Help needed. Maybe unusual set up?

techjedialex · April 13, 2026, 3:17pm

What I assume you want is MasterPi reverse_proxying requests to the other three RasPis as per the diagram I referred to before (which don’t need to run Caddy, only whatever you want to host on them). The aforementioned Caddyfile is what you run MasterPi with, filling IP addresses and ports of what runs on the other three Pis. Do not bother with TLS on the three RasPis behind Caddy – as Caddy on MasterPi is reverse_proxying, it terminates TLS there and, as mentioned, connects itself to the given upstream addresses. Meaning, you need TLS certificates on MasterPi (which Caddy will get itself), but not on the other RasPis.

We could help you further with the ports (and maybe config on them) as well if you tell us what kind of applications you plan on running on Photos, IndoorPi and GardenPi.

George_Deal · April 13, 2026, 3:51pm

Hi Alex

Again many thanks.

I think I got there in the end. Had it not been for the very old RPI Model B+ not working with the new raspbian editions and sending me in all sorts of wrong directions, I would have got there days ago!! But such is life…

Now…

I am down to two working pies.

pifei on 192.168.1.110 being the master pi. This has a duckns of pifei.duckdns.org and connects to my router with the ports 80 and 443.
gardenpi on 192.168.1.235 is the garden pi. This has a duckdns of gardenrpi.duckdns.org.

I think caddy is so brilliant that I will use it on all my pies from now on and ditch apache. It is therefore installed on both pies.

The Caddyfile on the master pi looks like this:

:80 {
        redir * https://{host}{uri} 301
}

gardenrpi.duckdns.org {
        reverse_proxy http://192.168.1.235
        root * /usr/share/caddy

        # Enable the static file server.
        file_server
}

pifei.duckdns.org {
        respond * "Hello World this is pifei" 200 {
                close
        }
}

:443 {
        respond * "Access denied" 403 {
                close
        }
}

The master pi will not serve any files, just act as a http and https forwarding server.

Gardenpi (and for that matter all other pies) only act as file servers. For example the GardenPi will allow me to turn the water on/off, measure the outside temperature, etc. These actions will be controlled by my corresponding website. (Hope this makes sense!).

I have been running this already for many years and allows me to control my home when away.

One more question: Is there a way I could make this all sicure? Perhaps by adding a token to the http reverse_proxy?

Many thanks.

techjedialex · April 14, 2026, 6:50pm

As written before, this one is a config in the mindset of Apache/nginx, it is completely unnecessary with Caddy, please remove it. Caddy redirects automatically to HTTPS by default.

These are superfluous as well since everything is proxied to 192.168.1.235, anyway. You would include the file_server directive if you only proxy certain things to the backend, like PHP files to a FastCGI server. In such a scenario file_server would then serve static files like images, otherwise the whole site would be broken.

Heh heh. One more step towards my mission to eradicate Apache usage everywhere

Well..

turn Caddy into a Web Application Firewall with corazawaf.
block bot and (AI) scraper traffic with Anubis.
- or use something more “lightweight” like caddy-defender.

Some of these need you to compile Caddy yourself, though, or in the case of Anubis, jump through some hoops (as with Anubis a second service would be running in the background). The easiest to do ad-hoc would be an @aibots matcher (thread, GitHub) blocking all known AI scrapers.

George_Deal · April 15, 2026, 6:16am

Thank you for all the help, Alex!

I am making good progress.

Just trying to figure out how to use php files on the various pies.

I will be back if I need help!

George_Deal · April 16, 2026, 10:39am

Sorry, a little more help is needed….

Attached a diagram of my set up.

Caddy works! This is the gardenrpi.duckdns.org which calls the index.html page and works (as you can see).

However…

https://indoorpi.duckdns.org/index.html , which is running apache2 and also calls an index.html page. Doesn’t work. Why

The Caddyfile on the RPI Zero 2 W (master) is:

gardenrpi.duckdns.org {
        reverse_proxy http://192.168.1.235
        root * /var/www/html

        # Enable the static file server.
        file_server
}

indoorpi.duckdns.org {
        reverse_proxy http://192.168.1.246
        root * /var/www/html

        # Enable the static file server.
        file_server
}

So, the only difference between indoor and garden is that one is running apache2 and the other is running caddy.

Any help, as always, greatly appreciated!

UPDATE:

So on 192.168.1.235 (GardenPi running caddy), I have now installed php-fpm (sudo apt-get install php-fpm).

I executed ‘grep -r “listen =” /etc/php/*/fpm/pool.d/’ to find that fpm is listening to 127.0.0.1:9001.

So, I edited the Caddyfile with this:

:80 {
        # Set this path to your site's directory.
        root * /usr/share/caddy

        # Enable the static file server.
        file_server

        # Another common task is to set up a reverse proxy:
        # reverse_proxy localhost:8080

        # Or serve a PHP site through php-fpm:
        #php_fastcgi 127.0.0.1:9001
        @phpFiles path *.php
        reverse_proxy @phpFiles 127.0.0.1:9001 {
                transport fastcgi {
                        split .php
                }
        }
}

I tried both fastcgi and @phpFilesphpFiles but both still fail.

The file I am trying to access is https://gardenrpi.duckdns.org/php-info.php –> doesn’t work

However, Caddy works! –> works!!

Surely, it can’t be that hard to serve a php file???

techjedialex · April 20, 2026, 12:52pm

Please stop Caddy, use php_fastcgi exactly as written on the line above reverse_proxy and start it manually (e.g. cd /etc/caddy/ && sudo caddy run) and retry browsing to the URL.

Provide the log output of this run if it doesn’t work. The PHP-FPM logs would be nice, too.

George_Deal · April 22, 2026, 10:31am

Hi Alex

Thanks for all your help.

For the moment I have to stop the work on this, and will restart in September.

The watering system for the indoor plants and garden works fine with apache, I was just looking to make it better and I am sure it will be with Caddy once I have figured it out comletely.

Maybe, by then, there will also be better help/tutorials available on the internet.