1. The problem I’m having:
I have a public facing server running caddy v2 and I have a caddy v2 server in my homelab.
I have 2 ways to reach homelab caddy server, 1 with the public IP and another one using a wireguard tunnel. (Reachable from the public facing machine hosting caddy server)
I want to distribute traffic from public facing caddy server to my homelab caddy server. If it can reach it over the public IP, It should use that and if that is not working then it should connect over wireguard.
2. Error messages and/or full log output:
May 13 04:11:21 delbgp caddy[124535]: {"level":"info","ts":1683931281.082274,"logger":"http.handlers.reverse_proxy.health_checker.active","msg":"HTTP request failed","host":"10.0.50.3:443","error":"Get \"https://10.0.50.3:443\": context deadline exceeded"}
May 13 04:11:21 delbgp caddy[124535]: {"level":"info","ts":1683931281.082322,"logger":"http.handlers.reverse_proxy.health_checker.active","msg":"HTTP request failed","host":"43.230.197.97:443","error":"Get \"https://<public-address>:443\": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"}
This does not work no matter what I try. It keeps using public IP and eventually responds with 502 error. If I enable healthchecks, It reports http request failed over both endpoints when that’s not true at all! I can reach 10.0.50.3:443 using curl just fine.
3. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
4. How I installed and ran Caddy:
Binary downloaded from caddy’s website. I enabled layer4 module
a. System environment:
Arch linux machine
systemd: 253.4-1
Arch: x64
b. Command:
/opt/caddy/caddy run --environ --config /etc/caddy/caddy.json
c. Service/unit/compose file:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
d. My complete Caddy config:
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [":443"],
"routes": [
{
"match": [
{
"host": ["jellyfin.domain"]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "<public-addr>:443"
},
{
"dial": "10.0.50.3:443"
}
],
"transport": {
"protocol": "http",
"tls": {
"server_name": "jellyfin.domain"
}
},
"health_checks": {
"active": {
"path": "/",
"interval": 30
},
"passive": {
"max_fails": 0,
"fail_duration": 5
}
}
}
]
}
]
}
],
"terminal": true
}
]
}
}
}
}
}