Is there a way to pass paramaters to Caddy for it to dynamically use for reverse_proxy

I currently have something hardcoded like so: reverse_proxy https://****.com.

Is there a way I can pass it info from my API, and then use it to dynamically set the reverse_proxy?

Thanks.

Could you be more specific about how you’d pass in the info? This is a bit lacking on detail. What heuristics do you expect to use to populate it?

There is some work being done to improve the reverse_proxy module to support dynamic upstreams, which might allow you to do what you need, but what you want to might already be possible, depending on your requirements.

My apologies. So what I’m trying to achieve: The main goal is to issue and SSL and cloak a domain.

  1. Caddy issues them an SSL
  2. Caddy talk to our API and the API will return the domain URL we want to cloak.
  3. Caddy uses that URL returned in a reverse proxy?

Not sure if that makes sense? But we want to dynamically set the reverse_proxy that’s sent from our API.

Thanks.

What do you want the request to your API to contain? How do you want to make the decision of what upstream address to return? Is it based on the request path? Based on the hostname? Do you really need to make a request to your API for every incoming request that Caddy receives (this would double the amount of request Caddy would make to your backends)?

There might be a way to do what you need without reaching out to your API, but it depends why you need to reach out to your API.

1 Like

So we reach out to our API the first time, to make sure we can issue the SSL. API will give it the OK.

The second time, the API will return the URL we want to be masked.

Could this just be done in 1 request?

Okay, so you’re talking about On-Demand TLS I assume. Yes, that’s fine.

I’m not sure what you mean by “masked” here. What does this mean? Caddy doesn’t leak where it sends the request upstream (that would be silly).

No, those are separate pieces of the puzzle. The ask endpoint is in a separate part of the system from reverse_proxy.

The ask endpoint is also only called when Caddy doesn’t have a certificate and wants to try to have one issued. Once Caddy has a certificate, it doesn’t call that endpoint again until the cert expires.

1 Like