Making a https local domain for local service

1. Output of caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

I have a local file server started using python with the command

python -m http.server and it starts at localhost:8000 and i accessed it with http://localhost:8000 and it works.

I want to reverse proxy it to a local domain so I can access it let’s say via kamal.local

a. System environment:

OS: Windows 11

b. Command:

caddy run

c. Service/unit/compose file:

Not using docker

d. My complete Caddy config:

kamal.local {
    reverse_proxy localhost:8000

3. The problem I’m having:

Browser doesn’t resolve. Curl also doesnt resolve

C:\Users\Kamal>curl -v https://kamal.local
* Could not resolve host: kamal.local
* Closing connection 0
curl: (6) Could not resolve host: kamal.local

4. Error messages and/or full log output:

2022/12/10 01:58:37.354 INFO    using adjacent Caddyfile
2022/12/10 01:58:37.359 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//"]}
2022/12/10 01:58:37.359 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000591a40"}
2022/12/10 01:58:37.359 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2022/12/10 01:58:37.360 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2022/12/10 01:58:37.361 INFO    tls     cleaning storage unit   {"description": "FileStorage:C:\\Users\\Kamal\\AppData\\Roaming\\Caddy"}
2022/12/10 01:58:37.362 INFO    tls     finished cleaning storage units
2022/12/10 01:58:37.372 INFO    root certificate is already trusted by system   {"path": "storage:pki/authorities/local/root.crt"}
2022/12/10 01:58:37.372 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2022/12/10 01:58:37.372 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2022/12/10 01:58:37.372 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2022/12/10 01:58:37.372 INFO    http    enabling automatic TLS certificate management   {"domains": ["kamal.local"]}
2022/12/10 01:58:37.375 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [kamal.local]: no OCSP server specified in certificate", "identifiers": ["kamal.local"]}
2022/12/10 01:58:37.375 INFO    autosaved config (load with --resume flag)      {"file": "C:\\Users\\Kamal\\AppData\\Roaming\\Caddy\\autosave.json"}
2022/12/10 01:58:37.375 INFO    serving initial configuration

5. What I already tried:

I tried using mac also doesnt work. I’m on windows now but it also doesnt work, tried adding tls internal also doesnt work.

6. Links to relevant resources:

tried following this tutorial, seems simple but unfortunately i cant replicate it

Try kamal.localhost.

Most systems don’t resolve *.local to your localhost. But *.localhost does usually work in browsers (they directly map those *.localhost domains to localhost, and don’t try to use DNS to resolve them).


Cool it works! But it only works in my computer. Is there any way for other device on my network to be able to access kamal.localhost too? So I can have memorable DNS for other device to access my local computer file server.

I tried using <mycomputer_local_ip>:8000 on other device it works, but kamal.localhost doesn’t

No. That domain would only work from the same machine.

If you want all machines on your network to use a domain to route to your server, then you need to run a DNS server. You could run CoreDNS, for example. Or if you also want DNS ad blocking, you could run pihole or AdGuard which also act as DNS servers, and they can let you configure additional domain name rules.

Or you could use a public DNS by buying a domain, or using a free service like DuckDNS, and that would let you avoid running a DNS server.

But keep in mind, HTTPS on your local network requires extra steps. If you’re letting Caddy issue certificates using its internal CA, then you need to copy the root CA cert and add it to the trust store of each machine that you’ll want to let connect to your server, otherwise you’ll just get trust warnings/errors on those machines, since they won’t trust the certificate Caddy is serving to them.

Or you could get a certificate from a public ACME issuer (like Let’s Encrypt or ZeroSSL); either you make your server accessible publicly to make this easy, or you can use the DNS challenge (which involves building Caddy with a plugin for your DNS provider of choice) to prove you control that domain to the ACME issuer. Caddy automates the rest of the issuance process.

So it’s up to you. There’s a ton of options, but they all depend on what you want to do.


Got it! Thanks for the elaborate answer. I’ll look around for what’s available and look through my options. Appreciate all the help thanks! :slight_smile:

1 Like

Best, more simple solution is setting DNS rules in your modem/router so that kamal.localhost (or whatever) resolves to the local IP of your pc.

That, given you don’t have a weird DNS or VPN setup.

1 Like

That wouldn’t work. Modern browsers explicitly resolve *.localhost to or ::1 and ignore DNS entirely.

Yeah, but he could set up any domain that way like .myhome or whatever, which still is the easiest solution.

Very few consumer routers support configuring individual domain overrides though. Which is why I recommended running your own DNS server.

This topic was automatically closed after 30 days. New replies are no longer allowed.