Proxy query to specific URI -- Using caddy as a CORS Bypasser

1. Caddy version (caddy version):

v2.5.0-beta.1 h1:lF5wWqqDJ6HjETbnBILvTAeKcThsz1+OeWB+d1tWxp4=

2. How I run Caddy:

With the systemd service

a. System environment:

Debian 11 – systemd 247

b. Command:

sudo systemctl start caddy.service

c. Service/unit/compose file:

# /etc/systemd/system/caddy.service
# caddy.service
# For using Caddy with a config file.
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
# See for instructions.
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.


ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile


d. My complete Caddyfile or JSON config:

	servers :443 {
		protocol {
} {
	header {
		Access-Control-Allow-Origin *
		Access-Control-Allow-Credentials true
		Access-Control-Allow-Methods *
		Access-Control-Allow-Headers *

	rewrite /liberation /arc/outboundfeeds/rss/?outputType=xml
	reverse_proxy /arc/outboundfeeds/rss/?outputType=xml {
		header_down -Access-Control-Allow-Origin
		dynamic a 9000

	log {
		output stderr
		level info

3. The problem I’m having:

I’d like caddy to do the following thing :
user makes GET to
caddy receives this request, make a GET to <![CDATA[Libération]]>, strips the CORS header to add back a wildcard CORS and send it back to the user

5. What I already tried:

Please see d., but this doesn’t work :cry:

Please upgrade to v2.5.1!

That’s not valid syntax. Path matchers can’t take queries.

If you need to also match by query, you need to use a named matcher to use both a path and a query matcher at the same time.

Are you trying to proxy all requests to your upstream, or only that specific URL? Your Caddyfile doesn’t do anything with other URLs, so I’m not sure I understand the goal.

Do you actually need dynamic a? Is your domain resolving to multiple IP A records?

If not, you can just use static upstreams.

To explain better what I’m tryna do, is a “CORS remover reverse proxy” for various RSS feed (for dev purpose). So, I want to make different “endpoints” like /theguardian /newyorktimes etc etc that makes in background a request to the original rss feed URI and return the content, but with a CORS header at * :sweat_smile: I’m not that used to caddy so it’s kinda difficult for me to make a working config for that usecase

PS: I’ll update and remove the dynamic A :wink:

The perfect syntax would be like reverse_proxy /liberation but I get this error

/etc/caddy/Caddyfile:135 - Error during parsing: for now, URLs for proxy upstreams only support scheme, host, and port components

You need to use the rewrite directive before reverse_proxy to perform a rewrite. Maybe something like this:

handle /liberation {
	rewrite * /arc/outboundfeeds/rss/?outputType=xml
	reverse_proxy {
		header_up Host {upstream_hostport}

This topic was automatically closed after 30 days. New replies are no longer allowed.