Thanks to both of you.
I currently have it set to this:
Caddy #1:
# ...
*.example.com {
@test host test1.example.com test2.example.com
handle @test {
reverse_proxy https://192.168.10.5:443
}
}
Caddy #2:
*.example.com {
tls internal
@test1 host test1.example.com
handle @test1 {
reverse_proxy http://test1:8080
}
@test2 host test2.example.com
handle @test2 {
reverse_proxy http://test2:8081
}
}
But it fails to work.
Logs:
{"level":"debug","ts":1742685435.7805002,"logger":"events","msg":"event","name":"tls_get_certificate","id":"38abc1bd-0136-438f-8b75-7fe7c788ae9d","origin":"tls","data":{"client_hello":{"CipherSuites":[49195,49199,49196,49200,52393,52392,49161,49171,49162,49172,4865,4866,4867],"ServerName":"","SupportedCurves":[25497,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[2052,1027,2055,2053,2054,1025,1281,1537,1283,1539,513,515],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"RemoteAddr":{"IP":"192.168.10.2","Port":37566,"Zone":""},"LocalAddr":{"IP":"172.18.0.2","Port":443,"Zone":""}}}}
{"level":"debug","ts":1742685435.7805333,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"172.18.0.2"}
{"level":"debug","ts":1742685435.7805414,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","remote_ip":"192.168.10.2","remote_port":"37566","server_name":"","remote":"192.168.10.2:37566","identifier":"172.18.0.2","cipher_suites":[49195,49199,49196,49200,52393,52392,49161,49171,49162,49172,4865,4866,4867],"cert_cache_fill":0.0001,"load_or_obtain_if_necessary":true,"on_demand":false}
{"level":"debug","ts":1742685435.780636,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.168.10.2:37566: no certificate available for '172.18.0.2'"}
{"level":"debug","ts":1742685435.8219447,"logger":"events","msg":"event","name":"tls_get_certificate","id":"ea9f250e-fc40-40e7-b8d9-1c35511b07c0","origin":"tls","data":{"client_hello":{"CipherSuites":[49195,49199,49196,49200,52393,52392,49161,49171,49162,49172,4865,4866,4867],"ServerName":"","SupportedCurves":[25497,29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[2052,1027,2055,2053,2054,1025,1281,1537,1283,1539,513,515],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"RemoteAddr":{"IP":"192.168.10.2","Port":37580,"Zone":""},"LocalAddr":{"IP":"172.18.0.2","Port":443,"Zone":""}}}}
{"level":"debug","ts":1742685435.821979,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"172.18.0.2"}
{"level":"debug","ts":1742685435.8219862,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","remote_ip":"192.168.10.2","remote_port":"37580","server_name":"","remote":"192.168.10.2:37580","identifier":"172.18.0.2","cipher_suites":[49195,49199,49196,49200,52393,52392,49161,49171,49162,49172,4865,4866,4867],"cert_cache_fill":0.0001,"load_or_obtain_if_necessary":true,"on_demand":false}
{"level":"debug","ts":1742685435.8220563,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.168.10.2:37580: no certificate available for '172.18.0.2'"}
Is there a way to adjust the headers so it can send the correct host it matched with?