Proxy https to another https server


At home behind my router I have a raspberry pi that catch https traffic and serves an app in https on a domain with caddy (it’s working perfectly).

Now I would like to add another server in my network that serves https apps too on other domains.

I want my caddy to continue to serve app1 and to forward the rest of the https traffic to the other server so I tried to add a “catch-all :443 route” at the end of the caddyfile of my raspberry: {
  proxy / localhost:3100
:443 {
  proxy /

but it says: cannot multiplex (TLS) and (not TLS) on same listener.

Do you know if there is a (simple) solution to my problem?

Bizarre as it sounds I think caddy will might be serving

:443 { 

over http

To make sure it is served over https you will need to tell caddy specifically you wish to server https

:443 {



https:// {

It’s bizarre indeed!

When I run caddy -port 443 browse and Caddy outputs:

Activating privacy features... done.

My expectation from that result is that Caddy serves HTTPS on the default port, not that Caddy serves HTTP on port 443. I’d expect to see http://:443 instead in the latter case.

Perhaps this should be opened as an issue.

Ah. Yeah, this is an interesting case, but technically it is working as documented:

Caddy automatically enables HTTPS for all your sites, given that some reasonable criteria are met:

  • The hostname:
    • is not empty

Since the hostname is empty, automatic HTTPS is disabled.

The problem isn’t that Caddy disables HTTPS, it’s that Caddy outputs https:// as the hostname regardless of that fact. It’s not https://, it’s http://:443. The initial output is effectively lying about the scheme it’s listening for.

1 Like

Ohh I see. Yeah we should fix that.

Thanks for your answers, with a tls directive the caddy starts. I didn’t manage to make the SSL work on the other server but I don’t need it anymore

@Whitestrake Can you log this as an issue in the caddy repo and we can look at it getting fixed.

No worries - up here:

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.