带球童的HTTPS代理

Question

I am working with a Golang app and Caddy as the HTTP server. The golang app rejects every http connection, it only can be used over HTTPS. This app is a kind of API/service that is consumed by other apps. As, it requires HTTPS I installed Caddy so I can take advantage of the automatic SSL certificate and use proxy to switch between the ports.

The application is running in the port 9000, so, the consumers will only writte mysite.com and caddy should be in charge of redirect that petitions to the port 9000 but maintaining the HTTPS. The configuration in caddy for the site is:

mysite.com {
    proxy / :9000 {
        max_fails 1
    }
    log logfile
}

Nevertheless, it seems like when the proxy is made the HTTPS is lost. I checked the logs for the application (no the logs of caddy) and I get this:

http: TLS handshake error from xxx.xxx.xxx.xxx:xxxx: tls: oversized record received with length 21536

So, based in this error, to me looks like the HTTP proxy made by caddy is losing the HTTPS. What can I do?

Answer 1

From the caddy docs

to is the destination endpoint to proxy to. At least one is required, but multiple may be specified. If a scheme (http/https) is not specified, http is used. Unix sockets may also be used by prefixing "unix:".

So maybe it is sending http requests to the proxied https endpoint.

Does

mysite.com {
    proxy / https://localhost:9000 {
        max_fails 1
    }
    log logfile
}

fix it?

If that is the case, you may not strictly need your app on :9000 to listen https. It may simplify your deployment or cert management to just have it listen http and have caddy manage all the certs.