Prologue
To be clear, I’m not asking for help: the Context section below is for context not for “help”. I’m asking only for a yes/no question if Caddy can do this or not (and perhaps link to the Caddy documentation if yes or alternative approach if not).
Google’s understanding is that it cannot (at least not alone but it might with some plugins currently in beta). Since that answer shocks me, since this seems such a simple thing, and Caddy has a reputation for being able to do “anything” and in a very easy way, I’m looking for an authoritative and up-to-date as of today answer: maybe Google’s findings are out of date.
Context
I’ve a web app (Open OnDemand, aka OOD, FWIW) installed and configured in a private network. OOD is already working correctly and it uses https with its own certificates and does some redirects to itself, e.g. from port 80 to port 443 and dex for LDAP auth, etc. Everything in this private network works just fine.
Now I want to make OOD available outside of that private network (not to the internet, but to a larger, and still private network). For this purpose, I wanted to use Caddy, running on the only server in that network that is visible from the “outside”. So on that server, I configured this simple Caddyfile:
{
debug
}
ood.internal.lab {
tls internal
reverse_proxy 10.1.1.130
}
Unlike the internal DNS (which points to the actual OOD server), the outside DNS for ood.internal.lab points to the IP of the “visible” server. Packets reach that server and I was expecting the above Caddyfile to act as a simple passthrough (in both directions) for all packets requesting URLs in that domain. Instead, Caddy does lots of stuff which I don’t want it to do (e.g. changing the certificate).
Question
Can Caddy simply pass all the traffic “as is” without doing absolutely anything to it, other than inspecting packets and make sure they go to the right place? If so, can you point me to the documentation for configuring such a thing? If not can you please point me to an alternative tool able to do that?
Thanks!