Running a Caddy server behind another [SOLVED]

1. Caddy version (caddy version): v2

2. How I run Caddy:

In a LXC Container

a. System environment:

Ubuntu 20.04 Container

3. The problem I’m having:

I have a need to run another webserver running on a separate VM. My primary Caddy server is primarily used for reverse proxy & has been serving me well.

I need help to configure this primary Caddy Server to proxy all requests to the 2nd Caddy server for

5. What I already tried:

i tried the proxy directive, but i guess thats not supported in v2

Any idea how i can get this working will LE?


See the docs.

Thanks. I tried this but the reverse proxy doesnt seem to work

On my main Caddy Server I have this {

& on the server where cloud is running, this is my caddyfile {
        encode zstd gzip
        file_server browse
        root * /usr/share/caddy

        # Enable the static file server.
        # file_server

        # Another common task is to set up a reverse proxy:
        # reverse_proxy localhost:8080

        # Or serve a PHP site through php-fpm:
        # php_fastcgi localhost:9000

When I restart my main caddy, i’m unable to reach the cloud server

You’ll probaby need to specify for your upstream server, since the one in front will terminate TLS.

I’m really sorry. I dont understand

I have specified the IP of the Main Server ( in Unbound as the Override (Is this the Upstream Server>?) So all traffic that hits my firewall for hits this server. I guess this is where the LE cert is generated.

The 2nd server (Downstream?) another Caddy instance is running

If you please dont mind can you please let me know what my Caddyfile should look like?

On your main server, use this (as you already have): {

On your backend/upstream, use this: {
	root * /usr/share/caddy
	encode zstd gzip
	file_server browse

Your backend will not fetch a certificate from Let’s Encrypt, because it doesn’t need one, since your first one will be doing it. Specifying http:// will tell Caddy not to manage a TLS certificate for that domain, and will make sure it’s serving the site over port 80 instead of 443 (your first one will try to proxy on port 80 because you specified http:// on the upstream address).

You want to make sure your domain name resolves to the frontend Caddy IP ( from inside your network (split-DNS).


Thank you very much … that worked

Yes, i have that. thanks

This topic was automatically closed after 30 days. New replies are no longer allowed.