Caddy: Reverse Proxy

Caddy (opens new window) makes setting up a reverse proxy with Automatic HTTPS (opens new window) very trivial as the examples below show. They both:

# Prerequisites

  • Setup DNS records to point to the server that is going to run Caddy. This is the simpler approach and that used in the examples. See DNS Challenge (opens new window).
  • The certificates obtained are stored on disk in the folder $HOME/.caddy or, if $HOME is not set, in the current working directory of the caddy process in a folder named .caddy. If you're running Caddy via Docker, it's a good idea to make sure you use volumes for this.

# Development Caddyfile

When you're initially developing it's a good idea to test against the staging/development url, see Testing, developing, and advanced setups (opens new window). We do this by specifying the ca as https://acme-staging-v02.api.letsencrypt.org/directory, otherwise it is identical to the production Caddyfile.

bana.io www.bana.io {
  proxy /api backend:8080 {
    websocket
    transparent
  }

  tls bana@bana.io {
    ca https://acme-staging-v02.api.letsencrypt.org/directory
  }

  log stdout
  errors stderr

  browse
  gzip
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

# Production Caddyfile

bana.io www.bana.io {
  proxy /api backend:8080 {
    websocket
    transparent
  }

  tls bana@bana.io

  log stdout
  errors stderr

  browse
  gzip
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14

# Run

Use the caddy-docker (opens new window) Docker image or:

caddy --conf Caddyfile --log stdout --agree=yes
1
Last Updated: 7/3/2021, 2:36:44 PM