Problem with reverse proxy to a service on host

1. The problem I’m having:

Hi! I try to set up a reverse proxy to the server which runs on a host machine with the address IP address of the service was selected intentionally to match the IP of docker0 and host.docker.internal. The service is reachable from the host. However, the reverse proxy does not work and results in the 502 error.

2. Error messages and/or full log output:

caddy_reverse_proxy  | {"level":"error","ts":1691255735.0020468,"logger":"http.log.error.log1","msg":"dial tcp i/o timeout","request":{"remote_ip":"MY_REMOTE_IP","remote_port":"33830","client_ip":"CLIENT_IP","proto":"HTTP/2.0","method":"GET","host":"","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Sec-Gpc":["1"],"Cache-Control":["max-age=0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua":["\"Brave\";v=\"113\", \"Chromium\";v=\"113\", \"Not-A.Brand\";v=\"24\""],"Upgrade-Insecure-Requests":["1"],"Accept-Language":["en-US,en;q=0.9"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":""}},"duration":3.001929959,"status":502,"err_id":"gq02k5326","err_trace":"reverseproxy.statusError (reverseproxy.go:1246)"}

3. Caddy version:


4. How I installed and ran Caddy:

Docker compose
Docker version 24.0.5, build ced0996

a. System environment:

Ubuntu 22.04.2 LTS aarch64.

b. Command:

docker compose up -d

c. Service/unit/compose file:

version: '3'                                                                                                                                                                                                       
services:                                                                                                                                                                                                            caddy:                                                                                                                                                                                                           
    image: caddy:latest                                                                                                                                                                                            
    container_name: caddy_reverse_proxy                                                                                                                                                                            
    restart: always                                                                                                                                                                                                
      - 80:80                                                                                                                                                          
      - 443:443                                                                                                                                                                                                    
    user: ${UID}:${GID}                                                                                                                                                                                            
      - ./Caddyfile:/etc/caddy/Caddyfile:ro                                                                                                                                                                        
      - ./caddy-config:/config                                                                                                                                                                                           
      - ./caddy-data:/data                                                                                                                                                                                                                                                                                                                                                     
      - vaultwarden  # I use it for the reverse-proxy to vaultwarden docker container, and it works fine                                                                                                                                                                              
      - "host.docker.internal:host-gateway"                                                                                                                                                                            
       - docker-compose.env                                                                                                                                                                                                                                                                                                                                                                             
    external: true  # I use it for the reverse-proxy to vaultwarden docker container, and it works fine                                                                                                                                                                                                    

d. My complete Caddy config: {                                                                                                                                                                                         
  log {                                                                                                                                                                                                            
    level DEBUG                                                                                                                                                                                                    
    format console                                                                                                                                                                                                 
  reverse_proxy host.docker.internal:8385 {                                                                                                                                                                        
    header_up Host {upstream_hostport}                                                                                                                                                                             
    header_up X-Real-IP {remote_host}                                                                                                                                                                              

5. Links to relevant resources:

This isn’t really a problem with Caddy, but rather a problem with Docker networking or networking on your host. There’s not really much I can suggest.

Thanks, indeed, that was a problem related to ufw blocking access to localhost from other docker networks

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.