I am trying to serve my internal (no outside access) websocket server over tls. The caddy configuration was working fine without tls on it or the main container (:80). When my client attempts to connect to the server via port 6001 it gets a 502 Bad Gateway response. TLS is working for the main container on port 443.
4. Error messages and/or full log output:
Log was too long for this post, link to log on Pastebin
5. What I already tried:
Lots of googling. I’m pretty new to using caddy so I have not been too sure what to try. I have been trying to find any nugget of information that could lead me downt he right path to a solution
I’m going to guess your issue is that you used https:// here, but your upstream app isn’t actually using HTTPS.
Why are you using a different port for websockets?
You can simplify your setup by multiplexing your app and websockets in the same site, using a matcher to determine if the request is WS or simply normal HTTP.
Try this:
staging.h1.listech.on.ca {
tls /certs/h1/certificate.crt /certs/h1/private.key
# Websockets, if headers match
@ws {
header Connection *Upgrade*
header Upgrade websocket
}
reverse_proxy 172.17.63.2:6001
# Main app
reverse_proxy 172.17.63.5:80
}
Of course, you’ll need to update your frontend config to use wss://staging.h1.listech.on.ca to connect (remove the :6001 port from the connection address)
Not my intention, let me explain further what I’m doing. app is just a normal webserver and I also need a websockets server also available at the same url, I had this working before I attempted tls by using caddy to expose port 6001 but when I added tls to the app container I could no longer access my websocket server. At this point though as per the first responders suggestion removing the additional port and just routing the traffic based on whether it’s https or ws/wss.
I have these two containers that I want exposed via the staging.h1.listech.on.ca url.
Still wasn’t working but I was able to get it going, in a slightly different way. The docs for my websocket server were updated with some more information on using TLS.
I didn’t enable TLS on the websocket server but left it on caddy and proxied as needed, here is my updated caddy file. At this point