Windows, Cloudflare and Caddy as a reverse proxy

I’m having some trouble with Cloudflare and Caddy, i want to use Caddy as my reverse proxy, but i still want to use Cloudflare (protection etc).

My config:

mydomain.com {
	log ./logs/access.log
	proxy / 127.0.0.1:8443
}

When i try to visit the website, i’m getting an 502 error from Cloudflare, and Caddy logs the following: 07/May/2017:09:01:23 +0200 [ERROR 502 /] EOF.

The backend is a node.js app, and the app is working fine. Any idea what i’m doing wrong here?

Looks like CloudFlare is passing on the 502 from Caddy, it might be having some problem connecting to your app. Try grey-cloud the site and re-test it first to rule out a CloudFlare issue, then do a manual request from the Caddy host to 127.0.0.1:8443 and see what you get (header-wise too).

I disabled Cloudflare, so no HTTP proxy, DNS only, then it is working fine, page loads, views are rendered etc.

When i enable the CF HTTP Proxy again i get again the 502.

What’s your CloudFlare SSL level set to in the Crypto settings? It should be Full or Full (Strict).

Okay never mind, i’m just stupid (╯°□°)╯︵ ┻━┻

I had HSTS enabled, and forgot to delete the HSTS entry for my domain in chrome. Now everything is working fine!

Config for Cloudflare:

SSL: Full (strict)
Authenticated Origin Pulls: On
Opportunistic Encryption: On
HTTP Strict Transport Security (HSTS):
Status: On
Max-Age: 1 month
Include subdomains: On
Preload: On
No-sniff: On

Caddy Config:

preview.jerome724.com {
	# Access Logs
	log ./logs/access.log

	# Error Logs
	errors ./logs/error.log

	# Enable gzip
	gzip {
		level 5
	}

	# Set security headers / custom headers
	header / {
		Server "Caddy Server"
	}

	# Minify content except /api
	minify / {
		if {path} not_match ^(\/api).*
	}

	# TLS
	tls {
			dns cloudflare
	}

	# Set max requestbody size
	maxrequestbody {
		/ 500KB
	}
	
	# Rate Limit all requests
	# 5 requests/second, burst 10 requests/second
	ratelimit / 5 10 second

	# Reverse Proxy
	proxy / 127.0.0.1:8443 {
		header_upstream Host {host}
		header_upstream X-Real-IP {remote}
		header_upstream X-Forwarded-For {remote}
		header_upstream X-Forwarded-Proto {scheme}
	}
}

My node.js app (HapiJS) has no SSL!

const server = new Hapi.Server({
	debug: {
		request: ['error']
	}
});

server.connection({
	host: Config.web.server.host,
	port: Config.web.server.port,
});

In case someone has the same problem.

Thanks for your help @Whitestrake

Can be closed :slight_smile:

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.