Using Caddy as a forward proxy

Hi,
I am trying to use Caddy as a forward proxy (using the forward proxy plugin). Things work fine when Caddy goes to internet directly. But when I use a upstream proxy (proxy chaining), accessing plain http websites result in a “502 Bad Gateway” error. Able to access secure/https websites without any issues.
Caddyfile contents below:

localhost:8080 {
 log / stdout "{combined}"
 forwardproxy {
  upstream https://myproxy.net/
 }
}

Would like to know whether the upstream proxy feature is supported for plain http sites or not.
Appreciate your response/help.

Thanks,
Radha

Hi @Radha, welcome to the Caddy community.

The docs mention that it only supports remote HTTPS targets for the upstream proxy feature.

upstream [https://username:password@upstreamproxy.site:443]
Sets upstream proxy to route all forwardproxy requests through it. This setting does not affect non-forwardproxy requests nor requests with wrong credentials. Upstream is incompatible with acl and ports subdirectives.
Supported schemes to remote host: https.
Supported schemes to localhost: socks5, http, https(certificate check is ignored).
Default: no upstream proxy.

https://github.com/caddyserver/forwardproxy

Is that what you’re referring to?

Hi @Whitestrake,
Thanks for your response. Yes, I am referring to the upstream property only.
The documentation says - “Supported schemes to remote host: https”
I took the remote host to mean the upstream remote proxy.
For instance, if I configure the upstream proxy URL as “http://myproxy.net” (which resolves to a remote IP address), Caddy throws an error as shown below:
“2019/07/12 17:31:55 insecure schemes are only allowed to localhost upstreams”
When I configure the upstream property to use a secure upstream proxy, I am able to access all https websites. But plain http sites aren’t accessible.
Does the “remote host” mean both the upstream proxy as well as the actual origin/webserver ?

Thanks,
Radha

Hey @Radha, I’ve been a bit too busy to look further at this one in the past few days.

You might want to open an issue at https://github.com/caddyserver/forwardproxy describing the problem - sounds like it’s possibly a bug of some kind.