Setting up multiple reverse proxies to subdomains with a wildcard cert

1. The problem I’m having:

I’m not really having a problem per se. I never found the exact answer for my use case anywhere so I ended up cobbling together pieces of Caddyfiles until something worked. And it has worked well. But I have a service that apparently falls apart if the Host header isn’t correct, and they say to use proxypreservehost in Apache but I can’t find what the analog would be in Caddy to make it operate the same way.

So I’m willing to scrap my Caddyfile altogether and build it correctly, but I’m finding the Caddy docs a bit hard to navigate and parse.

What I need is…

  • Wildcard subdomain cert compatibility with DuckDNS.
  • Forward auth.
  • Whatever does the same as proxypreservehost in Apache

When I write it out like this it doesn’t seem like much. Check out the Caddyfile I have below to see what I’m doing thus far. Is this a normal way to accomplish my goals? If so, I just need to do whatever mimics proxypreservehost. If not, I’m happy to rewrite the whole thing I just don’t know what the best way is.

(auth) {
        forward_auth authelia:9091 {
                uri /api/verify?rd=
                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email

https://* {
        tls {
                dns duckdns a-secret-key

        @auth host
        handle @auth {
                reverse_proxy authelia:9091

        @home host
        handle @home {
                import auth
                reverse_proxy homepage:3000

        @files host
        handle @files {
                import auth
                reverse_proxy filebrowser:8080

        # Other services are a copy of this pattern

2. Error messages and/or full log output:


3. Caddy version:


4. How I installed and ran Caddy:

Docker via this Dockerfile:

FROM caddy:builder AS builder

RUN xcaddy build \

FROM caddy:latest

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

a. System environment:

Docker on Ubuntu 22.04.2 aarch64.

This is essentially what I have been doing for a year now with 0 issues. Although I would also like input as to if this is the best way of doing things.

That’s the default behaviour in Caddy. See the docs:

You haven’t described the problem you’re having in detail. Enable the debug global option; what’s in your logs for requests to that service?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.