Proxy via squid

1. My Caddy version (caddy -version):

$ caddy -version
Caddy v1.0.3 (h1:i9asdasdasd)

Current Caddy conf: {
log ./caddy.log
#redir /ghost /ghost/
proxy / {
#without /ghost

redir /portainer /portainer/
proxy /portainer/ {
without /portainer
tls {
dns cloudflare

Now I need caddy to serve HTTPS API but it is reachable only via Squid proxy:

Client → Caddy HTTPS reverse proxy → Squid → HTTPS API

in this scenario Caddy can not connect directly to HTTPS API, ONLY via Squid proxy.
How can I do it?


Hi @gus, welcome to the Caddy community.

Have you tried simply proxying to the Squid server? Caddy will simply return whatever the Squid proxy returns, so a proxy chain should not pose any problems.

Thanks for reply, let’s take an example that Squid IP:PORT is

can you prompt config sample ?

Thanks in advance!

proxy /

Thanks for quick reply.
Sorry, but I do not understand…

proxy / will make reverse proxy to squid.

What if I have 2 or 3 HTTS API endpoints behind Squid proxy ?


I thought you said you couldn’t access the APIs directly, only through Squid.

It sounds like you need to reverse proxy to Squid, which will then reverse proxy to those APIs.

YES, Caddy does not have direct connection to the backend HTTPS APIs

I need to tell Caddy that those API backends can be reached only via another proxy, in my case it is Squid.

So, proxy to Squid.

Squid will receive the request from Caddy and proxy to the APIs.

You can chain reverse proxies in this manner.

I do not want to configure Squid to make reverse proxy.
In this case to achieve reverse proxy chain, it is easier to run another Caddy server on different TCP port on Squid host…

Thanks for suggestions!

If the following is true:

  1. Caddy can not access the APIs
  2. Squid can access the APIs
  3. Caddy can access Squid

Then Caddy must talk to Squid and Squid must talk to the APIs. Caddy talks HTTP, so it must use a HTTP proxy to talk to Squid.

I can help you with configuration but I don’t understand your requirements. If you don’t want to use a reverse proxy, how else do you envision this could be achieved?

@gus Welcome, but … I don’t follow. You say:

And you want to achieve:

But then you contradict yourself here:

Which one is it? Do you want/need to use squid, or not?

Caddy can proxy to either, you just have to choose.

Hi, Thank you for questions!
It is always better to draw :slight_smile:

each api have fqdn:
I use HTTPS Squid forward proxy with method CONNECT for Python with os module to reach all backends API, yum to fetch system updates, or curl with shell https_proxy variable.

maybe it’s a stupid idea …but I thought it is possible to make reverse via forward…

Users can reach backends using fqdns:

Ahh, Squid is configured as a forward proxy!

OK, so I don’t believe Caddy can reverse proxy through a forward proxy. There’s no way to configure the proxy directive to CONNECT to a forward proxy before issuing its request upstream.

You COULD chain forward proxies - have Caddy act as a forward proxy and chain to Squid’s forward proxy - but then you’re left still with a forward proxy instead of regular HTTP access through Caddy. This might not be useful for you.

Based on that diagram, if all APIs are known, chained reverse proxies is the best way to go about achieving what you want.

I see. Could you see if there is a relevant issue related to forward-proxying and, after searching if you don’t find one that is the same as yours, could you open a new issue to request the feature? For version 2.

I dunno if this makes any difference, but in Caddy 2, you can reverse proxy to dynamic backends based on the request if necessary…

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.