When running Caddy with the provided systemd service, /tmp is actually isolated under a different subdirectory, because the service file has the option PrivateTmp=true
What this does is transparently isolate /tmp under a directory like /tmp/systemd-private-<some-hash>-caddy.service-<some-hash>.
Run ls /tmp/systemd* and you should see those directories.
A better location for your logs though, would be /var/log/caddy/notification_sell.log, since the /var/log/caddy directory is automatically created by the apt repo with the correct permissions.
See the section on headers in the reverse_proxy docs:
Problems, or things to improve:
Using a placeholder for header_up Host is beneficial because it avoids duplication of your hostname in your config.
X-Real-IP is not usually used by most applications, X-Forwarded-For is more typically used.
Caddy already sets X-Forwarded-For automatically, and more intelligently. The “correct” thing to do is actually to append the remote address to an existing X-Forwarded-For header if it exists, in case some other proxy happened to be in front of Caddy. This doesn’t typically happen, but it can, so best to just let Caddy do its thing.
X-Forwarded-Port shouldn’t be necessary. It’s redundant, because Caddy received the request on port 443 and proxied it on port 443. Upstream apps rarely care about this anyways, especially if Caddy is being served over the default HTTP and HTTPS ports, 80 and 443. X-Forwarded-Proto is more useful for the upstream (and Caddy sets this automatically) so that it’s aware that the original request was HTTPS, so it knows to use https:// in URLs in the response.
transport http {tls} is not valid syntax. Transports don’t take arguments (i.e. {tls} in this case), but can be configured via options within the block. But in this case, it’s not necessary to configure any of the transport options. Using https:// in your upstream address implicitly tells Caddy to enable tls for the http transport. Also, there’s no such thing as the {tls} placeholder (see the list of Caddyfile placeholder shortcuts – it’s not on that list Caddyfile Concepts — Caddy Documentation). The correct syntax would be the following (but not necessary here as I said because of https://):
transport http {
tls
}
Also to note, if you upgrade to v2.4.5, which is now available, you can shorten it to this: