Proxy https to another https server

(thomaslule) #1


At home behind my router I have a raspberry pi that catch https traffic and serves an app in https on a domain with caddy (it’s working perfectly).

Now I would like to add another server in my network that serves https apps too on other domains.

I want my caddy to continue to serve app1 and to forward the rest of the https traffic to the other server so I tried to add a “catch-all :443 route” at the end of the caddyfile of my raspberry: {
  proxy / localhost:3100
:443 {
  proxy /

but it says: cannot multiplex (TLS) and (not TLS) on same listener.

Do you know if there is a (simple) solution to my problem?

(Toby Allen) #2

Bizarre as it sounds I think caddy will might be serving

:443 { 

over http

To make sure it is served over https you will need to tell caddy specifically you wish to server https

:443 {



https:// {

(Matthew Fay) #3

It’s bizarre indeed!

When I run caddy -port 443 browse and Caddy outputs:

Activating privacy features... done.

My expectation from that result is that Caddy serves HTTPS on the default port, not that Caddy serves HTTP on port 443. I’d expect to see http://:443 instead in the latter case.

Perhaps this should be opened as an issue.

(Matt Holt) #4

Ah. Yeah, this is an interesting case, but technically it is working as documented:

Caddy automatically enables HTTPS for all your sites, given that some reasonable criteria are met:

  • The hostname:
    • is not empty

Since the hostname is empty, automatic HTTPS is disabled.

(Matthew Fay) #5

The problem isn’t that Caddy disables HTTPS, it’s that Caddy outputs https:// as the hostname regardless of that fact. It’s not https://, it’s http://:443. The initial output is effectively lying about the scheme it’s listening for.

(Matt Holt) #6

Ohh I see. Yeah we should fix that.

(thomaslule) #7

Thanks for your answers, with a tls directive the caddy starts. I didn’t manage to make the SSL work on the other server but I don’t need it anymore

(Toby Allen) #8

@Whitestrake Can you log this as an issue in the caddy repo and we can look at it getting fixed.

(Matthew Fay) #9

No worries - up here: