From dfa21a1aec15f610a8ae64bd8259b44d028cd226 Mon Sep 17 00:00:00 2001 From: Monviech <79600909+Monviech@users.noreply.github.com> Date: Sun, 7 Apr 2024 12:53:18 +0200 Subject: [PATCH] Update caddy.rst - Added short tutorial how to use the most common header manipulation. --- source/manual/how-tos/caddy.rst | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/source/manual/how-tos/caddy.rst b/source/manual/how-tos/caddy.rst index eadc6e90..87f6fdf0 100644 --- a/source/manual/how-tos/caddy.rst +++ b/source/manual/how-tos/caddy.rst @@ -434,6 +434,29 @@ Go to `Services - Caddy Web Server - Reverse Proxy - Handler` .. Note:: Leave all other fields to default or empty. With this configuration, Caddy will eventually choose the TLS-ALPN-01 challenge for its own foo.example.com domain, and reverse proxy the HTTP-01 challenge to 192.168.10.1, where the upstream destination can listen on port 80 and solve it's own challenge for a certificate. With TLS enabled in the Handler, an encrypted connection is automatically possible to 192.168.10.1. The automatic HTTP to HTTPS redirection is also taken care of. +------------------------ +Override the Host header +------------------------ + +Since (most) headers retain their original value when being proxied, it is often necessary to override the Host header with the configured upstream address when proxying to HTTPS, such that the Host header matches the TLS ServerName value. https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#https + +Go to `Services - Caddy Web Server - Reverse Proxy - Headers` + +* Press **+** to create a new header +* **Header:** ``header_up`` +* **Header Type:** ``Host`` +* **Header Value** ``{upstream_hostport}`` +* **Description:** ``Override Host header`` +* Press **Save** + +Go to `Services - Caddy Web Server - Reverse Proxy - Handler` + +* Edit a Handler +* Open `Header` +* **Header Manipulation:** Select ``header_up Host {upstream_hostport} - Override Host header`` from the dropdown list. +* Press **Save** and **Apply** + + ------------------------------- Integrating Caddy with CrowdSec -------------------------------