How to Configure a Caddy Reverse Proxy to Allow Access to Network Devices

1. The problem I’m having:

I recently installed Candy on my Ubuntu machine. I need assistance setting up a reverse proxy so that I may access my network devices via secure HTTPS. In my network, I have switches and access points, and each device is mapped through a private address, such as 10.10.0.0, and we are currently accessing all of the devices via browser and receiving a not secured symbol. I want to use the caddy server to secure this so that everytime we access any device, it shows a secure icon rather than not being secured with a correct certificate. Can somebody tell me how I can accomplish this and set up the caddy file?

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

I installed Caddy on my Ubuntu PC using the URL provided below.

a. System environment:

Ubuntu 20.04.6 LTS

b. Command:

I installed caddy using the commands shown below.
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https

curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/gpg.key’ | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg

curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt’ | sudo tee /etc/apt/sources.list.d/caddy-stable.list

sudo apt update
sudo apt install caddy

d. My complete Caddy config:

The Caddyfile is an easy way to configure your Caddy web server.

Unless the file starts with a global options block, the first
uncommented line is always the address of your site.

To use your own domain name (with automatic HTTPS), first make
sure your domain’s A/AAAA DNS records are properly pointed to
this machine’s public IP, then replace “:80” below with your
domain name.

firewall.localhost

    # Set this path to your site's directory.
    root * /usr/share/caddy

    # Enable the static file server.
    file_server

@matt Can you please help on this, if possible.

I glanced at this a few days ago, but the help template is missing sections and not really readable, so I can’t make heads or tails of the post. If you could revise.your post to fill out the help template and make it look nice it’ll be easier to follow what’s going on. I’m not really sure how to connect the dots as-is.

1. The problem I’m having:

Recently installed Candy on my Ubuntu machine. I need assistance setting up a reverse proxy so that I may access my network devices via secure HTTPS. In my network, I have switches and access points, and each device is mapped through a private address, such as 10.10.0.0, and we are currently accessing all of the devices via browser and receiving a not secured symbol. I want to use the caddy server to secure this so that everytime we access any device, it shows a secure icon rather than not being secured with a correct certificate. Can somebody tell me how I can accomplish this and set up the caddy file?
@matt Please help.

2. Error messages and/or full log output:

There is no error because first I need a information how I can achieve above requirement using Caddy file.

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

I installed caddy using the commands shown below.

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https

curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/gpg.key’ | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg

curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt’ | sudo tee /etc/apt/sources.list.d/caddy-stable.list

sudo apt update
sudo apt install caddy

a. System environment:

Ubuntu 20.04.6 LTS

b. Command:

caddy run and sudoedit /etc/caddy/Caddyfile

d. My complete Caddy config:

172.16.13.20
reverse_proxy 10.10.10.10:80.

5. Links to relevant resources:

Make sure your syntax is correct. The period at the end there will cause an error.


The help template has instructions for showing requests that aren’t working that you expect to be working. Please show us curl commands because that will help us know what you are trying to do and exactly what errors you are getting.

So you haven’t even tried running your Caddy config yet?

Hi,

Thanks for your reply. No, I am unable to configure my caddy file since I am unsure how I will meet my requirements and how the caddy file should be configured. I did some research and made some adjustments to the caddy file yesterday, but it is still not working. If you look at my caddy file configuration below, you will notice that I have entered three local IP addresses, two of which are running on the same ports, 443. Currently, all of my devices utilize self-signed certificates, but I’m considering of centralizing management with caddy proxy. That is, I want all of my devices to receive certificates from caddy rather than self-signed certificates.

Error messages and/or full log output:

idfyinfra@LA-255:~$ systemctl status caddy.service
● caddy.service - Caddy
Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2023-07-11 11:29:27 IST; 18s ago
Docs: Welcome — Caddy Documentation
Process: 3076 ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile (code=exited, status=1/FAILURE)
Main PID: 3076 (code=exited, status=1/FAILURE)

Jul 11 11:29:27 LA-255 caddy[3076]: LOGNAME=caddy
Jul 11 11:29:27 LA-255 caddy[3076]: USER=caddy
Jul 11 11:29:27 LA-255 caddy[3076]: INVOCATION_ID=346b67884cce43b4ba3c41d086ad671d
Jul 11 11:29:27 LA-255 caddy[3076]: JOURNAL_STREAM=8:58777
Jul 11 11:29:27 LA-255 caddy[3076]: {“level”:“info”,“ts”:1689055167.163001,“msg”:“using provided configuration”,“config_file”:“/etc/caddy/Caddyfile”,“config_adapter”:“”}
Jul 11 11:29:27 LA-255 caddy[3076]: {“level”:“warn”,“ts”:1689055167.1633763,“logger”:“caddyfile”,“msg”:“Using a path in a site address is deprecated; please use the ‘handle’ directive instead”,“address”>
Jul 11 11:29:27 LA-255 caddy[3076]: Error: adapting config using caddyfile: hostname appears in more than one automation policy, making certificate management ambiguous: *
Jul 11 11:29:27 LA-255 systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Jul 11 11:29:27 LA-255 systemd[1]: caddy.service: Failed with result ‘exit-code’.
Jul 11 11:29:27 LA-255 systemd[1]: Failed to start Caddy.

My complete Caddy config:

172.16.13.20 {
reverse_proxy 10.10.10.10:443
reverse_proxy 10.10.10.1:17322
reverse_proxy 10.10.20.10:443
}

Remarks:

172.16.13.20 - This is the IP address of the server where caddy server is installed.

@matt Have you had the chance to review?
@francislavoie Not sure, but perhaps you could check into this and assist us in configuring the Caddy file. Because you all have a lot of experience.

This is telling caddy to revers proxy the request to 172.16.13.20 to three different backends. This will certainly cause errors. You cannot forward and IP to multiple backends with the same port. For that you need to use domains. This would be an example…

server1.homedomain.com {
     reverse proxy 10.10.10.10:43
}
server2.homedomain.com {
     reverse proxy 10.1.10.1:17322
}
server3.homedomain.com {
     reverse proxy 10.10.20.10:443
}

You would also need to make sure that all these domains resolve to your caddy IP.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.