I have always used caddy for very simple 2/3 liner reverse proxy use cases like accessing my jellyfin & other services on my domain which has worked flawlessly. Currently, i need to use reverse proxy for a very simple but different usecase and i am unable to get it working the way i want.
I have 2 VPS, lets call them VPS A & VPS B. I want to send a request to this API on VPS A - curl -v https://api.telegra.ph/getPageList?...
but this api domain (api.telegra.ph) is inaccessible from there and works totally fine on VPS B. So i want to host a reverse proxy server on VPS B pointing to this api so that i can access it on VPS A by sending a request to this proxy server which forwards request to this api.
I have deployed Caddy on VPS B with the following Caddyfile
:8001 {
tls internal {
on_demand
}
# Basic Authentication
basic_auth /* {
user HASHED_PASS
}
# Proxy requests to the Telegraph API
reverse_proxy https://api.telegra.ph {
header_up Host {host}
}
}
On VPS B itself, when i directly send a request to this api, it returns the i requested info
curl -v https://api.telegra.ph/getPageList?access_token=d3b25feccb89e508a9114afb82aa421fe2a9712b963b387cc5ad71e58722&limit=3
But sending a request to the proxy server doesn’t return any info at all
curl -k -u $USER:$PASS -v https://localhost:8001/getPageList?access_token=d3b25feccb89e508a9114afb82aa421fe2a9712b963b387cc5ad71e58722&limit=3
* Trying 127.0.0.1:8001...
* Connected to localhost (127.0.0.1) port 8001 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: [NONE]
* start date: Feb 6 06:44:39 2025 GMT
* expire date: Feb 6 18:44:39 2025 GMT
* issuer: CN=Caddy Local Authority - ECC Intermediate
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* using HTTP/2
* Server auth using Basic with user '$USER'
* h2h3 [:method: GET]
* h2h3 [:path: /getPageList?access_token=d3b25feccb89e508a9114afb82aa421fe2a9712b963b387cc5ad71e58722]
* h2h3 [:scheme: https]
* h2h3 [:authority: localhost:8001]
* h2h3 [authorization: Basic cHpwOjEyMzQ=]
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0xaaab00f5caf0)
> GET /getPageList?access_token=d3b25feccb89e508a9114afb82aa421fe2a9712b963b387cc5ad71e58722 HTTP/2
> Host: localhost:8001
> authorization: Basic cHpwOjEyMzQ=
> user-agent: curl/7.88.1
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 302
< alt-svc: h3=":8001"; ma=2592000
< cache-control: no-store
< content-type: text/html; charset=UTF-8
< date: Thu, 06 Feb 2025 12:24:32 GMT
< location: https://core.telegram.org
< pragma: no-cache
< server: Caddy
< server: nginx/1.20.1
< strict-transport-security: max-age=31536000; includeSubDomains; preload
< x-redirect-host: localhost
<
* Connection #0 to host localhost left intact
Its not returning anything on VPS B (localhost) itself so there’s no point testing it anywhere else.
I am not even sure if this is the correct way to do it so would appreciate some help.
CADDY_VERSION=v2.9.1 (Installed using Docker)
OS - Debian 12 (bookworm)
PS / That access_token
is public so not a problem in sharing it.