1. Caddy version (caddy version
):
Any
2. How I run Caddy:
Docker or Service
a. System environment:
Deb, docker
b. Command:
Paste command here.
c. Service/unit/compose file:
Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.
d. My complete Caddyfile or JSON config:
Paste config here, replacing this text.
Use `caddy fmt` to make it readable.
DO NOT REDACT anything except credentials.
LEAVE DOMAIN NAMES INTACT.
Make sure the backticks stay on their own lines.
3. The problem I’m having:
Traffic between Client and Caddy is beautifully encrypted. But
If there’s a network intrusion (eavesdropping) traffic between Caddy and Http server is not encrypted.
What Is the best practice to avoid that? (or Am I totally missing something)
4. Error messages and/or full log output:
5. What I already tried:
1- Docker-compose context: I believe that if Caddy and the Targeted server are both configured i nthe same file, Redirection to the ‘‘docker container’’ is made internally (Like the suggested configuration for Vaultwarden). Is this one way to go?
2- Localhost context: If caddy is running on the server itself, doing a: ‘‘localhost’’/127.0.0.1:Port will it keep the packets inside the server without worries?
3- Vlan twist:
-A vlan is configured to allow only Caddy server and target server(s) to be possible. (limited CIDR range)
-Traffic between LAN/other Vlans to this VLAN only allow traffic toward Caddy and 443port
Will this prevent anything? I doubt so.
Sorry for the formatting, since this is not a ‘‘bug’’ but rather looking for best practices.
Thank you