How to reverse proxy all subdomains to local processes with different ports?

1. Caddy version (caddy version):

2.3.0 (caddy:latest dockerhub image)

2. How I run Caddy:

Caddy runs on a docker container (with ports 80 and 443 open) at local IP address 172.17.0.5
domain (just serving a testpage): https://warcraft-gym.com.
subdomains: “mongo." "backend.” “portainer.*” - which are all serving exactly the services they describe (backend is a node express app).

a. System environment:

Azure VM, 18.04 Ubuntu, caddy:latest image on docker, ports 80 and 443 open. Domain is provided by GoDaddy.

b. Command:

It runs via the default docker image, no modifications except to set the volumes, as per this guide, which I followed:

c. Service/unit/compose file:

caddy:latest with no modifications.

d. My complete Caddyfile or JSON config:

warcraft-gym.com {
    root * /usr/share/caddy

    file_server
}

mongo.warcraft-gym.com {
    reverse_proxy 172.17.0.6:27017
}

portainer.warcraft-gym.com {
    reverse_proxy 172.17.0.2:9000
}

backend.warcraft-gym.com {
    reverse_proxy 172.17.0.4:3000
}

3. The problem I’m having:

My main domain seems to work fine, however my subdomains appear to be connecting directly and not as expected.
portainer.warcraft-gym.comwarcraft-gym.com:9000

What I expect is for caddy to serve the process running in its own docker @ local IP 172.17.0.2:9000 via port 443 to the outside world. This doesn’t seem to be happening?

I’ve seen other setups running portainer or other webui interfaces via local processes running on something other than 80 or 443 with SSL, so I’m not sure what I’m missing here.

4. Error messages and/or full log output:

There aren’t really any errors that I can find, just for some reason I think I have my setup wrong.

Looking at the caddy containers logs, it looks like the certificates are being received for my subdomains (I copied every line referencing the portainer subdomain, its the same for mongo/backend subdomains:)

{"level":"info","ts":1617878134.3051085,"logger":"tls.obtain","msg":"acquiring lock","identifier":"portainer.warcraft-gym.com"},
{"level":"info","ts":1617878134.305324,"logger":"tls.obtain","msg":"lock acquired","identifier":"portainer.warcraft-gym.com"},
{"level":"info","ts":1617878134.3060715,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["portainer.warcraft-gym.com"]},
{"level":"info","ts":1617878134.3061519,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["portainer.warcraft-gym.com"]},
{"level":"info","ts":1617878135.324884,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"portainer.warcraft-gym.com","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"},
{"level":"info","ts":1617878135.5791478,"logger":"tls","msg":"served key authentication certificate","server_name":"portainer.warcraft-gym.com","challenge":"tls-alpn-01","remote":"18.196.96.172:34702","distributed":false},
{"level":"info","ts":1617878135.7058127,"logger":"tls","msg":"served key authentication certificate","server_name":"portainer.warcraft-gym.com","challenge":"tls-alpn-01","remote":"3.22.70.135:41306","distributed":false},
{"level":"info","ts":1617878135.78391,"logger":"tls","msg":"served key authentication certificate","server_name":"portainer.warcraft-gym.com","challenge":"tls-alpn-01","remote":"34.211.6.84:64358","distributed":false},
{"level":"info","ts":1617878135.8473635,"logger":"tls","msg":"served key authentication certificate","server_name":"portainer.warcraft-gym.com","challenge":"tls-alpn-01","remote":"64.78.149.164:65410","distributed":false},
{"level":"info","ts":1617878137.0114253,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"portainer.warcraft-gym.com"},
{"level":"info","ts":1617878137.0115216,"logger":"tls.obtain","msg":"releasing lock","identifier":"portainer.warcraft-gym.com"},
{"level":"info","ts":1617878611.5199544,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["*.warcraft-gym.com","portainer.warcraft-gym.com","backend.warcraft-gym.com","mongo.warcraft-gym.com"]},
{"level":"info","ts":1617878470.268824,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["portainer.warcraft-gym.com","backend.warcraft-gym.com","mongo.warcraft-gym.com","warcraft-gym.com"]},
{"level":"info","ts":1617878134.2905104,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["teamspeak.warcraft-gym.com","portainer.warcraft-gym.com","backend.warcraft-gym.com","mongo.warcraft-gym.com","warcraft-gym.com"]}

5. What I already tried:

Tried various trial-and-error solutions from this forum, looking at anything with reverse proxys. I read the docs and a few medium articles. Honestly though, I tried caddy because I don’t know much about webservers, so I was just hoping for a nudge in the right direction, as I suspect my config is not correct somehow.

6. Links to relevant resources:

I followed this guide for setup:

1 Like

Ok, I’m an idiot, this was a DNS issue, I resolved it with A entries for my subdomains. Sorry for bothering you guys, and thanks for the great service!

I heard about it on the Syntax podcast and it’s already made my life 1000x easier.

2 Likes

Glad you found us, and that you figured it out!

1 Like

Just FYI a CNAME sub.domain.com that answers with domain.com should also do the trick.
I try to use CNAME over A wherever possible.

This topic was automatically closed after 30 days. New replies are no longer allowed.