Proxy https to another https server


(thomaslule) #1

Hi,

At home behind my router I have a raspberry pi that catch https traffic and serves an app in https on a domain with caddy (it’s working perfectly).

Now I would like to add another server in my network that serves https apps too on other domains.

I want my caddy to continue to serve app1 and to forward the rest of the https traffic to the other server so I tried to add a “catch-all :443 route” at the end of the caddyfile of my raspberry:

app1.fr {
  proxy / localhost:3100
  gzip
  tls
}
:443 {
  proxy / 192.168.0.13:443
}

but it says: cannot multiplex app1.fr (TLS) and (not TLS) on same listener.

Do you know if there is a (simple) solution to my problem?
Thanks


(Toby Allen) #2

Bizarre as it sounds I think caddy will might be serving

:443 { 

over http

To make sure it is served over https you will need to tell caddy specifically you wish to server https

:443 {
  tls
 etc 

}

or

https:// {
   etc
}

(Matthew Fay) #3

It’s bizarre indeed!

When I run caddy -port 443 browse and Caddy outputs:

Activating privacy features... done.
https://

My expectation from that result is that Caddy serves HTTPS on the default port, not that Caddy serves HTTP on port 443. I’d expect to see http://:443 instead in the latter case.

Perhaps this should be opened as an issue.


(Matt Holt) #4

Ah. Yeah, this is an interesting case, but technically it is working as documented:

Caddy automatically enables HTTPS for all your sites, given that some reasonable criteria are met:

  • The hostname:
    • is not empty

Since the hostname is empty, automatic HTTPS is disabled.


(Matthew Fay) #5

The problem isn’t that Caddy disables HTTPS, it’s that Caddy outputs https:// as the hostname regardless of that fact. It’s not https://, it’s http://:443. The initial output is effectively lying about the scheme it’s listening for.


(Matt Holt) #6

Ohh I see. Yeah we should fix that.


(thomaslule) #7

Thanks for your answers, with a tls directive the caddy starts. I didn’t manage to make the SSL work on the other server but I don’t need it anymore


(Toby Allen) #8

@Whitestrake Can you log this as an issue in the caddy repo and we can look at it getting fixed.


(Matthew Fay) #9

No worries - up here: https://github.com/mholt/caddy/issues/2461