Issues with using Caddy and LinkStack

[Wzyss]

Hey ya'll! Let me preface this with the fact that I suspect this is going to end up being an oversight by me or perhaps just my understanding of something being wrong.

 

My Environment

VPS running in the cloud with all applications in Docker containeers

Caddy running as reverse proxy to route traffic to specific ports

Cloudflare being used for DNS management and all domains have Strict SSL enabled

 

What I'm Doing

Here's my LinkStack docker-compose.yml:

version: '3.3'
services:
    linkstack:
        container_name: linkstack
        hostname: linkstack
        environment:
            - HTTP_SERVER_NAME=test.domain.com
            - HTTPS_SERVER_NAME=test.domain.com
            - SERVER_ADMIN=admin@domain.com
            - TZ=America/Chicago
            - PHP_MEMORY_LIMIT=512M
            - UPLOAD_MAX_FILESIZE=8M
        ports:
            - '50012:80'
            - '50013:443'
        volumes:
            - ./linkstack:/htdocs
        restart: unless-stopped
        image: linkstackorg/linkstack:latest

volumes:
  linkstack:

 

And here's my Caddyfile with redacted domains:

send.domain.dev {
        reverse_proxy :50002
}

cloud.domain.dev {
        reverse_proxy :50006
}

remote.domain.dev {
        reverse_proxy :50007
}

blog.domain.dev {
        reverse_proxy :50010
}

domain1.com {
        reverse_proxy :50011
}

test.domain.com {
        reverse_proxy :50013
}

 

As you can see, all of my applications that need to be proxied just end up working as per the usual with the above Caddy configuration. The one we're interested here is the one passing to port 50013.

 

The Problems I'm Getting

Unfortunately, this configuration doesn't work for.. some reason. If I proxy port 50012 which routes to 80 in the container, I get a blank webpage with "Index of /" and some server information. Furthermore, if I proxy port 50013 which routes to 443 in the container, I instead get a "400 Bad Reqest" error with the following reason: You're speaking plain HTTP to an SSL-enabled server port.

If I don't use Caddy to reverse proxy, I can get this working without SSL. (Meaning instead of using 50012 and 50013 on the host, I'm just using the host's 80 and 443 respectively)

 

Am I misunderstanding how Caddy works in this situation, and is there instead a different way I should be configuring web applications to be proxied by Caddy when in Docker containers? Any advise would be a godsend.

[Wzyss]

For anyone who comes across this, I got it figured out!

 

Turns out Caddy connects to services on the backend via HTTP. In most cases, this makes sense. However, in the case of using LinkStack, it has a self-signed cert and runs on HTTPS by default.

 

This would cause the "You're speaking plain HTTP to an SSL-enabled server port" error to crop up. So my obvious solution was to specify HTTPS instead in the Caddyfile, like so:

links.domain.com {
  reverse_proxy https://localhost:50013
}

 

Unfortunately, I ran into more issues where Caddy did not accept the self-signed cert that LinkStack was providing. After many hours of struggling with this, I finally found the directive that bypasses TLS verification!

 

The config that works is now this:

links.domain.com {
  reverse_proxy https://localhost:50013 {
    transport http {
      tls_insecure_skip_verify
    }
  }
}