Is it possible to proxy HTTPS traffic to a HTTPS server?

(WoJ) #1

I proxy a few sites in a typical way:

https://onesite.example.com {
    proxy / http://anothersite.example.com
}

I tried to proxify HTTPS to HTTPS:

https://someothersite.example.com {
    proxy / https://yetanothersite.example.com
}

I used this configuration and it was accepted by caddy, but the proxification did not work out of the box. Before jumping into debugging I just wanted to make sure that it is technically (from a TLS perspective) possible.

(Matt Holt) #2

The certificate has to be valid and trusted, etc, etc. Otherwise it should “just work.” There might be a problem with the TLS connection. The logs should tell you more (use the errors directive).

(WoJ) #3

Thank you. With this I dived into the configuration etc. and finally realized that I mistyped a docker port redirection. I wanted to avoid hitting some “protocol wall” without fully understanding the reasons and your reply cleared this concern out.

I will have to read a bit what such forwarding means. It seems that this is a termination (on the endpoint), and then creation of a new TLS connection (to the backend) - with the intermediate part being in clear text. It does not matter at all for this home connection though.