Second domain reverse proxy can't connect, accessible through local IP

www.com.au · January 5, 2025, 3:34pm

1. The problem I’m having:

Adding a second domain to an already working caddy setup, to point to a wordpress install won’t work.

For some reason the url reroutes to the same url while adding the port. i.e. example.com becomes example.com:8080 in the header.

I have spent hours troubleshooting this and going every possible thing that could be wrong. I’ve rerolled all the tokens, checked the zones, checked the port forwarding, caddyfiles, api tokens, env var, wordpress site url, https settings on the domain, dns records…

2. Error messages and/or full log output:

ERR_CONNECTION_TIMED_OUT

3. Caddy version:

v2.9.0 h1:rteY8N18LsQn+2KVk6R10Vg/AlNsID1N/Ek9JLjm2yE=

4. How I installed and ran Caddy:

Installed on ubuntu, run as systemd on start up to serve traffic from outside the network to two machines via two URLs.

a. System environment:

systemd on Ubuntu 22.04 on amd64. Website backend is in docker for one of the URLs (i.e. wordpress stack) while the other url is all hosted on ubuntu, including caddy. These are hosted on a different machine on the same network than the one the docker instance is running on.

b. Command:

systemctl restart caddy
systemctl daemon-reload

d. My complete Caddy config:

mitchflix.net {
	reverse_proxy IP_ADDRESS:8096
	tls {
		issuer acme {
			dns cloudflare {env.TOKEN_1}
			resolvers 1.1.1.1
			propagation_delay 60s
			propagation_timeout -1
		}
	}
}

rhysnroll.net {
	reverse_proxy http://IP_ADDRESS:6789/
	tls {
		issuer acme {
			dns cloudflare {env.TOKEN_2}
			resolvers 1.1.1.1
			propagation_delay 60s
			propagation_timeout -1
		}
	}
}

5. Links to relevant resources:

You may noticed I have changed the second URL to include http:// - I’ve been troubleshooting and trying out everything possible to get this to work. One of the suggestions was to change the url back to http to see if there was something dodgy going on with SSL but it didn’t work with or without it.

fds · January 5, 2025, 10:18pm

The webserver or WordPress is probably getting confused by the
Host header getting passed over verbatim. Try something like this?

reverse_proxy 192.168.1.41:6789 {
		header_up Host {upstream_hostport}
}

www.com.au · January 6, 2025, 1:29am

Hi @fds, thanks for your reply!

Your reply sent me down a rabbit hole of learning which got me to a solution!

What you were suggesting was correct - the error was being caused by the wordpress backend expecting HTTPS; this was my fault. In the wordpress settings I set the “Site” and “Wordpress” URL settings to “https://example.com” instead of “http://example.com”.

While your solution does work by appending the required additional information to the request that is passed through from the client outside my network, the much easier fix was just to change my wordpress settings to expect a HTTP request. (by setting the URL to http://example.com)

I have decided to go with this solution instead, as the Caddy documentation states that:

“Proxying over HTTP in private networks is preferred if possible, because it avoids the false sense of security.”

This is currently working with my Caddyfile changed from above so that the internal IP being reverse proxied no longer includes “http://”, i.e.

rhysnroll.net {
	reverse_proxy 192.168.1.99:8080
	tls {
		issuer acme {
			dns cloudflare {env.CF_API_TOKEN_2}
			resolvers 1.1.1.1
			propagation_delay 60s
			propagation_timeout -1
		}
	}
}

system · February 5, 2025, 1:29am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.