5

Is it possible to use caddy for local development where you have https://mysite.loc and use Caddyfile as reverse proxy to your services running on localhost?

My hosts file so I have local mysite.loc domain

127.0.0.1   mysite.loc

mysite.loc {
  reverse_proxy /api localhost:5000
  reverse_proxy /admin localhost:6000
  reverse_proxy /graphql localhost:7000
  reverse_proxy localhost:4000

  tls ???
}

And thats about how far I got. I think I need to somehow point mysite.loc to running caddy daemon so it can intercept the request provide generated certs which I would then trust locally and also act as proxy redirecting to my locally running services. I also think I don't need to generate any certificates myself caddy should do it right? I would also like to avoid having to use any ports for mysite.loc like https://mysite.loc:4000 just https://mysite.loc and then let Caddy handle the rest. I would also like to avoid using docker.

Hnus
  • 912
  • 2
  • 9
  • 24

3 Answers3

1

I haven't tested this but my gut reaction is: No, you can't.

My reason is that caddy secures HTTPS via Let's Encrypt (LE), and LE works by authenticating the site via caddy placing a beacon internally on the server and LE then querying the beacon has the correct contents. So LE will fail to query if this site is simply on localhost and not open to WAN. LE needs access. You could try opening your site to WAN, doing the LE auth, then closing it to WAN but I'm not sold that would work.

That being said, if all you want is HTTPS locally for dev, use a self-signed cert. Keep in mind HTTPS is silly for local dev because the whole point of HTTPS is to encrypt in-transit and there is no transit for localhost

Jonathan
  • 6,741
  • 7
  • 52
  • 69
  • "HTTPS is silly for local dev" Not true theres `secure` flag for cookies which allows them to be set just via https – Hnus Dec 22 '22 at 02:05
1

It seems that using .localhost instead of .loc is enough to get https for anyone looking to get started heres one of my recent Caddyfiles

Caution: I was kind of hesitant to post this as an answer because browsers get their updates automatically all the time so what works today might not next time you open your browser.

{
    email foo@gmail.com

    log {
        format console
    }
}

www.{$DOMAIN} {
    redir https://{$DOMAIN}{uri}
}

{$DOMAIN} {
    @websockets {
        header Connection *Upgrade*
        header Upgrade websocket
    }

    reverse_proxy /graphiql {$API_SERVICE}
    reverse_proxy /voyager {$API_SERVICE}
    reverse_proxy /graphql {$API_SERVICE}
    reverse_proxy /f/* {$API_SERVICE}

    reverse_proxy @websockets {$CLIENT_SERVICE}
    reverse_proxy {$CLIENT_SERVICE}
}
Hnus
  • 912
  • 2
  • 9
  • 24
0

It's possible to get SSL locally however the auto-ssl feature in Caddy will not work since that utilizes Let's Encrypt.

I suggest trying mkcert, after you have successfully installed mkcert run mkcert mysite.loc to generate a certificate and it should return something like:

Created a new certificate valid for the following names 
 - "mysite.loc"

The certificate is at "./mysite.loc.pem" and the key at "./mysite.loc-key.pem" ✅

It will expire on 6 March 2025

And then inside your Caddyfile add the tls directive

mysite.loc {
  reverse_proxy /api localhost:5000
  reverse_proxy /admin localhost:6000
  reverse_proxy /graphql localhost:7000
  reverse_proxy localhost:4000

  tls mysite.loc.pem mysite.loc-key.pem
}

then run it and it should just work!

S. C.
  • 110
  • 1
  • 13