I’ve been searching through the docs, but can’t seem to find a solution. I’m using 2 VPS server as for serving my application and one as a “load balancer” using reverse proxy for those 2 application servers. I’ve set up a Caddyfile for each of those 2 servers like this:
my-domain.com:80 {
tls off
redir 301 {
/ my-domain.com{uri}
}
}
my-domain.com:443 {
tls self_signed
redir 301 {
if {scheme} is http
/ https://my-domain.com{uri}
}
root /home/user/my-site
fastcgi / 127.0.0.1:9000 php
}
And the “load balancer” is set up with the following Caddyfile:
my-domain.com:80 {
tls off
redir 301 {
/ https://my-domain.com{uri}
}
}
my-domain.com:443 {
tls {
max_certs 1
}
redir 301 {
if {scheme} is http
/ https://{host}{uri}
}
proxy / https://10.132.xxx.xx https://10.132.xxx.xx {
transparent
insecure_skip_verify
}
}
I’m using Cloudflare with SSL Full (strict) option on the domain (A record pointed to the load balancer public IP). When I open the domain in the browser, I get the 502 error. Seems that Caddy couldn’t have proxied to those servers. When I curl those private IPs from the load balancing server, on http I get “Site not served at this interface” (which means it’s able to connect to web server), but when I curl to the same IP with the https, I get the internal error for the TLS handshake, and the Caddy log file shows the error.
curl -i https://10.132.xxx.xx
curl: (35) gnutls_handshake() failed: Internal error
The error on the 10.132.xxx.xx server’s Caddy log file:
http: TLS handshake error from {private-ip}:48294: no certificate available for ''
Does anyone have any ideas know how to fix this?