Can caddy use https and direct traffic to http site

1. Caddy version (caddy version):


2. How I run Caddy:

caddy reverse-proxy --from :2016 --to

a. System environment:

macOS 10.15.7

b. Command:

caddy reverse-proxy --from :2016 --to

c. Service/unit/compose file:

Not using

d. My complete Caddyfile or JSON config:

Not using

3. The problem I’m having:

Can I login to http site with reverse proxy TLS https connection?

Can I use caddy reverse proxy with TLS to reach a non TLS/http site?

That is, how can Caddy generate a cert (Let’s encrypt, for example) to make a secure connection from external to caddy then securely connect from caddy to the internal non https/secure site? Not sure if that’s possible but I don’t know caddy.

4. Error messages and/or full log output:

5. What I already tried:

I’ve tested a basic reverse proxy which works with port 80 non TLS. But not sure if a TLS connection to non secure site is possible.

6. Links to relevant resources:

Maybe I just need to register a domain to my external IP then use a caddy file or JSON to say 443 and caddy will generate the cert and serve via TLS?

found this:

Hi @pointer.daubers,

There’s two connections happening in this scenario: from you to Caddy, and then from Caddy to upstream.

Caddy can secure the connection between yourself and Caddy with HTTPS.

Caddy can also connect to a secure upstream, but Caddy cannot take an insecure upstream and change it to be secure.

That said, as long as you ensure nobody can connect to the upstream server (e.g. firewall it from non-Caddy connections), Caddy can provide a secure gateway to an insecure upstream. This is, I would argue, one of Caddy’s most common and powerful use cases.

1 Like

Thank you for confirming that Caddy can secure the connection to Caddy itself.

To make this happen I would need to specify a host name in the Caddy file? That seems to be the next step.

I have now learned that this website needs two ports opened and so that’s why my one line Caddy command didn’t completely work. How do I forward two ports in a Caddyfile?

If need to forward port 9999 and 8577. The added “sharebrowser” folder path is a nice to have to only allow that path but the main thing is figuring out the structure to proxy two http ports

caddy reverse-proxy  --to

localhost {
        reverse_proxy /sharebrowser/* localhost:9999

localhost {
        reverse_proxy /sharebrowser/* localhost:8577

Close, but that doesn’t really make sense: you’re telling Caddy to serve localhost two different ways. So that will give you an error.

(Do you really need the file_server enabled? Just FYI the reverse-proxy command doesn’t enable a file_server, so remove that if you don’t intend to expose your files.)

To be clear, this isn’t port forwarding (which has to be done at the kernel or router level.) This is proxying.

What do you need to proxy from? If they need to be proxied from the same socket, then you’ll need some other factor to determine which port to proxy to.

1 Like

Thanks for helping me clear up what is possible or maybe not possible. It’s a great leap to grapple with Caddy at first glance and understand what is possible with reverse proxies.

Trying to connect to a web site that use port 80 (or 9999 we tested with at first) via Caddy reverse proxy and that works but apparently this site also uses port 8577 to talk to a database which isn’t working through the proxy. So not sure how to forward (or proxy) that as well.

It would be nice to have caddy to accept 443 traffic and redirect it to port 80 (or 9999 originally) and also whatever else was being requested (like this db via port 8577).

Looking at more complicated caddyfile examples, and well, it gets complicated quick.

Is your database running HTTP? Or some other protocol? If you’re proxying multiple protocols on the same port, you’ll want a TCP proxy, not an HTTP proxy:

This topic was automatically closed after 30 days. New replies are no longer allowed.