Reverse proxy to an app without prefix

1. Caddy version (caddy version):

caddy v2.4.0 h1:yHnnbawH2G3ZBP2mAJF4XBLnJanqhULLP/wu01Qi9Io=

2. How I run Caddy:

a. System environment:

Host - Ubuntu 20.04.2 LTS
Docker Desktop version - 20.10.6
Caddy container - caddy:latest

b. Command:

docker-compose up -d

c. Service/unit/compose file:


version: '3.8'
    image: xcaddy:latest
    container_name: caddy
      - 80:80
      - 443:443
      - 8443:8443
      - wg-pia
      - TZ=America/Chicago
      - PUID=1000
      - PGID=1000
      - /var/run/docker.sock:/var/run/docker.sock
      - "${docker}/caddy2/data:/data"
      - "${docker}/caddy2/config:/config"
      - com.centurylinklabs.watchtower.enable=false

Caddy Dockerfile

FROM caddy:${CADDY_VERSION}-builder AS builder

RUN xcaddy build \
    --with \
    --with \
    --with \
    --with \

FROM caddy:${CADDY_VERSION}-alpine

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

CMD ["caddy", "docker-proxy"]

d. My complete Caddyfile or JSON config:

        https_port 443
        http_port 80
(geofilter) {
        @mygeofilter {
                maxmind_geolocation {
                        db_path /data/GeoLite2-Country.mmdb
                        allow_countries US
} {
        import geofilter
        log {
                output file /data/access.log
        route /auth* {
                auth_portal {
                        path /auth
                        backends {
                                local_backend {
                                        method local
                                        path /config/caddy/users.json
                                        realm local
                                        require mfa
                        jwt {
                                token_name access_token
                                token_secret <redacted>
                                token_lifetime 3600
                        registration {
                                dropbox /config/caddy/registrations_db.json
                                title "User Registration"
                                code <redacted>
                                require accept_terms
                                require domain_mx
                        ui {
                                links {
                                        "My Identity" /auth/whoami icon "las la-star"
                                        "My Settings" /auth/settings icon "las la-cog"
                                        "My Versions" /version icon "las la-smile"
                                        Test /test icon "las la-search"
                                        Main /main icon "las la-search"
        route /main* {
                jwt {
                        primary yes
                        trusted_tokens {
                                static_secret {
                                        token_name access_token
                                        token_secret <redacted>
                        auth_url /auth
                        allow roles anonymous guest admin
                        allow roles superadmin
                reverse_proxy @mygeofilter
        route /version* {
                respond * `caddy v2.4.0 h1:yHnnbawH2G3ZBP2mAJF4XBLnJanqhULLP/wu01Qi9Io=
http.authentication.hashes.bcrypt v2.4.0
http.authentication.hashes.scrypt v2.4.0
http.authentication.providers.http_basic v2.4.0
http.handlers.authentication v2.4.0
http.authentication.providers.jwt v1.2.7
http.handlers.auth_portal v1.4.6
http.matchers.maxmind_geolocation v0.0.0-20201011164607-088c2173a367` 200
        route {
                redir https://{hostport}/auth/ 302
        route /test* {
                uri strip_prefix /test
                reverse_proxy @mygeofilter

3. The problem I’m having:

I have implemented caddy-auth-portal. Not all of the services I have support adding a base url/prefix. I used uri strip_prefix so that when I go to it is sent to on the backend (instead of, but I get a 404 error and the page only partially loads. Clicking on any link in the page for the service takes me back to I have tired it with 2 different services that I host and both get the same behavior.

Prior to caddy-auth-portal My Caddyfile for a service would look like this: {

Not quite sure what I need to do in order to deal with the prefix and caddy-auth-portal.

4. Error messages and/or full log output:

Caddy Logs

5. What I already tried:

I tried doing rewrite instead of uri strip_prefix, but I could not get the page to load. I also tried adding /main* as a match to the reverse_proxy directive.

Use handle_path and put your reverse_proxy inside of that.

That gets me a little further, I think. I am redirect to which is where I would go prior to caddy-auth-portal, but it only loads a blank white page.

This topic was automatically closed after 30 days. New replies are no longer allowed.