Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] Caddy Forward proxy behind another Caddy reverse proxy? #145

Open
maxiride opened this issue Dec 2, 2024 · 3 comments
Open

[Question] Caddy Forward proxy behind another Caddy reverse proxy? #145

maxiride opened this issue Dec 2, 2024 · 3 comments
Labels
question

Comments

@maxiride
Copy link

maxiride commented Dec 2, 2024

Since modifying our main caddy server is a no-go, will the plugin work if placed behind another caddy reverse proxy? If so how should the forward proxy be configured?

Client --> Caddy A -- reverse proxy --> Caddy B forward proxy --> internet

Caddy A hypotetical configuration:

example.com {
    handle_path /forward/* {
        reverse_proxy caddy_B:80
    }
}

Caddy B hypotetical

:80 {
   forward_proxy
}
@mholt
Copy link
Member

mholt commented Dec 2, 2024

The client to a forward proxy (Caddy A in your example) needs to support forward proxies. I believe the HTTP(S)_PROXY env var(s) can do this, but I haven't played with this myself.

@mholt
Copy link
Member

mholt commented Dec 2, 2024

Oh actually we have a setting for this in the reverse_proxy: https://caddyserver.com/docs/modules/http.reverse_proxy.transport.http#forward_proxy_url or Caddyfile: https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#forward_proxy_url

@mholt mholt added the question label Dec 2, 2024
@maxiride
Copy link
Author

maxiride commented Dec 3, 2024

Oh actually we have a setting for this in the reverse_proxy: https://caddyserver.com/docs/modules/http.reverse_proxy.transport.http#forward_proxy_url or Caddyfile: https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#forward_proxy_url

That's nice, and I admit I missed it while reading the documentation.
However, the forward_proxy_url option is a child of the transport rules of the reverse_proxy directive. AS-IS from the documentation it's my understanding that the option allows to reach a specific upstream through the defined forward proxy url.

My question concern being able to reach any destination through the forward proxy (as any forward proxy usually allows), with the caveat that the forward proxy url to use must point to our main Caddy instance, hence the idea of putting it behind a reverse proxy.

Ideally, in a flexible environment, I would simply spin up a new caddy instance with the forward proxy plugin and bind it to a different WAN IP (so to not disrupt the main Caddy), but that would touch the firewall area complicating more the matter (administratively speaking).

The client to a forward proxy (Caddy A in your example) needs to support forward proxies.

Of course, but luckily many applications have built-in support.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mholt @maxiride