Clarifications About Proxy Setup

Hi All

What I am trying to achieve: we need a layer 7 reverse proxy as we have multiple domains which terminate to one public IP

We would like to then split these out.

I have no problem with the routing however I think I may be missing some of the finer points.

The instructions I am using: https://caddyserver.com/docs/proxy

I built the following config files (some obfuscation is in play)

Had to post on pasted bin as there is a limit of links

In C:\Caddy there is an index.html file

This is what I am observing:

Site 1 does not have an explicit HTTP binding however if I browse to it on HTTP it redirects to the backend specified by site 2
Site 2: no issues proxies HTTP and HTTPs as expected
Site 3: No issues proxies HTTP traffic as expected
Site 4: Proxies to backend on site 2 if HTTP is used. If HTTPS is specified the correct file is served up (no proxying)
Site 5: no issues serves up HTML file as expected
Site 6: Serves HTML file From C:\Caddy (where the executable is)

What I am struggling with

Why do HTTP sites proxy to backends while HTTP do not?
Is there a precendene I need to be aware of?
Do proxy statements live withing blocks?

Or should I be more explicit

e.g:

site1.xyz
{
proxy site1.xyz/ backend1 {
** policy round_robin**
** transparent**
** insecure_skip_verify**
** }**
}

Andrei

Hi @ahaw021, firstly:

You can get around this by instead using the proper code formatting. You can do that by indenting code lines with four spaces, opening and closing a code block with three backticks ( ``` ), or selecting your text in the editor and clicking the code button ().

Immediately I see one large problem with your Caddyfile. Looking at the specification for Caddyfile structure (available at The Caddyfile — Caddy Documentation), you must open a site definition block with a brace at the end of the label line, not on a new line - like so:

https://site1.lab-yyy.xyz {
    proxy / https://site1.lab-yyy.xyz:8000 {
        policy round_robin
        transparent
        insecure_skip_verify
    }  
}

I believe all of your issues stem from the unintentionally global scope of all your Caddy directives. With the correct structure, I suspect you will find Caddy’s behaviour much more consistent.

1 Like

hi @Whitestrake

Thanks for the pointers on the blocks

Figured out why the below was happening

Site 4: Proxies to backend on site 2 if HTTP is used. If HTTPS is specified the correct file is served up (no proxying)

I was not forwarding the HTTP traffic form the Firewall to the Caddy server :frowning:

This explain why I was getting content from the HTTPS bindings but not the HTTP bindings (as they were routed elsewhere by the firewall).

Sometimes it’s the simple things

Andrei

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.