Currently, I am moving some web applications from the outside VPS to LXC in Homelab at home to facilitate management. The web applications in their internal network are reverse proxy through a CADDY Server to manage access from the Internet.
However, when establishing Reverse Proxy for the Invoice Ninja, I encountered the situation that the installation configuration includes a available container docker running caddy to make Reverse proxy for the application, connect via the domain name. https://invoice.markknow.com
This Caddy server after being transferred to Homelab, will be located in the back of the main caddy server, making the configuration of the Reverse Proxy more troublesome.
1. Connection Model
The connection model from the Internet to the Invoice Ninja will be below
(Internet) → (Main Caddy) → (Sub Caddy) → (Invoice Ninja)Code language: CSS (css)- Main caddy (main server / router)
- Responsible for receiving the request from the Internet.
- Manage SSL certificate from Let’s Encrypt.
- Request transfer to Secondary Caddy in the internal network.
- CADDY ADRESS (LXC Container)
- Run Invoice Ninja.
- No need for https because HTTPS is processed by Primary Caddy.
Here’s how to configure connecting two caddy servers to run internal web applications via https
2. Main Caddy Configuration
Revise Caddyfile above main serversupplement the configuration for the domain name used to access the Invoice Ninja
invoice.marknow.com {
reverse_proxy 192.168.1.120:80 {
header_up X-Forwarded-Proto https
}
}
Code language: YAML (yaml)Explain:
192.168.1.120:80is the address of the LXC container running Caddy supports.header_up X-Forwarded-Proto httpsnotify Caddy supports Knowing the original request is HTTPS, avoiding the mixed Content error.
Then restart Caddy:
docker compose restartCode language: Nginx (nginx)3. Sub CADDY Configure
The original configuration of Caddyfile as follows
invoice.marknow.com
root * /var/www/app/public
php_fastcgi dockerfiles-app-1:9000
encode zstd gzip
file_server browse
}Code language: PHP (php)I have to fix the line invoice.markknow.com wall http://invoice.markknow.comso that CADDY will not create SSL anymore (with creation also has an unrealistic error).
http://invoice.markknow.com {
root * /var/www/app/public
php_fastcgi dockerfiles-app-1:9000
encode zstd gzip
file_server browse
header {
Content-Security-Policy upgrade-insecure-requests
}
}
Code language: PHP (php)Explain:
http://Run on the HTTP protocol because HTTPS was processed by CADDY MAIN.Content-Security-Policy upgrade-insecure-requestsHelp the browser automatically switch Http → https.
Then reboot
docker compose restart
Code language: Nginx (nginx)5. Check & Finish
Return to the Invoice Ninja through the domain name.
If everything works correctly, you have successfully set up two Caddy instances working together on your local network !
6. Conclusion
In this article, I showed how to use Two Caddy servers To manage the internal web application with Reverse Proxy. This makes it easy for you to:
- More flexible system management , separate frontend / backend.
- Use HTTPS on all applications , even if they run on the internal network.
- Easy to extend , just edit the main Caddy to add new services.
Comment Policy: We truly value your comments and appreciate the time you take to share your thoughts and feedback with us.
Note: Comments that are identified as spam or purely promotional will be removed.
To enhance your commenting experience, consider creating a Gravatar account. By adding an avatar and using the same e-mail here, your comments will feature a unique and recognizable avatar, making it easier for other members to identify you.
Please use a valid e-mail address so you can receive notifications when your comments receive replies.
