How to use caddy to terminate ssl on the client side

1. Caddy version (caddy version): caddy: 2.4.2

2. How I run Caddy:

# Dockerfile
FROM caddy:latest
COPY Caddyfile  /etc/caddy/Caddyfile
# Caddyfile
docker build -t caddy-tmp .
docker run -p 80:80 caddy-tmp

3. The problem I’m having:

I have a client that does not support https and a server that only does https. I was thinking I could use caddy running locally to bridge this gap. Does what I am doing make sense? Why does every request result in a 404?

4. Error messages and/or full log output:

$ curl localhost 
<!DOCTYPE html>
<html lang=en>
  <meta charset=utf-8>
  <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
  <title>Error 404 (Not Found)!!1</title>
    *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(// 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(// no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(// no-repeat 0% 0%/100% 100%;-moz-border-image:url(// 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(// no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
  <a href=//><span id=logo aria-label=Google></span></a>
  <p><b>404.</b> <ins>That’s an error.</ins>
  <p>The requested URL <code>/</code> was not found on this server.  <ins>That’s all we know.</ins>

Google is probably responding with 404 because it doesn’t answer requests for Host: localhost.

Right, so this is probably a header issue then? Would it make sense to try and game the headers to get this working?

Yeah, it’s not too uncommon that backends expect certain Host headers.

Inside your reverse_proxy directive:

header_up Host {http.reverse_proxy.upstream.hostport}

(This is the general way. You could just set it to header_up Host in your case.)

This is documented in the examples here:

Set the upstream Host header to the address of the upstream (by default, it will retain its original, incoming value):

reverse_proxy localhost:9000 {
    header_up Host {http.reverse_proxy.upstream.hostport}
1 Like

Got it, thanks!

This topic was automatically closed after 30 days. New replies are no longer allowed.