Reverse proxy on windows host with own/same cert

sheppard81 · December 6, 2021, 6:49pm

1. Caddy version (`caddy version`):

caddy:2-alpine

2. How I run Caddy:

a. System environment:

Docker

b. Command:

Docker Container over ansible

c. Service/unit/compose file:

- name: Caddy Docker Container
  docker_container:
    name: caddy-proxy
    image: caddy:2-alpine
    pull: true
    ports:
      - "{{ caddy_port_http }}:80"
      - "{{ caddy_port_https }}:443"
    volumes:
      - "{{ caddy_data_directory }}/Caddyfile:/etc/caddy/Caddyfile"
      - "{{ caddy_data_directory }}/data:/data"
      - "{{ caddy_data_directory }}/config:/config"
      - "{{ caddy_data_directory }}/cert:/home/cert"
    restart_policy: unless-stopped
    memory: 1g

d. My complete Caddyfile or JSON config:

{
    # email to use on Let's Encrypt
    email admin@mycompany.de

    # Uncomment for debug
    #acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
    #debug
}

time.mycompany.de {
   tls /home/cert/time_mycompany_with_intermediate.cer /home/cert/time.mycompany.de-key-2021.pem
   log
   rewrite * /SES/html
      reverse_proxy https://10.0.80.110 {
         }
}

3. The problem I’m having:

Unfortunately I have no experience with Caddy but try to make the following connection.
We have an internal Windows server listening to https://10.0.80.110:8043/SES/html.
I don’t want to connect it directly to the internet, instead I want to connect it via Caddy and time.mycompany.com. However I can’t get the reverse proxie to work and dont even know the right direction…
I bet it is because there is a certificate configured in the windows server.

4. Error messages and/or full log output:

{“level”:“error”,“ts”:1638815209.1596668,“logger”:“http.log.access”,“msg”:“handled request”,“request”:{“remote_addr”:“10.0.51.243:6639”,“proto”:“HTTP/2.0”,“method”:“GET”,“host”:“time.mycompany.de”,“uri”:"/",“headers”:{“Sec-Ch-Ua-Mobile”:["?0"],“User-Agent”:[“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60”],“Sec-Fetch-Site”:[“none”],“Sec-Fetch-Mode”:[“navigate”],“Sec-Fetch-User”:["?1"],“Accept-Language”:[“en-GB,en-US;q=0.9,en;q=0.8”],“Cookie”:["_ga=GA1.2.518072520.1627972582"],“Sec-Ch-Ua”:["“Opera”;v=“81”, " Not;A Brand";v=“99”, “Chromium”;v=“95"”],“Sec-Ch-Ua-Platform”:["“Windows”"],“Upgrade-Insecure-Requests”:[“1”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”],“Sec-Fetch-Dest”:[“document”],“Accept-Encoding”:[“gzip, deflate, br”]},“tls”:{“resumed”:false,“version”:772,“cipher_suite”:4865,“proto”:“h2”,“proto_mutual”:true,“server_name”:“time.mycompany.de”}},“common_log”:“10.0.51.243 - - [06/Dec/2021:18:26:49 +0000] “GET / HTTP/2.0” 502 0”,“user_id”:"",“duration”:10.000678179,“size”:0,“status”:502,“resp_headers”:{“Server”:[“Caddy”]}}

5. What I already tried:

6. Links to relevant resources:

francislavoie · December 6, 2021, 10:57pm

You didn’t specify the port number here, so Caddy will proxy using port 443 (the default HTTPS port). You wrote that your upstream app uses port 8043 though.

Also, when proxying over HTTPS, you need to make sure that Caddy will trust the certificate being served by the upstream app. Otherwise, it will reject the connection. So if the upstream app has a self signed certificate, you’ll have errors unless you configure Caddy to trust the self signed cert.

system · January 5, 2022, 6:50pm

This topic was automatically closed after 30 days. New replies are no longer allowed.