1. Output of caddy version
:
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I run Caddy:
- Domain nameservers set to Cloudflare
- Running Caddy v2 as a reverse proxy in front of multiple other web servers. This is done to achieve a “single ip” for working with clients.
- Web servers configured with Runcloud.io that handle websites. Runcloud has ability to manage TLS certs and provision Let’s Encrypt certs.
a. System environment:
- Bare metal running on Proxmox
- Caddy Ubuntu 22 running on proxmox (IP: 67.215.9.132)
- Runcloud web server / Ubuntu 22 running on proxmox (IP: 67.215.10.172)
b. Command:
Caddy running on system daemon via API mode
d. My complete Caddy config:
{
"admin": {
"disabled": false,
"enforce_origin": false,
"listen": "0.0.0.0:2019",
"origins": [
"localhost:2021",
"localhost:2019",
"134.41.73.117"
]
},
"apps": {
"http": {
"servers": {
"w3stage": {
"automatic_https": {
"disable_certificates": true
},
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "67.215.10.172"
}
]
}
],
"match": [
{
"host": [
"w3stage.com",
"www.w3stage.com"
]
}
]
}
]
}
}
}
},
"storage": {
"module": "file_system",
"root": "/caddy"
}
}
3. The problem I’m having:
I can’t get w3stage.com to load up with an SSL cert at this time.
The Caddy server has entries for w3stage.com and should be pushing traffic to the Runcloud server.
In the Runcloud server, I have an application provisioned for w3stage.com, all nginx host files created (for both domain and www.)
I need to answer “where should I be generating my TLS certs at?” in two separate scenarios:
a) With Cloudflare Proxy enabled
In this scenario, Cloudflare provides a TLS cert. I think I would want both Caddy and Runcloud to serve the domain using Cloudflare’s cert and not try to do anything else.
b) With Cloudflare proxy disabled (or, a non-cloudflare nameserver)
In this scenario, I think I would want Runcloud to generate the cert and have Caddy forward all traffic for the domain to Runcloud, and let that server sort things out.
Am I wrong on these assumptions?
For each of these scenarios, how must I alter my Caddy config?
5. What I already tried:
- With Cloudflare proxy enabled, i’ve seen cipher mismatching
- With Cloudflare proxy disabled, i’ve seen redirect loops
When I try to generate a Let’s Encrypt cert on the Runcloud server (via http authorization), it fails because i believe Caddy picks up the requests.