How do I configure reverse proxy with Heroku

1. Caddy version (caddy version):

v2

2. How I run Caddy:

a. System environment:

Heroku Dyno

b. Command:

I’m wondering how to set it up with Heroku.

c. Service/unit/compose file:

I’m not sure what this is.

d. My complete Caddyfile or JSON config:

domain.com

  reverse_proxy {
    to https://domain.com

    header_upstream X-Real-IP {remote}
    header_upstream X-Forwarded-For {remote}
    header_upstream X-Forwarded-Port {server_port}
    header_upstream X-Forwarded-Proto {scheme}
  }

3. The problem I’m having:

I’m trying to set up Caddy for my Heroku app, so that I can use it as a reverse proxy to route all requests to https.

I have created a Caddyfile, but what is the next step to make it work with my Heroku app?

4. Error messages and/or full log output:

I am wondering how to set it up.

5. What I already tried:

I have read through all web resources available, but there doesn’t seem to be any examples of how to set everything up.

6. Links to relevant resources:

Please fill out the help thread template. You haven’t given enough context for us to help.

Updated with the template.

I don’t use Heroku, so I couldn’t say. You also haven’t said what kind of app you’re trying to serve with Caddy.

These lines are not necessary. Caddy sets the appropriate headers automatically, see in the docs:

Also in Caddy v2, the option is called header_up, not header_upstream. You probably found instructions for Caddy v1. Caddy v2 is a complete rewrite and is fundamentally quite different.

This doesn’t really make sense. You can’t proxy to the same domain that you’re serving, otherwise you’ll just end up in an infinite loop.

Have you installed Caddy?

1 Like

It’s my first time setting up a reverse proxy, so I don’t know much about it.

I have a node app that is built with Sapper.

How would I write the Caddyfile to simply route http requests to https? Heroku uses dynamic IPs that change all the time.

Heroku dynos are virtualized Linux containers, but I haven’t really used any other platform. How would you typically run Caddy and a node app at the same time?

I think there are some terms to be clarified before delving into solving the problem of how to configure Caddy for your use-case.

Heroku is member of category of services known as PaaS (Platform-as-a-Service). This type of services handle the infrastructure for you, meaning it will take care of the OS, installing necessary prerequisite software/packages, and managing the traffic directed to your application. You must satisfy the needs of your app by what the service provides you, which might include managing the TLS certificates to enable HTTPS for the app. To cut the long story short, Heroku will enable HTTPS for your app within certain conditions. You must read these two pages of Heroku documentation site to understand the requirements:

That said, let me explain why Caddy isn’t compatible with Heroku. Caddy, as a web server, does not fit within Heroku. Heroku might be using it, or some other web server, as part of their infrastructure, but they don’t extend such control to the users. Caddy is intended for use on IaaS (Infrastructure-as-a-Service) and on-premise. Examples of IaaS include Azure, DigitalOcean, and Linode. IaaS is basically any provider who gives you access to remote virtual machine, and it’s up to you as the consumer to set it up to fit the needs of your application. Heroku does not give you such access. You tell Heroku what you need, give Heroku a packaging of your app, and Heroku will set up the necessary infrastructure in a manner that is invisible to you.

Image source: IaaS vs PaaS vs SaaS: Examples and How to Differentiate (2021)

Caddy assumes you have access to the OS to install and configure as necessary. The web server is responsible for serving the files requested by the browser, fetching part of the response from other server (i.e. reverse-proxy), manipulate the response, and reply to the client (browser). This is part of what Caddy does, which interferes greatly with Heroku’s own providing because it’s not intended for its class of providers.

If you’re using Heroku and it’s fulfilling your needs except for HTTPS, then you can have the S via Heroku themselves. You just had to find the right documentation pages.

4 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.