1. Output of caddy version
:
v2.5.2 h1:eCJdLyEyAGzuQTa5Mh3gETnYWDClo1LjtQm2q9RNZrs= via the official Docker container
2. How I run Caddy:
Official Docker image from here: Docker Hub
a. System environment:
Docker on Debian 11
b. Command:
caddy run --config /etc/caddy/Caddyfile --adapter caddyfile
c. Service/unit/compose file:
version: "3.7"
services:
caddy:
image: caddy:<version>
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- $PWD/Caddyfile:/etc/caddy/Caddyfile
- $PWD/site:/srv
- caddy_data:/data
- caddy_config:/config
volumes:
caddy_data:
external: true
caddy_config:
d. My complete Caddy config:
https://myapp.localdomain {
reverse_proxy 192.168.10.5:8443
tls /etc/caddy/certs/localdomain.crt /etc/caddy/certs/localdomain.key
transport http {
tls_insecure_skip_verify
}
}
3. The problem I’m having:
When using a basic config to the HTTP port in the app and my custom certificate everything works.
https://myapp.localdomain {
reverse_proxy 192.168.10.5:8000
tls /etc/caddy/certs/localdomain.crt /etc/caddy/certs/localdomain.key
}
However when I try to then proxy to the HTTPS port on the backend which has a self signed cert, ‘caddy verify’ tells me unrecognized directive: transport
and subsequently Caddy will not start. I can indeed connect to 192.168.10.5:8443 manually, so the service is alive and working and showing its self signed cert.
4. Error messages and/or full log output:
/etc/caddy # caddy validate
2022/07/31 16:26:44.091 INFO using adjacent Caddyfile
validate: adapting config using caddyfile: Caddyfile:52: unrecognized directive: transport
5. What I already tried:
I have tried many multiple permutations based on forums posts. The docs indicate my configuration is correct. reverse_proxy (Caddyfile directive) — Caddy Documentation I have tried with both with and without the ‘tls’ directive within the transport section though without seems adequate as the docs state " * tls uses HTTPS with the backend. This will be enabled automatically if you specify backends using the https://
scheme or port :443
, or if any of the below tls_*
options are configured.
Also variations on this
https://myapp.localdomain {
reverse_proxy 192.168.10.5:8443 {
tls /etc/caddy/certs/localdomain.crt /etc/caddy/certs/localdomain.key
transport http {
tls_insecure_skip_verify
}
}
}
or
https://myapp.localdomain {
tls /etc/caddy/certs/localdomain.crt /etc/caddy/certs/localdomain.key
reverse_proxy 192.168.10.5:8443 {
transport http {
tls_insecure_skip_verify
}
}
}
This instead gives the error validate: decoding config: unexpected end of JSON input
.
Inspired by this:https://pydio.com/en/docs/kb/deployment/running-cells-behind-caddy2-reverse-proxy