1. The problem I’m having:
Hello,
First, thank you Mr Holt for your help in getting me logged in again.
My question.
I have a website I’m designing that’s served via Golang, this is on another machine to the caddy server. While I can reverse proxy to the machine using h1 easily enough, I need to develop the website using zero trust principles. So, while a client hitting caddy communicates via h2, the reverse proxy to the go programming is using h1.
What I don’t understand is what’s the best practice for the certificates? I see that caddy has created certs for the reverse proxy, but how are they accessed from the backend pc running the go website? On the other hand, I can generate self-signed certs on the backend pc, but how do I expose them to caddy? Plus, I think self-signed, even on an internal network is not best practice.
I’ve seem to remember reading that caddy can also operate as a CA provider, is that correct?
Sorry for all the questions, but can anyone recommend anything that covers this subject please? I know it’s a bit abstract, but until I know what I SHOULD be doing, I can’t ask questions relating to HOW I should do it.
Thanks for taking the time to read my blerb, I hope it made sense!
Salts x
2. Error messages and/or full log output:
N/A
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
3. Caddy version:
v2.10.0
4. How I installed and ran Caddy:
Running via systemctrl
Compiled using xcaddy with a porkbun addon
a. System environment:
│ File: /etc/os-release
───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ PRETTY_NAME=“Armbian 25.8.1 noble”
2 │ NAME=“Ubuntu”
3 │ VERSION_ID=“24.04”
4 │ VERSION=“24.04 LTS (Noble Numbat)”
5 │ VERSION_CODENAME=noble
6 │ ID=ubuntu
7 │ ID_LIKE=debian
8 │ HOME_URL=“https://www.armbian.com”
9 │ SUPPORT_URL=“https://forum.armbian.com”
10 │ BUG_REPORT_URL=“Bug reporting - Armbian”
11 │ PRIVACY_POLICY_URL=“https://www.armbian.com”
12 │ UBUNTU_CODENAME=noble
13 │ LOGO=“armbian-logo”
14 │ ARMBIAN_PRETTY_NAME=“Armbian 25.8.1 noble”
b. Command:
N/A
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
c. Service/unit/compose file:
N/A
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
d. My complete Caddy config:
N/A
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.