I have facused on webmail.cfts.co for the test, works for the certificates,
2023/08/05 12:33:42.725 e[34mINFOe[0m tls.issuance.acme.acme_client authorization finalized {"identifier": "webmail.cfts.co", "authz_status": "valid"}
2023/08/05 12:33:42.726 e[34mINFOe[0m tls.issuance.acme.acme_client validations succeeded; finalizing order {"order": "https://acme-staging-v02.api.letsencrypt.org/acme/order/113593744/10131758864"}
2023/08/05 12:33:47.259 e[34mINFOe[0m tls.issuance.acme.acme_client successfully downloaded available certificate chains {"count": 2, "first_url": "https://acme-staging-v02.api.letsencrypt.org/acme/cert/fa4c9bcb35abc6ce3aae09a565f59a83fc9f"}
2023/08/05 12:33:47.263 e[34mINFOe[0m tls.obtain certificate obtained successfully {"identifier": "webmail.cfts.co"}
2023/08/05 12:33:47.264 e[34mINFOe[0m tls.obtain releasing lock {"identifier": "webmail.cfts.co"}
But unusable as a reverse proxy it seems, error: webmail.cfts.co redirected you too many times.
Since our system are all secured, ssl’ed, firewalled etc, is it possible to mascaraed/forward the requests? or some how make transparent the redirection.
I was hoping to use ‘caddy’ as a proxy server to streamline my use of public IP’s, maybe using the wrong tool for the wrong job?
UPDATE: Got it working, not sure the logic, I disable the HTTP>HTTPS on the mail server, as I suspect it was coursing a loop, which of course screws over the local (LAN) security, so not exactly a win.
Question: if sufficient public IP’s are available should one use caddy, for anything other than HTTP sites.
Question: is there a way to use this with sites that can only use HTTPS?
Question: can this be used this as a caching proxy.
Here my current/live config, to avoid messing with my other systems. I setup a separate IP and DNS record for the webmail side of the mail server, so it would not interfere with operations while I test.
With my current understanding, ‘Caddy’ is not a useful as I expected it to be, as this disconnects/ affects other operations within our mail system, so on first glance this is only useful for basic http websites/platforms, but still useful.
My current file in total is:
{
acme_ca https://acme-v02.api.letsencrypt.org/directory
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
webmail.cfts.co {
reverse_proxy 172.16.198.44:80
}