Proxy https to another https server

thomaslule · January 25, 2019, 4:36pm

Hi,

At home behind my router I have a raspberry pi that catch https traffic and serves an app in https on a domain with caddy (it’s working perfectly).

Now I would like to add another server in my network that serves https apps too on other domains.

I want my caddy to continue to serve app1 and to forward the rest of the https traffic to the other server so I tried to add a “catch-all :443 route” at the end of the caddyfile of my raspberry:

app1.fr {
  proxy / localhost:3100
  gzip
  tls
}
:443 {
  proxy / 192.168.0.13:443
}

but it says: cannot multiplex app1.fr (TLS) and (not TLS) on same listener.

Do you know if there is a (simple) solution to my problem?
Thanks

tobya · January 25, 2019, 7:41pm

Bizarre as it sounds I think caddy will might be serving

:443 {

over http

To make sure it is served over https you will need to tell caddy specifically you wish to server https

:443 {
  tls
 etc 

}

or

https:// {
   etc
}

Whitestrake · January 26, 2019, 4:26am

It’s bizarre indeed!

When I run caddy -port 443 browse and Caddy outputs:

Activating privacy features... done.
https://

My expectation from that result is that Caddy serves HTTPS on the default port, not that Caddy serves HTTP on port 443. I’d expect to see http://:443 instead in the latter case.

Perhaps this should be opened as an issue.

matt · January 26, 2019, 7:08am

Ah. Yeah, this is an interesting case, but technically it is working as documented:

Caddy automatically enables HTTPS for all your sites, given that some reasonable criteria are met:

The hostname:

is not empty

…

Since the hostname is empty, automatic HTTPS is disabled.

Whitestrake · January 26, 2019, 7:27am

The problem isn’t that Caddy disables HTTPS, it’s that Caddy outputs https:// as the hostname regardless of that fact. It’s not https://, it’s http://:443. The initial output is effectively lying about the scheme it’s listening for.

matt · January 26, 2019, 7:49am

Ohh I see. Yeah we should fix that.

thomaslule · January 27, 2019, 5:51pm

Thanks for your answers, with a tls directive the caddy starts. I didn’t manage to make the SSL work on the other server but I don’t need it anymore

tobya · February 9, 2019, 7:54am

@Whitestrake Can you log this as an issue in the caddy repo and we can look at it getting fixed.

Whitestrake · February 9, 2019, 9:16am

No worries - up here: https://github.com/mholt/caddy/issues/2461

system · May 10, 2019, 9:16am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.