1. Caddy version (caddy version
):
2.4.6
2. How I run Caddy:
Debian Stable (11, “bullseye”), with apt.fury.io deb package under systemd.
Current Caddyfile:
{
acme_ca https://acme-v02.api.letsencrypt.org/directory
on_demand_tls {
ask http://localhost:1590/is_valid_domain.php
interval 2m
burst 5
}
}
https:// {
tls {
on_demand
}
reverse_proxy http://127.0.0.1:1580
log {
output file /var/log/caddy/caddy.log
}
}
I haven’t found any docs on this particular situation. At this time, i put a list of valid domain names on a file which is then read by the mentioned PHP script which all it does is check “Is the name on the parameters on the domain file?” and return 200 if so, then forwards it to an Apache install that actually handles things. This is a very handy setup which i love (no more issues with certificates ever! All just works!), but now i’ve run into the issue of wanting a particular domain or possibly two to be only accessible from a whitelist of IPs since it will only be for our internal use.
Is this possible? “If domain is whatever.example.com, only forward it if it comes from these IPs, for anything else just go ahead if the ask script judges it OK”? Or will i have to set up a different machine for this?