hostname matching.

Using host matching (like you currently have configured), you can also have multiple sites proxied to by Caddy if you need to. You could make foo.home.lab also resolve to and have a separate site for that.

This topic was automatically closed after 30 days. New replies are no longer allowed.