Ssl for domain wildcard and Reverse proxy for subdomains?

1. My Caddy version (caddy -version):

hub.docker.com/r/abiosoft/caddy

2. How I run Caddy:

docker run -p 443:443 -p 80:80 -p 2015:2015 -v myPathToCaddyfile:/etc/Caddyfile abiosoft/caddy:latest

my Caddyfile:

a. System environment:

Docker version 18.09.7, build 2d0083d

OS, relevant versions, systemd? docker? etc.

b. Command:

paste command here

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile:


sub1.mydomain.com {
        tls myRealEmail@email.com
        proxy / 192.168.1.48:8080 {
                transparent
                websocket
        }
}
sub2.mydomain.com {
        tls myRealEmail@email.com
        proxy / 192.168.1.48:8910 {
                transparent
                websocket
        }
}
sub3.mydomain.com {
        tls myRealEmail@email.com
        proxy / 192.168.1.48:3000 {
                transparent
                websocket
        }
}

3. The problem I’m having:

i just wat to ssl my full domain like
*.mydomain.com (tls my@email.com)

and proxyfy subdomains like

proxy sub1.mydomain.com 192.168.1.48:3000 {transparent}

my actual config said im exceding letencrypt limits
and im looking this is giving a certificate for each sub#

Please describe the issue thoroughly enough so that anyone can reproduce the exact behavior you’re seeing. Be as specific as possible.

4. Error messages and/or full log output:

Please DO NOT REDACT any information except passwords/keys.

5. What I already tried:

6. Links to relevant resources:

Hi @Matias_Gumma, welcome to the Caddy community!

This is doable one of two ways. Both will require DNS validation. One is a bit complicated. The simpler way would be to just add this to each site block:

  tls {
    dns [provider]
    wildcard
  }

Caddy will then pretend each one is a wildcard site for the purposes of fetching and presenting the certificate, so if they’re all the same registered domain, Caddy will use one cert.

The more complicated way:

*.example.com {
  tls email@example.com {
    dns [provider]
  }

  rewrite {
    # prefix uri with subdomain
    to /{label1}{uri}
  }

  proxy /sub1 192.168.1.48:8080 {
    transparent
    websocket
    without /sub1
  }
  proxy /sub2 192.168.1.48:8910 {
    transparent
    websocket
    without /sub2
  }
  proxy /sub3 192.168.1.48:3000 {
    transparent
    websocket
    without /sub3
  }
}

With this method we use a rewrite and a {labelN} placeholder to prefix the subdomain to the URI so that the proxy can pick it up, and then we discard the prefix again when we proxy out.

This has the benefit of keeping it all in one site block but the caveat that you’ll want to handle unknown subdomains somehow.

https://caddyserver.com/v1/docs/tls
https://caddyserver.com/v1/docs/rewrite
https://caddyserver.com/v1/docs/placeholders

1 Like