1. Caddy version (
2. How I run Caddy:
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
a. System environment:
Ubuntu 20.04 LTS vanilla baseline install in HyperV VM, only runs Caddy.
echo "deb [trusted=yes] https://apt.fury.io/caddy/ /" \ | sudo tee -a /etc/apt/sources.list.d/caddy-fury.list sudo apt update sudo apt install caddy
c. Service/unit/compose file:
paste full file contents here
d. My complete Caddyfile or JSON config:
# The Caddyfile is an easy way to configure your Caddy web server. # # Unless the file starts with a global options block, the first # uncommented line is always the address of your site. # # To use your own domain name (with automatic HTTPS), first make # sure your domain's A/AAAA DNS records are properly pointed to # this machine's public IP, then replace the line below with your # domain name. :80 # Set this path to your site's directory. root * /usr/share/caddy # Enable the static file server. file_server # Another common task is to set up a reverse proxy: # reverse_proxy localhost:8080 # Or serve a PHP site through php-fpm: # php_fastcgi localhost:9000 # Refer to the Caddy docs for more information: # https://caddyserver.com/docs/caddyfile
3. The problem I’m having:
I have a new caddy server described above on my intranet. I also have an existing (working) Windows DirectAccess VPN solution for my users. Part of that solution requires a 'Network Location Service" be configured, which is basically a secure website that is ONLY accessible from the intranet and NOT resolvable from the internet.
Is it possible to create a website on the caddy server that responds to NLS requests that is automatically secured by LetsEncrypt certificates as Caddy so reliably does, yet unresolvable from the internet? I can change the internal DNS A record to point to the Caddy server once I have it configured properly.
4. Error messages and/or full log output:
5. What I already tried:
I currently have a few different reverse proxy type sites up and running on a separate Caddy server, but I know that for Caddy to acquire and maintain a LetsEncrypt cert, a DNS entry needs to be externally resolvable, which is specifically what I don’t want the DirectAccess clients to be able to do.