Proxying local http adresses

1. The problem I’m having:

I have installed Caddy on a Docker stack, and have pi-hole running for local dns-ing. What I am trying to achieve is that i don’t have to enter for example to access the Pi-Hole interface but can enter pi.hole and caddy takes care of it.

Homeassistant doensn’t work either :frowning:

2. Error messages and/or full log output:

{"level":"error","ts":1678390884.6622994,"logger":"http.log.error","msg":"dial tcp i/o timeout","request":{"remote_ip":"","remote_port":"57346","proto":"HTTP/1.1","method":"GET","host":"pi.hole","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15"],"Accept-Language":["de-DE,de;q=0.9"],"Accept-Encoding":["gzip, deflate"],"Connection":["keep-alive"]}},"duration":3.000354902,"status":502,"err_id":"6de857awz","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}
{"level":"error","ts":1678390899.7533762,"logger":"http.log.error","msg":"dial tcp i/o timeout","request":{"remote_ip":"","remote_port":"57371","proto":"HTTP/1.1","method":"GET","host":"pi.hole","uri":"/","headers":{"Accept-Language":["de-DE,de;q=0.9"],"Accept-Encoding":["gzip, deflate"],"Connection":["keep-alive"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15"]}},"duration":3.00017248,"status":502,"err_id":"2e3gf8p5k","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}
{"level":"error","ts":1678391120.4832447,"logger":"http.log.error","msg":"dial tcp i/o timeout","request":{"remote_ip":"","remote_port":"57484","proto":"HTTP/1.1","method":"GET","host":"pi.hole","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15"],"Accept-Language":["de-DE,de;q=0.9"],"Accept-Encoding":["gzip, deflate"],"Connection":["keep-alive"]}},"duration":3.000246307,"status":502,"err_id":"skxt7adbn","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}

3. Caddy version:


4. How I installed and ran Caddy:

Docker Stack on an Debian LXC on a Proxmox Hypervisor

a. System environment:

as above

b. Command:

Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

    image: caddy:2
    container_name: caddy
    restart: always
      - 80:80  # Needed for the ACME HTTP-01 challenge.
      - 443:443
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./caddy-config:/config
      - ./caddy-data:/data
      -  # Your domain.
      -    # The email address to use for ACME registration.
      - LOG_FILE=/data/access.log

d. My complete Caddy config:

# Vaultwarden {
  log {
    level INFO
    output file {$LOG_FILE} {
      roll_size 10MB
      roll_keep 10

  encode gzip
  reverse_proxy /notifications/hub vaultwarden:3012
  reverse_proxy vaultwarden:80 {
       header_up X-Real-IP {remote_host}
# Vaultwarden intern {
  log {
    level INFO
    output file {$LOG_FILE} {
      roll_size 10MB
      roll_keep 10
  encode gzip
  reverse_proxy vaultwarden:80

# Homeassistant intern
http://home.assistant:80 {

http://pi.hole:80, http://pihole:80 {
	rewrite * /admin{uri}

5. Links to relevant resources:


It looks like Caddy is receiving requests for pi.hole just fine, but the host you’ve configured as its upstream is not responding on port 80.

i/o timeout could imply that the IP address is incorrect or that the host is firewalled and ignoring requests from the Caddy host.

I remember you also were working with macvlans. I note that a macvlan client cannot talk directly to the host via the network interface it’s sharing (without additional support from a managed switch).


For other readers: The problem with homeassistant could be solved by the Homeassistantconfiguration itself as decribed here:

But now to the PiHole issue. Host is not firewalled or sth. It’s a container in the same stack as caddy is and you assumed right, I provided PiHole an own IP-Adress via macvlan:

Docker compose:

version: '2'

  pihole_network:                         # Name of network
    driver: macvlan                       # Use the macvlan network driver
      parent: eth0                    # If open vSwitch is disabled use eth0 (or eth1 +)
        - subnet: ""        # Specify subnet
          gateway: ""          # Gateway address
          ip_range: ""    # Available IP addresses

Pi-Hole Part:

        ipv4_address: ""

I have a managed switch but I’m guessing you talking about the virtual one?


Some managed switches (not a lot of them) support hairpinning (aka reflective relaying) to take packets from the NIC and return them straight to the NIC on the same port to the other MAC address, solving this connectivity issue.

The alternative is a virtual switch on the host, or a bridge.

I think you could also, potentially, just add the default: network to your PiHole container as well (so it has two virtual interfaces, one for the macvlan, one for the bridge, and Caddy would be able to talk to it over the bridge).

Okay. Thank you for giving me food for thought. What I managed to do is to create a user defined bridge, to which I added every container in my stack.

PiHole has now both interfaces. Internal DNS works


http://pi.hole:80, http://pihole:80 {
	rewrite * /admin{uri}
	reverse_proxy pihole:80


1 Like