1. Caddy version (2.51):
2. How I run Caddy:
Docker-Compose stack
a. System environment:
Ubuntu 20.04.4 with Docker
b. Command:
I didnt bother with a caddyfile as I just used the docker-compose “command” parameter on the caddy container with the following:
caddy reverse-proxy --from https://website.com:443 --to http://internal-serve:3300
c. Service/unit/compose file:
version: "3.7"
networks:
pisign-backend-net:
driver: bridge
volumes:
mongodb:
mongodb_config:
media:
data:
caddy_config:
services:
mongo:
image: mongo:4.2.8
container_name: pisign-db
restart: unless-stopped
volumes:
- mongodb:/data/db
- mongodb_config:/data/configdb
ports:
- 27017:27017
networks:
- pisign-backend-net
pisignage-server:
image: pisignage/pisignage-server:latest
container_name: pisign-serve
restart: unless-stopped
volumes:
- media:/media
- data:/data
ports:
- 3300:3000
networks:
- pisign-backend-net
depends_on:
- mongo
caddy:
image: caddy:latest
container_name: pisign-proxy
restart: unless-stopped
command: caddy reverse-proxy --from https://website.com:443 --to http://serve:3300
volumes:
- caddy_config:/data
ports:
- 80:80
- 443:443
networks:
- pisign-backend-net
depends_on:
- pisignage-server
d. My complete Caddyfile or JSON config:
N/A
3. The problem I’m having:
I am trying to have caddy reverse proxy HTTPS to an upstream HTTP service. Caddy is failing to do and responds with 502 from the https domain. My assumption is that since the upstream web server is using basic web authentication and caddy doesn’t know the credentials, it is failing to communicate with that upstream. The preferred behavior is to have the basic web authentication prompt get redirected to the user but I don’t think Caddy is doing that.
4. Error messages and/or full log output:
{"level":"error","ts":1652897854.8645787,"logger":"http.log.error","msg":"dial tcp 172.19.0.4:3300: connect: connection refused","request":{"remote_ip":"65.140.212.200","remote_port":"56117","proto":"HTTP/2.0","method":"GET","host":"subdomain.website.com","uri":"/","headers":{"Sec-Gpc":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Site":["none"],"Dnt":["1"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"subdomain.website.com"}},"duration":0.001015701,"status":502,"err_id":"5jy2zgti7","err_trace":"reverseproxy.statusError (reverseproxy.go:1196)"}
5. What I already tried:
It can correctly reverse proxy to another webserver that doesn’t have basic web-auth. It’s just when going to this particular server that only uses web auth does it fail to proxy correctly.
Nginx can handle redirecting basic web auth requests from an upstream server, so how do I have Caddy do this as well?