Caddy: Reverse Proxy
Caddy makes setting up a reverse proxy with Automatic HTTPS very trivial as the examples below show. They both:
- Proxy all, including WebSocket, traffic from [https://bana.io/api] to a server called
backend
listening on port8080
, see http.proxy. - Enables directory browsing, see http.browse.
- Enables gzip compression http.gzip.
- Turn on request logging, see http.log.
- Enable error logging. Although this isn't strictly needed, it helps to turn it on, see http.errors.
# Prerequisites
- Setup DNS records to point to the server that is going to run Caddy. This is the simpler approach and that used in the examples. See DNS Challenge.
- The certificates obtained are stored on disk in the folder
$HOME/.caddy
or, if$HOME
is not set, in the current working directory of thecaddy
process in a folder named.caddy
. If you're running Caddy via Docker, it's a good idea to make sure you use volumes for this.
# Development Caddyfile
When you're initially developing it's a good idea to test against the staging/development url, see Testing, developing, and advanced setups. We do this by specifying the ca
as https://acme-staging-v02.api.letsencrypt.org/directory
, otherwise it is identical to the production Caddyfile
.
bana.io www.bana.io {
proxy /api backend:8080 {
websocket
transparent
}
tls bana@bana.io {
ca https://acme-staging-v02.api.letsencrypt.org/directory
}
log stdout
errors stderr
browse
gzip
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Production Caddyfile
bana.io www.bana.io {
proxy /api backend:8080 {
websocket
transparent
}
tls bana@bana.io
log stdout
errors stderr
browse
gzip
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
2
3
4
5
6
7
8
9
10
11
12
13
14
# Run
Use the caddy-docker Docker image or:
caddy --conf Caddyfile --log stdout --agree=yes
1