Configure caddy with BigIP

lukes · June 17, 2020, 3:37pm

1. Caddy version (`caddy version`):

v2.1.0-beta.1 h1:nG+Y2NuoqGvJEnHlVO5PXtTxuc2yHsjr2nU+dJ5yETk=

2. How I run Caddy:

sudo /home/luke/bin/caddy run

a. System environment:

Fedora 32

b. Command:

sudo /home/luke/bin/caddy run

c. Service/unit/compose file:

N/A

d. My complete Caddyfile or JSON config:

{
debug
admin off
local_certs
}
mytesthost.com:61000 {
bind 192.168.1.2
root * /home/luke/srv/test/
file_server

}

3. The problem I’m having:

I have BigIP F5 firewall that opens port 443 for https and manages SSL cert. How Do i configure CaddyServer to work in that configuration. Normally all our web servers work on port 80 without ssl, since they are behind firewall and all traffic within internal network does not have to be encrypted.

4. Error messages and/or full log output:

5. What I already tried:

My caddyfile is the last version of things that I tried

6. Links to relevant resources:

anon84660212 · June 17, 2020, 4:20pm

Just open port 80/443 on your firewall and caddy will automatically get the certs and configure itself as long as you have an A record pointing to mytesthost.com. There isn’t much to do, your config looks fine.

Not sure what these are for though, might want to remove them to do a test first.

{
debug
admin off
local_certs
}

Just have;

mytesthost.com:61000 {
bind 192.168.1.2
root * /home/luke/srv/test/
file_server

}

Check your syslog file for errors.

lukes · June 18, 2020, 7:13pm

For anybody that wants to create this configuration… I made it work.

Server configuration:

Fedora 32 Server

Caddyserver v2.1 with following Cadyfile:

{
 debug
 admin off
}
next-app.xxxxxxxx.com {
 
 bind 192.168.1.199
 root * /home/luke/srv/test/
 file_server
 
 log {
 	level DEBUG
 	output stdout
 	format json
 }
}

BigIP configuration:

Two virtual servers, one for port 80 and one for port 443, both have athe same pool with a member 192.168.1.199 for all services (port *)
Virtual Server with port 443 has no HTTP, SSL Client and SSL Server profile selected and I enabled Address Translation and Port Translation and setting Source Address Translation to AutoMap

system · July 17, 2020, 3:37pm

This topic was automatically closed after 30 days. New replies are no longer allowed.