1. Caddy version:
v2.6.2
2. How I installed, and run Caddy:
docker compose
a. System environment:
Docker, Lubuntu
b. Command:
docker compose up caddy -d
c. Service/unit/compose file:
version: "3.8"
networks:
caddy:
external: true
services:
caddy:
image: caddy:latest
container_name: caddy
restart: unless-stopped
networks:
- caddy
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- /opt/appdata/caddy/Caddyfile:/etc/caddy/Caddyfile:rw
- /opt/appdata/caddy/site:/srv
- /opt/appdata/caddy/data:/data/caddy
- /opt/appdata/caddy/config:/config/caddy
gotify:
image: gotify/server
container_name: gotify
networks:
- caddy
ports:
- 1245:80
volumes:
- "/opt/appdata/gotify:/app/data"
restart: always
d. My complete Caddy config:
{
cert_issuer zerossl [redacted]
email [redacted]
}
(authentik) {
reverse_proxy /outpost.goauthentik.io/* http://authentik:9000
forward_auth http://authentik:9000 {
uri /outpost.goauthentik.io/auth/caddy
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
}
}
# works fine
auth.example.com {
reverse_proxy authentik:9000
}
gotify.example.com {
# No authenik here for now, just trying to get it working normally first
# I experienced this problem before authentik was installed
reverse_proxy gotify:1245
}
# works fine
example.com {
import authentik
reverse_proxy homepage:3000
}
3. The problem I’m having:
Caddy gives me errors when accessing a single service (Gotify) via reverse proxy despite the service working just fine on localhost:port. No other app experiences this problem, and they are set up identically.
4. Error messages and/or full log output:
caddy | {"level":"error","ts":1675163175.496656,"logger":"http.log.error","msg":"dial tcp 172.22.0.8:1245: connect: connection refused","request":{"remote_ip":"192.168.1.1","remote_port":"60424","proto":"HTTP/2.0","method":"GET","host":"gotify.example.com","uri":"/","headers":{"User-Agent":["curl/7.85.0"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"gotify.example.com"}},"duration":0.001130156,"status":502,"err_id":"7ys3ep101","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
caddy | {"level":"error","ts":1675163184.699816,"logger":"http.log.error","msg":"dial tcp 172.22.0.8:1245: connect: connection refused","request":{"remote_ip":"192.168.1.1","remote_port":"37216","proto":"HTTP/2.0","method":"GET","host":"gotify.example.com","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":[],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["same-site"],"Sec-Fetch-User":["?1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"gotify.example.com"}},"duration":0.000409353,"status":502,"err_id":"0s3vmtzzs","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
5. What I already tried:
- Mapping different ports to the Gotify docker container
- Mapping a local port to port 443 in the container (1245:443)
6. Links to relevant resources:
Security Headers not Working with Reverse Proxy? (I’m not using caddy security so I wasn’t sure how to make this apply to me)