Change tls ask querystring?

1. Output of caddy version: 2.6.2

2. How I run Caddy:

docker compose

a. System environment:


b. Command:

RUN caddy start --config /usr/caddy/Caddyfile

c. Service/unit/compose file:

FROM caddy:2.6.2-builder AS builder

RUN xcaddy build \
FROM caddy:2.6.2

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

RUN mkdir -p /usr/caddy
COPY Caddyfile /usr/caddy

RUN caddy start --config /usr/caddy/Caddyfile

d. My complete Caddy config:


	on_demand_tls {
		interval 2m
        burst    5
	storage redis {
		"address": "",
		"host": "{$REDIS_HOST}",
		"port": "{$REDIS_PORT}",
		"db": {REDIS_DB},
		"password": "{$REDIS_PASSWORD}",
		"timeout": 5,
		"key_prefix": "",
		"value_prefix": "",
		"tls_enabled": true,
		"tls_insecure": false

tls {
reverse_proxy / {$PROXY_BACKEND}

3. The problem I’m having:

I’m trying to use an existing domain verification api that I sadly don’t have access to edit; it’s a env variable in the config but resolves to

Currently it will return a 204 for allowed domains specified directly after the url; i.e and 404 for anything not allowed however caddy formats its ask requests as

As i don’t have access to edit the API i’m wondering if there’s any way to change the format caddy sends its ask requests or redirect it.

4. Error messages and/or full log output:


5. What I already tried:

6. Links to relevant resources:

No, it’s hard-coded.

You could hack it by using a site in Caddy to perform a rewrite though.

	on_demand_tls {
		ask http://localhost:5001/

https:// {
	tls {
	reverse_proxy {$PROXY_BACKEND}

:5001 {
	rewrite * /v2/verificationapi/{query.domain}

FYI, your syntax for storage redis is incorrect. Caddyfile config is not JSON.

And you should remove the / from your reverse_proxy. Path matching in Caddy is exact, so a matcher of / will only match exactly / and nothing else, so only requests to your home page would be proxied, and everything else would get an empty response.

1 Like