Caddy: Reverse Proxy

Caddy makes setting up a reverse proxy with Automatic HTTPS very trivial as the examples below show. They both:

  • Proxy all, including WebSocket, traffic from [https://bana.io/api] to a server called backend listening on port 8080, see http.proxy.
  • Enables directory browsing, see http.browse.
  • Enables gzip compression http.gzip.
  • Turn on request logging, see http.log.
  • Enable error logging. Although this isn't strictly needed, it helps to turn it on, see http.errors.

# Prerequisites

  • Setup DNS records to point to the server that is going to run Caddy. This is the simpler approach and that used in the examples. See DNS Challenge.
  • The certificates obtained are stored on disk in the folder $HOME/.caddy or, if $HOME is not set, in the current working directory of the caddy process in a folder named .caddy. If you're running Caddy via Docker, it's a good idea to make sure you use volumes for this.

# Development Caddyfile

When you're initially developing it's a good idea to test against the staging/development url, see Testing, developing, and advanced setups. We do this by specifying the ca as https://acme-staging-v02.api.letsencrypt.org/directory, otherwise it is identical to the production Caddyfile.

bana.io www.bana.io {
  proxy /api backend:8080 {
    websocket
    transparent
  }

  tls bana@bana.io {
    ca https://acme-staging-v02.api.letsencrypt.org/directory
  }

  log stdout
  errors stderr

  browse
  gzip
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

# Production Caddyfile

bana.io www.bana.io {
  proxy /api backend:8080 {
    websocket
    transparent
  }

  tls bana@bana.io

  log stdout
  errors stderr

  browse
  gzip
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14

# Run

Use the caddy-docker Docker image or:

caddy --conf Caddyfile --log stdout --agree=yes
1
Last Updated: 9/30/2022, 6:21:49 PM