[proxy] 2 caddy servers with 1 reverse proxy

(Pixys) #1

Hello,

I am trying to setup Caddy as reverse proxy to pass requests to another physical server running caddy as well on the same LAN.

Here is my setup:

I have 2 servers behind a router.
Server A is 192.168.0.2
Server B is 192.168.0.3
My ISP gives me a fixed IP, I have a domain name, and I forward all requests on the port 443 (I want https only) to the server A.

The caddyfile of the server A looks like this and it works correctly:

subdomain1.domain.com {
    root /srv/http/subdomain1
    tls {
       dns gandiv5
    }
}

Now, I want all the requests to subdomain2.domain.com be forwarded to server B.

The new caddyfile of the server A is updated that way:

subdomain1.domain.com {
    root /srv/http/subdomain1
    tls {
       dns gandiv5
    }
}

subdomain2.domain.com {
    proxy / 192.168.0.3:443 {
      transparent
    }
    tls {
       dns gandiv5
    }
}

And the caddyfile of the server B looks like this:

subdomain2.domain.com {
    root /srv/http/subdomain2
    tls {
       dns gandiv5
    }
}

It does not work, I have a time-out when I try to reach subdomain2.domain.com from the WAN.
Also I am not sure if the DNS challenge must be solved by the proxy (server A) or by the server hosting the app (server B)

Any help would be appreciated :slight_smile:
Thanks in advance!

(Matthew Fay) #2

Time-out means that a connection can’t be established, usually because the packets don’t get where they need to be.

Places to check:

  • DNS A records are set correctly
  • Port forwarding is configured correctly
  • Firewalls are allowing traffic on those ports
(Pixys) #3

@Whitestrake, thank you for your suggestions.

The DNS record has been tested without proxy setup and it works.

The 2 other points are network related and I guess this is where something is wrong.

If my knowledge is correct, I don’t need any additional forwarding rule beside the existing one (public IP:443 to 192.168.0.2:443) as I stay on the same LAN when the packets are forwarded from 192.168.0.2 to 192.168.0.3 but maybe I am wrong.

The firewall is embedded in the router and I assume it filters the packets coming from the WAN not LAN to LAN. Also none of the servers have a FW.

Once back home, I’ll try to get error logs

1 Like