Reverse_proxy to docker container troubles

1. Caddy version (caddy version):

v2.4.5 h1:P1mRs6V2cMcagSPn+NWpD+OEYUYLIf6ecOa48cFGeUg=

2. How I run Caddy:

In a docker container

a. System environment:

In a docker container: caddy:latest

b. Command:

c. Service/unit/compose file:

docker run \
    -d \
    -p 80:80 \
    -p 443:443 \
    -v "$(pwd)"/Caddyfile:/etc/caddy \
    -v "$(pwd)"/data:/data \
    -v "$(pwd)"/public:/var/www/html \
    --name rb_caddy \

d. My complete Caddyfile or JSON config:


root * /var/www/html/

reverse_proxy /tows/* rb_tinyows:8080 

reverse_proxy /rest/* rb_express:3000


 log {
    output file /var/log/access2.log

3. The problem I’m having:

So, I’ve 2 reverse_proxy’s. The express rest api is working fine. The second one, a wfs server is giving me troubles. Both backends are running in a docker container, the rb_tinyows is running also on port 8080, with no problems:

curl -v gives:

*   Trying
* Connected to ( port 8080 (#0)
> GET /tows/ HTTP/1.1
> Host:
> User-Agent: curl/7.68.0
> Accept: */*
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Wed, 09 Feb 2022 15:41:04 GMT
< Server: Apache/2.4.29 (Ubuntu)
< Vary: Accept-Encoding
< Access-Control-Allow-Origin: *
< Cache-Control: max-age=0, must-revalidate, no-cache, no-store
< Transfer-Encoding: chunked
< Content-Type: application/xml
<?xml version='1.0' encoding='UTF-8'?>
 version='1.1.0' language='en'>
 <ows:Exception exceptionCode='InvalidParameterValue' locator='service'>
  <ows:ExceptionText>Service Unknown</ows:ExceptionText>
* Connection #0 to host left intact

When trying using
curl -v

i get:

*   Trying
* Connected to ( port 80 (#0)
> GET /tows/ HTTP/1.1
> Host:
> User-Agent: curl/7.68.0
> Accept: */*
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location:
< Server: Caddy
< Date: Wed, 09 Feb 2022 15:44:02 GMT
< Content-Length: 0
* Closing connection 0

In a browser I get error 502

4. Error messages and/or full log output:

         "gzip, deflate, br"
         "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36"
"common_log":" - - [09/Feb/2022:12:31:43 +0000] \"GET /tows/?service=WFS&version=1.1.0&request=DescribeFeatureType&Typename=tows:bgv_bezettingen HTTP/2.0\" 502 0",

5. What I already tried:

I’ve tried to find out what apache is returning to caddy without any luck. The docker containing tinyows runs on apache, so my guess is that the transport should be http, tinyows itself is a fastcgi application,
changing to:

reverse_proxy /tows/* rb_tinyows:8080 { transport fastcgi } makes no difference

also replacing rb_tinyows with its ip:

reverse_proxy /tows/*

does not work, ping (from caddy container to rb_tinyows) is ok:

/srv # ping
PING ( 56 data bytes
64 bytes from seq=0 ttl=64 time=0.245 ms
64 bytes from seq=1 ttl=64 time=0.155 ms
--- ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.155/0.200/0.245 ms
/srv # 
/srv # 
/srv # ping rb_tinyows
PING rb_tinyows ( 56 data bytes
64 bytes from seq=0 ttl=64 time=0.082 ms
64 bytes from seq=1 ttl=64 time=0.109 ms

I also tried this with no luck:

reverse_proxy /tows/* rb_tinyows:8080 {

        transport http {
		dial_timeout 2s
		tls_timeout  2s
                compression off


the tinyows docker itself is started with:

docker run \
    -d \
    -p 8080:80 \
    --restart unless-stopped \
    --name rb_tinyows \
    -v "$(pwd)"/tinyows.xml/:/etc/mapserver/tinyows.xml:ro \
    -v "$(pwd)"/tinyows.xml/:/etc/tinyows.xml:ro \

It would be very nice if someone has a idea whats going wrong!

Thank you

kind regards Robbert

6. Links to relevant resources:

I think you should use Port 80 for the reverse_proxy if you use the docker network address

reverse_proxy /tows/* rb_tinyows:80 

the mapped port 8080 is available on the host (so you would have to use this, if caddy was running on the host)

Hi Jok many thanks!

I have to rethink my error over. Its not really clear why this happens. I started the container with:

-p 8080:80

So i was thinking that all incoming IPs only port 8080 is accepted and converted to port 80 inside the container.

It works now :wink: thx again!

Also, please upgrade to v2.4.6!

Yeah, that binds that port to the host machine. But if both Caddy and your upstream app are in the same Docker network, then it doesn’t use the port on the host, it uses the port internal to the Docker network. In this case, port 80.

This topic was automatically closed after 30 days. New replies are no longer allowed.