Introduction

Caddy makes setting up a reverse proxy with Automatic HTTPS very trivial as the examples below show. They both:

• Proxy all, including WebSocket, traffic from [https://bana.io/api] to a server called backend listening on port 8080, see http.proxy.

• Enables directory browsing, see http.browse.

• Enables gzip compression http.gzip.

• Turn on request logging, see http.log.

• Enable error logging. Although this isn’t strictly needed, it helps to turn it on, see http.errors.

Prerequisites

• Setup DNS records to point to the server that is going to run Caddy. This is the simpler approach and that used in the examples. See DNS Challenge.

• The certificates obtained are stored on disk in the folder ‘$HOME/.caddy’ or, if ‘$HOME’ is not set, in the current working directory of the caddy process in a folder named ‘.caddy’. If you’re running Caddy via Docker, it’s a good idea to make sure you use volumes for this.

Development Caddyfile

When you're initially developing it's a good idea to test against the staging/development url, see Testing, developing, and advanced setups. We do this by specifying the ca as https://acme-staging-v02.api.letsencrypt.org/directory, otherwise it is identical to the production Caddyfile.

bana.io www.bana.io {
  proxy /api backend:8080 {
    websocket
    transparent
  }

  tls m@bana.io {
    ca https://acme-staging-v02.api.letsencrypt.org/directory
  }

  log stdout
  errors stderr

  browse
  gzip
}

Production Caddyfile

bana.io www.bana.io {
  proxy /api backend:8080 {
    websocket
    transparent
  }

  tls m@bana.io

  log stdout
  errors stderr

  browse
  gzip
}

Run

Use the caddy-docker Docker image or:

$ caddy --conf Caddyfile --log stdout --agree=yes