Closed sy2un closed 4 years ago
Yeah, you need both the certificate (public key + stuff) and the key file (private key) to make a successful mTLS connection with the upstream. So, don't delete it.
In the future, ask questions about how to use Caddy on our forum: https://caddy.community - thanks!
i use caddy2 to reverse proxy upstream site, The specific request process goes like this 1, user sends an HTTPS request to the Caddy server using the browser 2, when caddy get the request from step 1, sends HTTPS request to the upstream site
i download the upstream site https certificate to my disk , add the certificate path in the following two configurations in caddy.json:
apps/http/servers/routes/handle/reverse_proxy/transport/http/tls/client_certificate_file apps/http/servers/routes/handle/reverse_proxy/transport/http/tls/client_certificate_key_file
before i run caddy, i do: 1, i configure aa.xxxx.cn point to my server on dynamic DNS provider 2, i configure aa.xxxx.cn point to upstream ip in my /etc/hosts
this ensures that the match host and upstreams deal use the same host can works fine
caddy: v2.1.1 os: ubuntu
here is my caddy.json, `{ "apps": { "http": { "servers": { "test1": { "listen": [":80",":443"], "routes": [ { "match": [ { "host": [ "aa.xxxx.cn" ] } ], "handle": [ { "handler": "reverse_proxy", "transport": { "protocol": "http", "tls": { "client_certificate_file":"/home/xxx/applications/caddy/aa.xxxx.cn/aa.xxxx.cn.crt", "client_certificate_key_file":"/home/xxx/applications/caddy/aa.xxxx.cn/aa.xxxx.cn.key" } }, "upstreams": [ { "dial": "aa.xxxx.cn:443" } ] } ] } ] }
} }`
when i configure like this,it works!
but when i delete the tls/client_certificate_file and tls/client_certificate_key_file configurations,it not works!
This is not a normal request way,because in https request,there is no need to save the server's certificate in advance, just when client send https request to server,server send it's certificate to client ,client verify the certificate,if ok ,client and server can communicate normally
Is there a problem with the way I'm using Caddy???