HTTPS SRV upstream for reverse proxy

hypermind · August 16, 2023, 12:25am

I cannot make SRV upstream work in HTTPS mode in the recent version of Caddy. In previous versions, the following short directive worked as expected:

api.example.com {
  route {
    reverse_proxy srv+https://_https._tcp.hello.services.example.com {
    }
  }
}

However, in Caddy 2.7.3 it no longer works with the following error:

"dial tcp: lookup _https._tcp.hello.services.example.com on [fdaa::3]:53: no such host"

DNS SRV record:

> dig +short srv _https._tcp.hello.services.example.com
0 0 443 p02.host.example.com.

Another approach seems to solve the issue with DNS lookup:

api.example.com {
  route {
    reverse_proxy {
      dynamic srv {
         name hello.services.example.com
         service https
         proto tcp
      }
    }
  }
}

But Caddy then uses HTTP instead of HTTPS, despite the specified https service and 443 port in the SRV DNS record.

Is there a way to make an SRV upstream work with HTTPS protocol?

francislavoie · August 16, 2023, 1:15am

You need to add this:

transport http {
	tls
}

Using https:// is a shortcut for configuring the transport. See reverse_proxy (Caddyfile directive) — Caddy Documentation which explains.

system · September 15, 2023, 1:15am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.