Docker or Service
Paste command here.
Paste full file contents here. Make sure backticks stay on their own lines, and the post looks nice in the preview pane.
Paste config here, replacing this text. Use `caddy fmt` to make it readable. DO NOT REDACT anything except credentials. LEAVE DOMAIN NAMES INTACT. Make sure the backticks stay on their own lines.
Traffic between Client and Caddy is beautifully encrypted. But
If there’s a network intrusion (eavesdropping) traffic between Caddy and Http server is not encrypted.
What Is the best practice to avoid that? (or Am I totally missing something)
1- Docker-compose context: I believe that if Caddy and the Targeted server are both configured i nthe same file, Redirection to the ‘‘docker container’’ is made internally (Like the suggested configuration for Vaultwarden). Is this one way to go?
2- Localhost context: If caddy is running on the server itself, doing a: ‘‘localhost’’/127.0.0.1:Port will it keep the packets inside the server without worries?
3- Vlan twist:
-A vlan is configured to allow only Caddy server and target server(s) to be possible. (limited CIDR range)
-Traffic between LAN/other Vlans to this VLAN only allow traffic toward Caddy and 443port
Will this prevent anything? I doubt so.
Sorry for the formatting, since this is not a ‘‘bug’’ but rather looking for best practices.