I am trying to setup a caddy docker container to allow me to view a web app by IP and a domain name, where the web app will only accept one hostname. As the web app only allows one hostname, I have been able to setup the caddyfile for the domain with tls terminating on the server. Where I am currently stuck, is a way to load the web app on the IP by overriding the host to the domain.
The below code is what I have in my Caddyfile that allows the domain to view the web app through reverse proxy.
domain.com {
tls /data/certificate.pem /data/key.pem
reverse_proxy 127.0.0.1:5000
}
Below is where I am stuck
https://X.X.X.X (Public IP) {
tls /data/ip-cert/certificate.crt /data/ip-cert/private.key {
ca /data/ip-cert/ca_bundle.crt
}
reverse_proxy {
to 127.0.0.1:5000
header_up Host domain.com
header_up X-Forwarded-Host domain.com
}
}```
The above script is what I have seen in a few forums to be able to override the hostname, however this does not change, and cannot think of another solution without overriding the hostname.
The domain points to a load balancer, that sends the https request to the server which has caddy installed. The public IP is used for the health check to verify the web app is available. (I do not have another option for this health check as this is done by the provider of the load balancer and cannot be changed, hence the need for the public IP to load the web app).
Below is an example log when viewing from the public IP.
2024/05/29 21:56:08.544 ERROR http.log.access.log0 handled request {“request”: {“remote_ip”: “[X.X.X.X]”, “remote_port”: “52982”, “client_ip”: “[X.X.X.X]”, “proto”: “HTTP/2.0”, “method”: “GET”, “host”: “[IP OF THE SERVER IN WHICH I LOAD IN THE BROWSER]”, “uri”: “/”, “headers”: {“Sec-Ch-Ua-Platform”: [“"macOS"”], “User-Agent”: [“Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36”], “Cookie”: , “Sec-Fetch-User”: [“?1”], “Accept-Encoding”: [“gzip, deflate, br, zstd”], “Accept-Language”: [“en-GB,en-US;q=0.9,en;q=0.8”], “Priority”: [“u=0, i”], “Sec-Ch-Ua-Mobile”: [“?0”], “Upgrade-Insecure-Requests”: [“1”], “Sec-Fetch-Mode”: [“navigate”], “Cache-Control”: [“max-age=0”], “Sec-Ch-Ua”: [“"Google Chrome";v="125", "Chromium";v="125", "Not.A/Brand";v="24"”], “Accept”: [“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7”], “Sec-Fetch-Site”: [“none”], “Sec-Fetch-Dest”: [“document”]}, “tls”: {“resumed”: false, “version”: 772, “cipher_suite”: 4865, “proto”: “h2”, “server_name”: “”}}, “bytes_read”: 0, “user_id”: “”, “duration”: 0.001725251, “size”: 0, “status”: 502, “resp_headers”: {“Server”: [“Caddy”], “Alt-Svc”: [“h3=":443"; ma=2592000”]}}```
I am using Caddy v2.7.5 on a docker container.
I setup the docker container using:
docker run -d \
--name web-caddy \
--restart always \
--network host \
-v /opt/web/config/Caddyfile:/etc/caddy/Caddyfile \
-v /opt/web/caddy-data:/data \
caddy
System Environments:
- Docker → Docker version 26.1.3, build b72abbb
- Ubuntu → Ubuntu 22.04.4 LTS
Complete caddy config:
{
auto_https off
}
https://[Public IP] {
tls /data/ip-cert/certificate.crt /data/ip-cert/private.key {
ca /data/ip-cert/ca_bundle.crt
}
reverse_proxy {
to 127.0.0.1:5000
header_up Host domain.com
header_up X-Forwarded-Host domain.com
}
}
domain.com {
tls /data/certificate.pem /data/key.pem
reverse_proxy 127.0.0.1:5000
}