Reputation: 2241
502 when redirecting from one caddy to another
So I have a Master caddy which redirects to another servers inside the LAN.
The current configuration of the Master is like the following:
http://example.com {
proxy / http://192.168.1.153:80 {
transparent
}
}
https://example.com {
proxy / https://192.168.1.153:443 {
transparent
}
}
And the configuration of the caddy at 192.168.1.153 is the following:
http://example.com, https://example.com {
root /example.com
}
http://example.com works fine but https://example.con gives 502 Bad Gateway.
If i use insecure_skip_verify I receive 403... And I don't want to use it anyway.
Both 80 and 443 are open on the router and redirecting to the Master caddy. There must be something wrong with my configuration but I cannot see what is it.
PD
I have tried:
192.168.1.153:443
None seem to work.
Updated with solution
http://example.com {
redir https://{host}{uri}
}
https://example.com {
proxy / 192.168.1.153:80 {
transparent
}
}
This also redirects 80 to 443, but the catch is that the "slave" on 192.168.1.153 must respond on port 80, not on 443. Because the 80 gets "upgraded" to 443 on the master caddy.
Upvotes: 0
Views: 4022
Answers (2)
Reputation: 371
It is possible to proxy to another HTTPS backend with encryption the entire way.
You just need to specify the SNI to send to the backend server.
Using Caddy v2:
http://exmaple.com {
reverse_proxy http://192.168.1.153
}
https://example.com {
reverse_proxy https://192.168.1.153 {
transport http {
tls_server_name example.com
}
}
}
On the backend, just listen as usual:
example.com {
# Do whatever here
}
Upvotes: 0
Reputation: 1248
Of course that will not work. You have at least 2 servers each with a different IP. So, let me explain it to you.
One server has its IP binded to the dns example.com so it is ok for its Caddyfile to listen at http://example.com. Also, this caddyfile redirects to the server with the IP 192.168.1.153 (the second server).
The second server neither has the dns example.com binded to its IP nor should it listen at that dns. Instead you should change its listerner at its IP or just define the port. Here is how the second caddyfile should look like.
:80 {
tls off
root /example.com
}
Regarding enabled SSL You are not assigning certificates for SSL so it does not make sense to add https:// or even listeners at 443. Keep it in http until you get certificates.
Upvotes: 1
Related Questions
- How to configure Caddy 2 in docker-compose file to do reverse proxy without a bind mounted Caddyfile?
- How to use caddy as reverse proxy for local domain with https
- Caddy as reverse proxy to rewrite a http redirect url from an upstream response
- Caddy - How to disable https only for one domain
- Caddy rewrite and redir
- HTTPS Connection gives Privacy error in Browser. - Caddy Server
- How to serve both http and https with Caddy?
- Caddy with Cloudflare 502 bad gateway error
- Apache proxy_http:error 502
- Caddy server:multiple proxies for same site