On demand SSL: Caddy behind AWS Load balancers

1. Caddy version (caddy version):

v.2.4.6

2. How I run Caddy:

a. System environment:

Ubuntu 18.04

b. Command:

systemctl start caddy

d. My complete Caddyfile or JSON config:

{
        on_demand_tls {
                # ask https://xyz.com/verify_domain
                interval 2m
                burst 5
        }

        storage redis {
                address       "lmn.com:6379"
                username      ""
                password      ""
                db            1
                key_prefix    "test-caddytls"
                value_prefix  "caddy-storage-redis"
                timeout       5
         }
}

https:// {
        reverse_proxy https://abc.com {
                header_up Host {http.reverse_proxy.upstream.hostport}
                header_up X-Real-IP {http.reverse-proxy.upstream.address}
                header_up X-Forwarded-Port {http.request.port}
                header_up X-Forwarded-Host {http.request.host}
                health_timeout 5s
        }

        tls {
                on_demand
        }
}

http:// {
        respond /health "I'm healthy!"
}

3. The problem I’m having:

Configuring Caddy as a reverse proxy in EC2 to work behind AWS load balancers.
This involves setting up and configuring AWS load balancers (application/network LB), Targets groups (ports + health checks).

5. What I already tried:

With the above Caddyfile, my current configuration includes the following:

  • EC2 with Target group: HTTP port 80 & health check HTTP Port 80 /health
  • Application Load balancer: HTTP 80 and HTTPS 443 listeners

6. Links to relevant resources:

Looks like this post by @Moe had a similar discussion. Would love to know the final configuration that worked here.

I don’t understand. What’s not working? What behaviour are you seeing instead? What do you see if you make requests with curl -v? What’s in your logs?

Make sure AWS is configured in TCP mode (not HTTP) so that it doesn’t try to terminate TLS.

1 Like

@francislavoie Thanks for your reply. Let me try this and get back to you with my config and logs if I’m still seeing any issues.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.