Proxmox/Unifi reverse proxy only for local

1. Caddy version (caddy version):

dpkg -s caddy
Package: caddy
Version: 2.4.5
Conffiles:
 /etc/caddy/Caddyfile 8cbf072a3e390217a88c242a7f18ee76

2. How I run Caddy:

a. System environment:

NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"
Not installed in docker, from repo.

b. Command:

systemctl start caddy.service

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

### Proxmox ###
http://proxmox.pfi.lan {
  reverse_proxy https://10.0.11.240:8006 {
    transport http {
      tls_insecure_skip_verify
    }
  }
}

### Unifi ###
http://unifi.pfi.lan {
  reverse_proxy localhost:8443 {
    transport http {
      tls_insecure_skip_verify
    }
    header_up -Authorization
    header_up Host {host}
  }
}

3. The problem I’m having:

Caddy it’s working fine with almost all my services installed in my network/docker but I can’t get working with some [proxmox,unifi] because these works with https.

#PROXMOX

  1. I can acces proxmox.pfi.lan
  2. I can write username and password
  3. click login
  4. after i login successfully i get this error from proxmox [not caddy].

I think it’s missing something to redirect.
SS= 1-11-2021 14-45

#UNIFI
I can acces only on this https://unifi.pfi.lan:8443/ but i want only unifi.pfi.lan without the port.

4. Error messages and/or full log output:

Nov 01 14:51:17 docker caddy[148734]: {"level":"debug","ts":1635771077.361524,"logger":"http.stdlib","msg":"http: TLS handshake error from 10.0.10.100:41884: no certificate available for 'proxmox.pfi.lan'"}
Nov 01 14:51:17 docker caddy[148734]: {"level":"debug","ts":1635771077.364087,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"proxmox.pfi.lan"}
Nov 01 14:51:17 docker caddy[148734]: {"level":"debug","ts":1635771077.3641033,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.pfi.lan"}
Nov 01 14:51:17 docker caddy[148734]: {"level":"debug","ts":1635771077.3641112,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.lan"}
Nov 01 14:51:17 docker caddy[148734]: {"level":"debug","ts":1635771077.3641176,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*"}
Nov 01 14:51:17 docker caddy[148734]: {"level":"debug","ts":1635771077.3641438,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","server_name":"proxmox.pfi.lan","remote":"10.0.10.100:41886","identifier":"proxmox.pi>
Nov 01 14:51:17 docker caddy[148734]: {"level":"debug","ts":1635771077.3642328,"logger":"http.stdlib","msg":"http: TLS handshake error from 10.0.10.100:41886: no certificate available for 'proxmox.pfi.lan'"}

5. What I already tried:

I searched on forums and tried different approach but I can’t get it working.

6. Links to relevant resources:

https://community.ui.com/questions/Unifi-Controller-error-with-Caddy-reverse-proxy/4de66e17-dc43-4661-b2ad-2885c2a3e3f7
https://community.ui.com/questions/Trivial-Reverse-Proxy-for-Unifi-Controller-with-automatic-LetsEncrypt-SSL-on-internal-IP-with-Caddy/043c50aa-78ae-47e0-a819-3d3c358370a1

You configured Caddy to only listen on port 80, over HTTP only (by prefixing the sites with http://), but you’re making requests to port 443, HTTPS.

I tried with HTTPS or without http/https on the dns name + all other things from caddy.community/google but I can’t figure out how to make reverse proxy with local dns these 2 https services.

This topic was automatically closed after 30 days. New replies are no longer allowed.