V2 reverse_proxy unsecure https upstream server

1. My Caddy version (caddy version):

caddy2_beta20_linux_amd64

Iam running caddy2_beta20 and it works fine for normal usage scenarios. But i do have some upstream servers which are only working with https. Those server have default SSL-Certificates installen (e.g. unifi SDN or unms to name a few). It is not possible to connect via http to these servers. Is there a way to trust those self signed certificates in upstream?

so far,
axp

You can specify transport http and pass the tls and tls_trusted_ca_certs options

reverse_proxy https://your-backend:8080 {
    transport http {
        tls
        tls_trusted_ca_certs <cert_file_path>
    }
}

Note that if you specify https:// on the proxy dial address, tls is implied automatically, so you can omit that in this case.

Thanks for replying so quickly.
Is there not a way to just trust the certificate which is presented by the internal(backend) https endpoint, or maybe it is planned for the future?

so far,
axp

That’s exactly what tls_trusted_ca_certs does.

If you mean “trust any cert”, then use tls_insecure_skip_verify, but that throws away TLS security you would have from actually trusting the cert.

1 Like

Thanks a lot, things are working as expected :slight_smile:

so far,
axp

This topic was automatically closed after 180 days. New replies are no longer allowed.