Closed ha-ku closed 2 years ago
+1
I dig into the caddy server code and find out that this related to how caddy matches a request to handler. Caddy server uses http Host
header to match domains defined in config file. However, when it comes to forward proxy scenario, the request's Host
is always the target host which is not your proxy's Host
. The following is a typical proxy request
[root@VM_0_4_centos ~]# curl -x https://example.com httpbin.org/ip -v
> GET http://httpbin.org/ip HTTP/1.1
> Host: httpbin.org
> User-Agent: curl/7.81.0
> Accept: */*
> Proxy-Connection: Keep-Alive
You can see in this case, the request Host
header is httpbin.org while not example.com. When caddy server receives this request, it can't find any route of target host httpbin.org and then it just responses 200 to client.
I think what I've done with my Caddyfiles is something like:
:443 example.com
forwardproxy ...
in other words, specify a domain name along with a catch-all, port-only address. That should route the requests properly. I haven't finished updating this plugin for v2 due to lack of sponsorship resources to prioritize it. But I think that's basically how you want to do it.
I think what I've done with my Caddyfiles is something like:
:443 example.com forwardproxy ...
in other words, specify a domain name along with a catch-all, port-only address. That should route the requests properly. I haven't finished updating this plugin for v2 due to lack of sponsorship resources to prioritize it. But I think that's basically how you want to do it.
This Caddyfile works. Thanks a ton!
No problem. You really only need the :443
(don't restrict the Host) but adding example.com
(or rather, your domain) is an easy way to tell Caddy to automate the certificate for that domain.
I'm trying to simply set up an https proxy which has a basic auth check and proxy everything to a http proxy listening on localhost. In the Caddyfile, I write something like:
However when I do
curl -x https://user:passwd@my.domain:31082 https://whatever.site
, it results in anerror:1408F10B:SSL routines:ssl3_get_record:wrong version number
. When I docurl -x https://user:passwd@my.domain:31082 http://whatever.site
, it just return an empty 200 response even if the "whatever.site" does not exist. I have no idea why it behaves like this. Anyone help?