1. The problem I’m having:
Client to caddy have certs and uses https by default, dns challenge. Im having trouble with caddy to backend https. Like proxmox and other services uses self signed certification. Which caddy doesn’t not trust. I use tls_insecure_skip_verify but I heard it is not recommended. How do I make certs for caddy to trust my backend services?
3. Caddy version:
v2.11.4
4. How I installed and ran Caddy:
apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list
chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg
chmod o+r /etc/apt/sources.list.d/caddy-stable.list
apt update
apt install caddy
systemctl stop caddy
curl -o caddy 'https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com%2Fcaddy-dns%2Fduckdns'
chmod +x caddy
dpkg-divert --divert /usr/bin/caddy.default --rename /usr/bin/caddy
mv ./caddy /usr/bin/caddy.custom
update-alternatives --install /usr/bin/caddy caddy /usr/bin/caddy.default 10
update-alternatives --install /usr/bin/caddy caddy /usr/bin/caddy.custom 50
a. System environment:
debian systemd
c. Service/unit/compose file:
{
acme_dns duckdns {env.DUCKDNS_API_TOKEN}
}
technitium.penguin.duckdns.org {
reverse_proxy https://192.168.1.13:5380 {
transport http {
tls_insecure_skip_verify
}
}
proxmox.penguin.duckdns.org {
reverse_proxy https://192.168.1.10:8006 {
transport http {
tls_insecure_skip_verify
}
header_up Host {hostport}
}
}