Problems with client authentication and reverse-proxy

1. Caddy version (caddy version):

v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=

2. How I run Caddy:

caddy run

a. System environment:

VERSION=“20.04.3 LTS (Focal Fossa)”
PRETTY_NAME=“Ubuntu 20.04.3 LTS”

d. My complete Caddyfile or JSON config:

(proxy_upstream) {
        # Enable access logging to STDOUT

        reverse_proxy {
                header_up Host {upstream_hostport}
                header_up X-Forwarded-Host {host}}
                transport http {
                        compression off
} {
        tls internal {
                client_auth {
                        mode require
                        trusted_leaf_cert_file /path/to/client.pem
        import proxy_upstream

3. The problem I’m having:

I’m trying to use client authentication for my Caddy, if auth is OK the request is sent to backend. The request to backend should not include client authentication, this is only between client and Caddy reverse-proxy.
I would like to only allow a single client certificate.

4. Error messages and/or full log output:

Never see the inbound request im my stdout log.

What’s the problem exactly? What’s not working? What’s in your logs?

I got it working, changed the trusted_leaf_cert to base64 encoded DER. Thanks

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.