1. The problem I’m having:
I’m trying to reverse proxy a domain to a local host port. The service on the backend is Matomo which I believe uses Apache as its front end. When I access that port directly, I have no problem, but when it’s reverse proxy through Caddy, I get a 502 error.
2. Error messages and/or full log output:
caddy-1 | {"level":"error","ts":1708413672.2528512,"logger":"http.log.error","msg":"dial tcp 192.168.96.4:8080: connect: connection refused","request":{"remote_ip":"x.x.x.x","remote_port":"41298","client_ip":"x.x.x.x","proto":"HTTP/3.0","method":"GET","host":"DOMAIN_HERE","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"],"Sec-Ch-Ua-Mobile":["?0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Site":["none"],"Accept-Language":["en-US,en;q=0.9"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":[],"Sec-Ch-Ua":["\"Not A(Brand\";v=\"99\", \"Google Chrome\";v=\"121\", \"Chromium\";v=\"121\""],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Upgrade-Insecure-Requests":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"DOMAIN_HERE"}},"duration":0.000813218,"status":502,"err_id":"4a34jjneb","err_trace":"reverseproxy.statusError (reverseproxy.go:1267)"}
Note the Connection refused
a. System environment:
Ubuntu 22.04 LTS via Docker
Caddy: v2.7.6
b. Service/unit/compose file:
version: '3'
networks:
default:
name: 'proxy_network'
services:
uptime-kuma:
image: louislam/uptime-kuma:1
restart: unless-stopped
volumes:
- /srv/uptime:/app/data
labels:
caddy: NON-RELATED_DOMAIN_HERE
caddy.reverse_proxy: "* {{upstreams 3001}}"
ports:
- 3001:3001
caddy:
image: caddy:latest
restart: unless-stopped
cap_add:
- NET_ADMIN
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./site:/srv
- ./caddy/data:/data
- ./caddy/config:/config
environment:
- CADDY_INGRESS_NETWORKS=proxy_network
db:
image: mariadb:10.11
command: --max-allowed-packet=64MB
restart: always
volumes:
- db:/var/lib/mysql:Z
environment:
- MYSQL_ROOT_PASSWORD=
- MARIADB_AUTO_UPGRADE=1
- MARIADB_DISABLE_UPGRADE_BACKUP=1
env_file:
- ./db.env
app:
image: matomo
restart: unless-stopped
volumes:
- ./config:/var/www/html/config:z
- ./logs:/var/www/html/logs:z
- matomo:/var/www/html:z
environment:
- MATOMO_DATABASE_HOST=db
env_file:
- ./db.env
ports:
- 8080:80
labels:
caddy: DOMAIN_HERE
caddy.reverse_proxy: "* {{upstreams 8080}}"
volumes:
db:
matomo:
c. My complete Caddy config:
https://TROUBLE_DOMAIN_HERE {
reverse_proxy app:8080
}
https://UNRELATED_DOMAIN_HERE {
reverse_proxy 127.0.0.1:3001
}
5. Links to relevant resources:
Matomo config.ini.php
...
[General]
salt = "REDACTED"
enable_trusted_host_check = 0
force_ssl = 1
assume_secure_protocol = 1
proxy_client_headers[] = "HTTP_X_FORWARDED_FOR"
proxy_host_headers[] = "HTTP_X_FORWARDED_HOST"
proxy_uri_header = 1
...
Other Links:
Any Help Would be much appreciated