Reverse proxy on windows host with own/same cert

1. Caddy version (caddy version):


2. How I run Caddy:

a. System environment:


b. Command:

Docker Container over ansible

c. Service/unit/compose file:

- name: Caddy Docker Container
    name: caddy-proxy
    image: caddy:2-alpine
    pull: true
      - "{{ caddy_port_http }}:80"
      - "{{ caddy_port_https }}:443"
      - "{{ caddy_data_directory }}/Caddyfile:/etc/caddy/Caddyfile"
      - "{{ caddy_data_directory }}/data:/data"
      - "{{ caddy_data_directory }}/config:/config"
      - "{{ caddy_data_directory }}/cert:/home/cert"
    restart_policy: unless-stopped
    memory: 1g

d. My complete Caddyfile or JSON config:

    # email to use on Let's Encrypt

    # Uncomment for debug
} {
   tls /home/cert/time_mycompany_with_intermediate.cer /home/cert/
   rewrite * /SES/html
      reverse_proxy {

3. The problem I’m having:

Unfortunately I have no experience with Caddy but try to make the following connection.
We have an internal Windows server listening to
I don’t want to connect it directly to the internet, instead I want to connect it via Caddy and However I can’t get the reverse proxie to work and dont even know the right direction…
I bet it is because there is a certificate configured in the windows server.

4. Error messages and/or full log output:

{“level”:“error”,“ts”:1638815209.1596668,“logger”:“http.log.access”,“msg”:“handled request”,“request”:{“remote_addr”:“”,“proto”:“HTTP/2.0”,“method”:“GET”,“host”:“”,“uri”:"/",“headers”:{“Sec-Ch-Ua-Mobile”:["?0"],“User-Agent”:[“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 OPR/81.0.4196.60”],“Sec-Fetch-Site”:[“none”],“Sec-Fetch-Mode”:[“navigate”],“Sec-Fetch-User”:["?1"],“Accept-Language”:[“en-GB,en-US;q=0.9,en;q=0.8”],“Cookie”:["_ga=GA1.2.518072520.1627972582"],“Sec-Ch-Ua”:["“Opera”;v=“81”, " Not;A Brand";v=“99”, “Chromium”;v=“95"”],“Sec-Ch-Ua-Platform”:["“Windows”"],“Upgrade-Insecure-Requests”:[“1”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”],“Sec-Fetch-Dest”:[“document”],“Accept-Encoding”:[“gzip, deflate, br”]},“tls”:{“resumed”:false,“version”:772,“cipher_suite”:4865,“proto”:“h2”,“proto_mutual”:true,“server_name”:“”}},“common_log”:“ - - [06/Dec/2021:18:26:49 +0000] “GET / HTTP/2.0” 502 0”,“user_id”:"",“duration”:10.000678179,“size”:0,“status”:502,“resp_headers”:{“Server”:[“Caddy”]}}

5. What I already tried:

6. Links to relevant resources:

You didn’t specify the port number here, so Caddy will proxy using port 443 (the default HTTPS port). You wrote that your upstream app uses port 8043 though.

Also, when proxying over HTTPS, you need to make sure that Caddy will trust the certificate being served by the upstream app. Otherwise, it will reject the connection. So if the upstream app has a self signed certificate, you’ll have errors unless you configure Caddy to trust the self signed cert.

This topic was automatically closed after 30 days. New replies are no longer allowed.