Tls handshake reverse proxy

1. The problem I’m having:

I have an application that has a specific protocol, and this protocol has tls handshake and tcp data, I need Caddy to handle the handshake and then create another tcp packet with its own certificate, then reverse proxy to my application.

reverse proxy now works well, but I want Caddy to handle the handshake and then forward it to my app with a new handshake that is created from the hostname.uk certificates

2. Error messages and/or full log output:

NONE

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

i installed xcaddy and caddy

a. System environment:

ubuntu/cent os

b. Command:

xcaddy start --config config.json

c. Service/unit/compose file:

None

d. My complete Caddy config:

{
    "logging": {
        "sink": {
            "writer": {
                "filename": "/var/log/caddy/sink.log",
                "output": "file"
            }
        },
        "logs": {
            "default": {
                "writer": {
                    "filename": "/var/log/caddy/default.log",
                    "output": "file"
                }
            }
        }
    },
"apps": {
"http": {
"https_port": 443,
			"servers": {
				"myserver": {
                    "automatic_https": { "disable_redirects":true},
					"listen": [":443",":80"],
					"routes": [
						{
                            "match": [
                                {
                                    "host": [
                                        "hostname.uk"
                                    ]
                                }
                            ],
							"handle": [{
								"handler": "file_server",
								"root": "/var/www"
							}]
						}
					]
				}
			}
		},
		"layer4": {
            "servers": {
                "enterprise": {
                    "listen": [
                        ":443"
                    ],
                    "routes": [
                        {
                            "match": [
                                {
                                    "tls": {
                                        "sni": [
                                            "hostname.uk"
                                        ]
                                    }
                                }
                            ],
                            "handle": [
                                {
                                    "handler": "proxy",
                                    "upstreams": [
                                        {
                                            "dial": [
                                                "localhost:669"
                                            ]
                                        }
                                    ]
                                }
                            ]
                        }
                    ]
                }
            }
        }
	}
}


5. Links to relevant resources:

You should only have :443 in here, not both. It doesn’t make sense to have a server for both HTTP and HTTPS, they should be separate servers.

So you’re saying you want to proxy over HTTPS? Then you need to configure the proxy’s http transport with the tls option enabled. See for example in a Caddyfile:

1 Like