1. The problem I’m having:
We currently use caddy as a reverse proxy for our services. What’s new is that I need to make our LDAP server available to an external application with an SSL certificate.
I have found examples on the net that I can use nginx as an LDAPS proxy server, but I can’t find anything on whether this is also possible with caddy.
Is this possible with Caddy and if so, how?
2. Caddy version:
2.8.4
4. How I installed and ran Caddy:
a. System environment:
Ubuntu 22.04.3 LTS
Docker version 26.0.1, build d260a54
b. Command:
docker compose up -d caddy
c. compose file:
caddy:
image: caddy:alpine
container_name: caddy
restart: always
ports:
- 80:80
- 443:443
volumes:
- /data/caddy/data:/data
- /data/caddy/Caddyfile:/etc/caddy/Caddyfile
- /data/nextcloud/html:/var/www/html
- /data/nextcloud/apps:/var/www/html/custom_apps
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
links:
- nextcloud-app:nextcloud-app
- nextcloud-push:nextcloud-push
networks:
- proxy-net
d. My complete Caddy config:
cloud.mydomain.com {
file_server
php_fastcgi nextcloud-app:9000 {
# env modHeadersAvailable true
# env front_controller_active true
trusted_proxies private_ranges
}
root * /var/www/html
encode gzip
header Strict-Transport-Security max-age=15552000;
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /.xml
path /3rdparty/*
path /config/*
path /data/*
path /db_structure
path /README
path /lib/*
path /templates/*
path /occ
path /console.php
path /test.php
}
respond @forbidden "Access denied" 403 {
close
}
handle_path /push/* {
# rewrite * {path}
reverse_proxy http://nextcloud-push:7867
}
}
mail.mydomain.com {
reverse_proxy 192.168.0.10:80
}
mailer.mydomain.com {
reverse_proxy 192.168.0.14:80
}
5. Links to relevant resources:
Here is an example of how this could be solved with nginx: