Why is caddy looking for a certificate when proxifying https to https?

I have a site I access via (this is a docker network). In order to simplify the URLs, I wanted to proxify a FQDN to that site:

https://unifi.example.info {
  proxy / {

My intent was to have Caddy forward the traffic to without terminating the TLS connection itself (the TLS connection is handled by When requesting https://unifi.example.info the call fails with a error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error and I see in Caddy logs

2019/07/31 17:57:26 http: TLS handshake error from no certificate available for 'unifi.example.info'

Why is Caddy looking for a cert while it should simply forward the call?

I think I understood. It looks like the proxy is terminating the TLS call (and thus requiring certs), and then recreating it.

Is there a way to bypass this terminate-recreate part and directly direct the call to the target server?

Sure, use Caddy’s TCP proxy: https://caddyserver.com/docs/net


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.