Guacamole on Caddy Reverse Proxy

Would appreciate it if anybody can provide some insight. I tried looking on the forums and found a few threads, however none of the fixes worked for me.

I have guacamole set up internally at

I can access the Guacamole GUI perfectly and the address of the direct connection is:

When I try to set this up in Caddyfile, I get a 502 error.

My file looks like this: {
proxy / {
header_upstream X-Real-IP {remote}
header_upstream Host {host}
header_downstream X-Real-IP {remote}
header_downstream Host {host}

When I go to, I get the following:

If you could provide more info that would be great.

  • is guacamole on http or https if https use proxy / https://… if http remove insecure_skip_verify

  • Is caddy alright? Can you set up a basic test site {
    root /myroot/

  • Is guacamole getting the request?

  • log requests to caddy {
    log / logfile.log “{common}”


1 Like

Thank you for your reply @tobya

Caddy works great otherwise. I have a bunch of other things running through my reverse proxy that work. Guac is just the one that’s been giving me a hard time.

It’s using https–I access my other serves by going to for example.

Would you like me to post the logs from the Caddy container?

I checked the Caddy logs and did notice an error I hadn’t seen before:

2018/02/04 17:03:28 [timeouts] failed to get certificate: acme: Error 400 - urn:acme:error:malformed - Error creating new authz :: DNS name does not have enough labels

All of my other setups work fine though (I have around 10), so I’m not sure if this is contributing to the issue. I also changed the http to https, but that didn’t do anything either.

Is what you posted above your entire unredacted Caddyfile?


Is the cert it fails to get the one that’s causing the 503 error?

1 Like

@matt, this is the entire Caddyfile: hastebin (everything there works, except the last one (desktop = guacamole).

@tobya, I’m not sure to be honest. How could I check?

This is the latest log output of Caddy ( = my router):

I would investigate the connection between the Caddy host and the Guacamole host as the possible culprit.

My Guacamole instance works with the following Caddyfile: {
  proxy / guacamole:8080/guacamole {
It's networked to Caddy via Docker Compose.
version: '3'

    image: guacamole/guacamole:latest
      - guacd
      - guacdb
      GUACD_HOSTNAME: guacd
      POSTGRES_USER: guac
    restart: unless-stopped

    image: guacamole/guacd:latest
    restart: unless-stopped

    image: postgres:latest
      POSTGRES_DB: guac
      POSTGRES_USER: guac
      - ./db:/var/lib/postgresql/data
      - ./initdb.sql:/docker-entrypoint-initdb.d/initdb.sql
    restart: unless-stopped

Thank you all for your help! I got this to work by tinkering around with unRAID. It turns out it wouldn’t work on the same IP as unRAID (presumably something else was occupying 8080 without me know). So what I did to fix the issue was use the br0 interface and assign Guacamole to instead of the default Works great! I hope this fixes the issue for anybody else that runs into the same problem.

I do have another question however. Would it be possible to bypass the login screen and go directly into the VM? I tried adding this to Caddyfile " proxy / (this link goes directly to the VM when I’m logged in locally). Then I realized there’s the Guac front end I need to bypass. Any ideas?

I haven’t done it myself, but this looks like exactly what you’re after!

Guacamole normally enforces authentication, requiring all users to have a corresponding set of credentials. If you would rather just type in your server’s URL and gain access to your computer, you can do this with the “noauth” extension.

– Chapter 6. Disabling authentication

Pretty scary putting remote access to your computer on the open internet, though!

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.