Simple Reverse-Proxy Config for V2

1. My Caddy version (caddy -version): v2.0.0-beta11 h1:NVHnPAdZPt6OUBMltUMe2DWVsyYRbeE6NxhCm3AjGT8=

Trying to figure out how to use the Reverse Proxy functionality of Caddy v2 and the following works perfectly:

caddy reverse-proxy --from localhost:3000 --to https://www.starryhope.com

However, I can’t figure out how to do the same thing with a Caddyfile. This Caddy file seems to be close but the response to the browser is never returned. What am I missing?

localhost:3000
tls off
root html

reverse_proxy / {
    to www.starryhope.com:433
    header_up -Accept-Encoding
    transport http {
        tls
    }
}

Thanks in advance!

1 Like

HTTPS is on port 443, not 433.

You also don’t need tls off since it can’t be enabled automatically for localhost anyway. :slight_smile:

I knew it had to be something stupid on my end! Thanks!

Oddly enough, this still does not work.

localhost:3000
root html

reverse_proxy / {
    to www.starryhope.com:443
    header_up -Accept-Encoding
    transport http {
        tls
    }
}

With or without the header_up line. It returns a 403 error from Cloudfront. Other sites don’t work as well. What’s the difference between this config and the reverse-proxy command from the CLI?

The command will propagate the Host header to the upstream:

header_up Host {host}

You can also drop /:

reverse_proxy {
    ...
}

Still can’t get it to work. Sigh :frowning:

localhost:3000

reverse_proxy {
    to www.starryhope.com:443
    header_up Host {host}
    transport http {
        tls
    }
}

I figured it out based on the json config that the reverse-proxy command generates.

For a simple proxy, you can use the following config

localhost:3000

reverse_proxy {
    to www.example.com:443
    header_up Host {http.reverse_proxy.upstream.host}
    transport http {
        tls
    }
}

If you want to just proxy a certain path, you can do something like this

localhost:3000

reverse_proxy /api/ {
    to www.example.com:443
    header_up Host {http.reverse_proxy.upstream.host}
    transport http {
        tls
    }
}

file_server {
    root html
}
2 Likes

What about JSON format - does anyone have a solution to do the exact same thing (reverse proxy) but in Caddy’s native JSON config format ?

Here is my attempt:

Actually let me amend my question: I want to be able to point both mydomain1.com and mydomain2.com to the same caddy server (running in docker-compose) and have each domain serviced by a different docker container/service OR serviced at different ports.

What would the Caddy v2 JSON config look like? my attempt (see github repo) works for one domain/IP but I can’t find documentation to help me expand that so that I can serve multiple domains on a single IP

Caddy automatically adapts your Caddyfile to JSON when it runs for its own internal use, just without showing you the conversion.

You can tell it to output the conversion so you can start with a Caddyfile and then see how it looks in JSON.

So try something like this:

site1.example.com {
  reverse_proxy * localhost:8080
}

site2.example.com {
  reverse_proxy * localhost:8081
}

And then run: caddy adapt --config /path/to/Caddyfile --pretty --validate

https://caddyserver.com/docs/command-line#caddy-adapt

2 Likes

Thank you, that little tip has helped enormously. I will give that a shot and report back

I was able to fix my issue by using caddy adapt --config Caddyfile --pretty to discover what Caddy v2 expects as correct JSON. But I also realized some of the documentation and wiki content had the particular information I was looking for. I hope the documentation will be fully centralized soon.

I would like to register appreciation for the guys working on this, esp. Matt. KUDOS

2 Likes

Great, glad to hear! Yes, I’m finishing up some breaking changes in the Caddyfile to fix some design flaws that remained from v1, and then I will be writing new documentation for it on our website. That awful wiki page will go away eventually.

Thanks :slightly_smiling_face: - consider sponsoring the project, if you would like! https://github.com/sponsors/mholt (it’s my full-time job and as of right now can only work on it full-time for a few more weeks at this rate)

2 Likes

matt: I have almost the same question - as far I did not get completely HOWTO to make transparent reverse proxy, I want to ask you n’ other gurus to help me, if its possible:
I have myhost.tld:443 with external real IP address, and I have http (not https) web-file server (HFS, in case of interest), that is running in local network only (192.168 - accessible by that myhost.tld). I want to set-up rule in caddy that will enable downloading files THROUGH the myhost.tld - redirecting request to local 192 HFS.
I mean it - if I browse https://myserver.tld/files - I see root of 192 HFS server, if I browse /files/myproject - caddy should repost this request to 192 HFS server.
And - when I’ll download file from that /files section on myhost.tld -> redirected to 192 HFS server - the download should be completed in HTTPS transport, not 192’s HTTP.
Big plus should be to set-up browse list DISABLE rule, too, like - if you have url with file - you get this file, if you want to browse https://myhost.tld/files - you’ll get error 404 or something like that.

Can you, or someone else, provide such rule set for caddy v1 ?

Thanks in advance!

Caddy’s v1 proxy can do all of these.

I’d avoid the term “redirecting” here - in the context of a web server, a redirect means a specific status response containing a header instructing the client to browse to a different URL instead.

But yes, this is how the default proxy functions. You access Caddy, it passes the request through to the upstream server (local 192 HFS).

A very simple proxy has this behaviour.

With this reverse proxy you will be talking HTTPS to Caddy but you’re getting your upstream server’s actual content. So yes, downloading a file from your HTTP server, but through the HTTPS connection to Caddy. You should see the green padlock in your browser, etc.

If you have url with file - you get this file: this is a redirect if it’s visible to the browser - i.e. your URL bar updates to the correct URL - or a rewrite if it’s invisible, i.e. you simply get the other file instead without your browser’s URL bar updating.

If you want to browse /files - you’ll get error 404: this can be done with the status directive. You can specify a path like /files and have that whole section produce a 404 result if you want.

https://caddyserver.com/v1/docs/proxy
https://caddyserver.com/v1/docs/redir
https://caddyserver.com/v1/docs/rewrite
https://caddyserver.com/v1/docs/status

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.