Reverse proxy and self-signed certificate

Two servers

  • Server A

    • Caddy v2.4.6
    • FQDN with Let’s Encrypt TLS certificate
    • reverse proxy to server B on port 881
  • Server B

    • Caddy v2.4.6
    • IP (no FQDN)
    • listening on port 881 (non TLS)

Server B is behind a router that forwards the external port 881 to the internal port 881 on server B.

The traffic between a client and server A is TLS encrypted but not the traffic forwarded from A to B.

How can I generate a self-signed certificate on B and tell the reverse proxy to use that certificate ( tls_insecure_skip_verify ) ?

Caddyfile server A

    # reverse proxy to server B
    serverB.example.com {
        reverse_proxy * http://123.123.123.123:881 
        log {
            output file /var/log/caddy/serverA.log
        }
    }

Caddyfile server B

    :881 {
        root * /var/www
        file_server
        php_fastcgi unix//var/run/php/php7.4-fpm.sock
        log {
            output file /var/log/caddy/serverB.log
        }
    }

This should explain everything you need to know:

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.