I’m trying to set up a reverse proxy for Subsonic, to take advantage of caddy’s awesome automatic SSL support. I’m having a few issues, though.
I first set up the proxy to subsonic via http. This worked fine when I added the transparent keyword to my caddyfile. However, all links generated by the subsonic app were http, so firefox would refuse to load them due to being mixed content. (I presume they would have redirected to https versions if firefox HAD tried to load them, right?)
So after that I enabled subsonic’s https mode, which comes with a self signed cert. It’s running on port 8443, and if I tell wget to ignore the self signed cert, it can connect to localhost:8443 fine. When I told caddy to do the same:
Also, consider using the log and errors directives, the latter may be particularly helpful in cases of 502s since it can shed some light on why Caddy can’t talk to the upstream.
Adding https sounded like a very promising suggestion, but sadly no dice. One thing I did learn was that the redirect from / to /index.view happens even when subsonic is not running. Does caddy do some kind of caching of that sort of thing?
After I added the log and error directives, though, caddy started failing to recieve the SAN bundle during startup.
EDIT: Excuse all that rubbish. I didn’t understand the caddyfile format and put log and error outside of my domain block. I put them inside and now caddy is working again.
It seems that Firefox was caching the redirect from / to /index.view, as it doesn’t appear in either access or error logs from caddy nor does it happen in a private browsing window. In either case, it doesn’t matter because / gives a 502 as well.
EDIT 2: Oh my god, subsonic had somehow closed its sockets while still running! How?! Why?! Anyway, I restarted it, and now it’s working. It must have been the https://. I’m going to make a pull request for the docs to add an example for using https:// on the backend specifier to help stop others like me falling into this trap.
Thank you so much for your help. You’re doing amazing work here.
No worries. I had a hunch it was the case, but wasn’t 100% sure - you’re using a non-standard HTTPS port and didn’t specify scheme, which leaves behind a kind of “implicit HTTP”; naturally, talking HTTP to a HTTPS listener won’t get you far!