I am using Caddy as a reverse proxy so that I only need to have 2 ports open in my gateway (one for http and one for https).
I would prefer to use 80
and 443
, but my UniFi USG (Gateway) interferes with 443 and breaks SSL. If I choose another port and add a Port Forward for that, it works fine... but this is unreasonable for every server route I need because my firewall will turn into swiss cheese.
So a reverse proxy is perfect for this. I will only have 2 ports open: 88
and 444
that go to the reverse proxy. In Caddy, I can easily set the destination port in the Caddyfile:
// DNS points to the gateway's IP
mysubdomain.mydomain.com {
reverse_proxy {
to https://192.168.1.IP:443
transport http {
read_buffer 4096
}
{
}
Question
In my first attempt, my SSL wasn't working (thanks to proxy-modified headers), so I looked at the Caddy Reverse Proxy Headers documentation and found they do modify 2 headers:
- It adds or augments the
X-Forwarded-For
header field. - It sets the
X-Forwarded-Proto
header field.
What values do I use so that Caddy passes on the original, or doesn't add anything?
Current Config
Here's what I currently have, what should I be using to make sure the X-Forwarded headers are not changed or added?
mysubdomain.mydomain.com {
reverse_proxy {
to https://192.168.1.IP:443
transport http {
read_buffer 4096
}
{
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For { ?? }
header up X-Forwarded-Port { ?? }
header_up X-Forwarded-Proto { ?? }
}
Follow up question: Are there other settings I should use in addition to the ones I have set?