Reverse proxy to subdir

1. Caddy version (caddy version):


2. How I run Caddy:

systemctl restart caddy

a. System environment:

OS, Ubuntu, systemd

b. Command:

systemctl restart caddy

c. Service/unit/compose file:


ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --resume
#--config /etc/caddy/Caddyfile


d. My complete Caddyfile or JSON config: {
    rewrite * /mayaseen{path}
    reverse_proxy {
        header_up Host {upstream_hostport}
        header_up X-Forwarded-Host {host}

3. The problem I’m having:

Hello, after 200 cigarettes in an attempt to set up this rather complicated thing, I decided that I needed help. All seekers of help related to reverse proxy wanted to point to, and how to get to point to ?
and when request behind the scene loading

And a real example:

this is what I would like to look like:

Thanks in advance.

4. Error messages and/or full log output:

5. What I already tried:

6. Links to relevant resources:

Close, you should use {uri} to make sure the query portion of the URL is preserved as well.

But you had the right approach. What exactly isn’t working? What behaviour are you seeing? What’s in your logs?

Do you mean {
rewrite * /mayaseen{uri}
reverse_proxy {
header_up Host {upstream_hostport}
header_up X-Forwarded-Host {host}

I changed it now.
Now we expect:

to be able to use this link:

as well as

to be able to use this link:

try these links to see the result, please

Understood, but what actually happens instead? You haven’t explained what behaviour you’re seeing instead of what you expect.

{"level":"error","ts":1639577925.7824674,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"","proto":"HTTP/2.0","method":"GET","host":"","uri":"/_next/static/QDw40O1ahML08NtVAhGAm/_middlewareManifest.js","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36"],"Accept":["*/*"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Dest":["script"],"Referer":[""],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["bg-BG,bg;q=0.9,en;q=0.8"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Fetch-Mode":["no-cors"],"Cookie":["_ga=GA1.2.1763325896.1639141990; _gcl_au=1.1.1404675637.1639141990; _gid=GA1.2.1010298139.1639329921; _temp=_temp; _gat_gtag_UA_44313046_1=1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":""}},"common_log":" - - [15/Dec/2021:14:18:45 +0000] \"GET /_next/static/QDw40O1ahML08NtVAhGAm/_middlewareManifest.js HTTP/2.0\" 404 3548","user_id":"","duration":0.009874481,"size":3548,"status":404,"resp_headers":{"Access-Control-Allow-Origin":["*"],"Date":["Wed, 15 Dec 2021 14:18:45 GMT"],"X-Robots-Tag":["noindex"],"Etag":["W/\"f1ec0ce184bb72f594be55bd7979dc2b432021149b726c3485d016a3da49a047\""],"Content-Type":["text/html; charset=utf-8"],"Server":["Caddy","Vercel"],"X-Vercel-Id":["fra1:fra1::97q2k-1639577925776-3957efd8cd65"],"Content-Encoding":["br"],"X-Matched-Path":["/en-OM/404"],"Cache-Control":["public, max-age=0, must-revalidate"],"Content-Disposition":["inline; filename=\"404\""],"Age":["115610"],"X-Vercel-Cache":["HIT"],"Strict-Transport-Security":["max-age=63072000; includeSubDomains; preload"]}}

This is what I see in the logs.

What I noticed is that files are used that should stay out of the rewrite of /mayaseen such as this resource

this should not be:


How can I achieve it?

So it seems like it’s a nextjs app. You’ll need to configure the base path on it to make it work.

1 Like

Thank you !
I will try to handle this.
But another difficulty arose for me.
Since I can’t find enough information to deal with secure on admin api, I decided to do it this way:
:2015 { basicauth /* { admin JDJhJDE0JFhHdGlnNDBBN2U3ZWNYbzNTRVhuUnV6LkYwYS9UQjA3UVNVbEY5RHVBRURUc3E5ZDhOQmx1 } reverse_proxy localhost:2019 { header_up Host {upstream_hostport} header_up X-Forwarded-Host {host} buffer_requests buffer_responses } }

works except that it does not return a response when adding (POST) or deleting data. Do you have any idea how I can fix this?

`curl -X POST “” -H “Content-Type: application/json” -d @test3.json -v -u admin:password-here
Note: Unnecessary use of -X or --request, POST is already inferred.

  • Trying…
  • Connected to ( port 2015 (#0)
  • Server auth using Basic with user ‘admin’

POST /config/apps/http/servers/srv1/routes/ HTTP/1.1
Authorization: Basic YWRtaW46cEBzc3cwcmQ=
User-Agent: curl/7.68.0
Accept: /
Content-Type: application/json
Content-Length: 1846
Expect: 100-continue

  • Done waiting for 100-continue
  • We are completely uploaded and fine
  • Mark bundle as not supporting multiuse`

it stops here

2021/12/19 12:43:27.296 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv1"} 2021/12/19 12:43:27.306 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc00053c690"} 2021/12/19 12:43:28.556 INFO http enabling automatic TLS certificate management {"domains": ["", "", ""]} 2021/12/19 12:43:37.307 ERROR admin stopping current admin endpoint {"error": "shutting down admin server: context deadline exceeded"}

when i cancel request

INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}

Тhank you very much

You can’t proxy to the admin endpoint, because that will cause a deadlock. When the config is being changed, Caddy needs to wait until all incoming connections are closed before it can switch to the new config. Since the request to admin came through the old config, it can’t be closed until that request is done. So you’re stuck.

1 Like

Yes, thank you, I understand. Then how to protect it? Is there a sample configuration?
I tried this, but it doesn’t work:

“admin” : {
“enforce_origin”: true,
“origins” : [“someoriginorkey”]

Do I understand that there is no way or should I put this in another post?

What does “doesn’t work” mean exactly? What requests are you trying, what is their output (use curl -v please) and what do the logs show?

Is it possible to set up another caddy instance to proxy the admin API?

1 Like

That should work.

This topic was automatically closed after 30 days. New replies are no longer allowed.