1. The problem I’m having:
I’d like to be able to access a certain service on my server, but only through a LAN IP. I was able to achieve this with nginx reverse proxy, but I’m having trouble doing it here. Everytime I try to access it from a LAN IP, it says “403 Access Denied”. I’m afraid I lack the knowledge to successfully do this in Caddy.
Removing the private import part fixes it, but ofcourse I don’t want this page to be accessible over the whole internet.
2. Error messages and/or full log output:
{"level":"debug","ts":1719324777.0622535,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"192.168.1.125","remote_port":"51958","subjects":["subdomain.example.org"],"managed":true,"expiration":1727015763,"hash":"d9caaa5aa6db8dde1f5f0c6517916aa019e1d3f5c18208d01509790cfd7e0e99"}
3. Caddy version:
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
4. How I installed and ran Caddy:
Docker compose
a. System environment:
Distributor ID: | Debian |
---|---|
Description: | Debian GNU/Linux 12 (bookworm) |
Release: | 12 |
Codename: | bookworm |
Docker version 27.0.1, build 7fafd33
b. Command:
docker-compose up -d
c. Service/unit/compose file:
services:
caddy:
container_name: caddy
build: .
restart: unless-stopped
networks:
- proxy
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- /path/to/docker/caddy/Caddyfile:/etc/caddy/Caddyfile
- /path/to/docker/caddy/site:/srv
- /path/to/docker/caddy/data:/data
- /path/to/docker/caddy/config:/config
networks:
proxy:
external: true
d. My complete Caddy config:
{
email <MY EMAIL>
acme_dns cloudflare <CF API KEY>
debug
}
(private) {
@allowed {
remote_ip 192.168.1.0/24
}
}
example.org {
reverse_proxy localhost:80
}
subdomain.example.org {
import private
reverse_proxy @allowed my-application:8080
respond / "Access Denied" 403
}