1. The problem I’m having:
Hi,
For a specific scenario I would like to add Caddy in front of AWS ALB, high availability of Caddy here is not the most important thing at this point. This way Caddy could generate certificates on demand and do the reverse proxy to the ALB, and then the ALB which has the following rules:
- Everything that is HTTP redirects to HTTPS
- And in HTTPS the condition that if the Host Header is equal to
*.mydomain.com
, redirect to the Target Group with Fargate - In the default rule, the Host Header condition does not exist and forwards to another Target Group
This can be represented in the drawing below:
Question 1:
Without adding anything in Caddy, I realized that AWS ALB was not “recognizing” the “Host Header” rule, but adding:
header_up Host {host}
or
header_up Host {http.reverse_proxy.upstream.hostport}
It works, so just to confirm here which would be the most appropriate to use?
Question 2:
Is it possible for Caddy to “skip” certificate generation for *.mydomain.com
? I would just like it to reverse proxy my ALB without generating a certificate since the ALB already has a wildcard attached.
Please let me know if this is possible?
Regards,
2. Error messages and/or full log output:
3. Caddy version:
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
4. How I installed and ran Caddy:
a. System environment:
Ubuntu 22.04 LTS
b. Command:
sudo apt update -y
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
c. Service/unit/compose file:
d. My complete Caddy config:
{
on_demand_tls {
interval 5m
burst 20
ask https://tlsvalidate.mydomain.com
}
}
https:// {
tls {
on_demand
}
reverse_proxy {
to https://alb.mydomain.com
header_up Host {host}
#header_up Host {http.reverse_proxy.upstream.hostport}
}
}
*.mydomain.com {
reverse_proxy {
to https://alb.mydomain.com
header_up Host {host}
#header_up Host {http.reverse_proxy.upstream.hostport}
}
}
:80 {
respond /online "I am healthy" 200
}
5. Links to relevant resources: