1. The problem I’m having:
Where to place, and how to configure, reverse proxy ssl certs with private key password?
2. Error messages and/or full log output:
Not getting any errors yet, trying to work out how to do it
3. Caddy version:
2.7.4 on MacOS
4. How I installed and ran Caddy:
https://ports.macports.org/port/caddy/
a. System environment:
MacOS Catalina on 2012 i7 Mac Mini
b. Command:
None Yet
d. My complete Caddy config:
None yet, still at planning stage
5. Links to relevant resources:
I need to set-up a reverse proxy to a number of individual hardware (MacOS) database servers that are all on subdomains to example.com
Google tells me Caddy might be the best solution and the easiest to configure.
My environment is all MacOS, I have downloaded and installed Caddy 2.7.4 via MacPorts, on a Mac Mini running Catalina.
I am now planning the configuration of the reverse proxy and trying to understand how to manage the SSL certificates.
DNS is managed by my ISP / IT Contractor. I have a commercial wildcard ssl cert issued by GoDaddy for: *.example.com
It is in 3 parts
123456.cert
123456.pem
bundle.cert
Research suggests I need to concatenate the two certs and place this and the pem in etc/ssl/ and add a line to the .caddy file
tls /etc/ssl/concatenate-bundle.cert /etc/ssl/123456.pem
With the correct DNS configuration this should give me https://proxy.example.com for the caddy server.
HOWEVER I don’t see any documention for how to place or manage the Reverse Proxy ssl certs for the 3x database servers, data1.example.com; data2.example.com; data3.example.com; each have the identical *.example.com ssl certs installed.
The database servers ssl pems are created via the certificate signing request/private key file/private key password process.
The database servers use the 3x certs: 123456.cert; bundle.cert; and key.pem (generated from 123456.pem using the private key password when installed). NOTE once I have generated key.pem I can copy it to the other database servers, because they are all using the identical set of wildcard certs for *.example.com
MY QUESTION IS: Where to place and how to configure the reverse proxy ssl certs for the database servers?
MAYBE THIS FOR EACH DATABASE SERVER? tls /etc/ssl/123456.cert /etc/ssl/bundle.cert /etc/ssl/key.pem
DO I NEED TO SCRIPT PROVIDING the private key password for key.pem, IF SO, HOW?
Thanks in advance for any help!