Here are some tips when I am using CaddyV2 as a reverse proxy.

Use Caddy V2 to host a static file server

files.aiursoft.com {
    header Access-Control-Allow-Origin *
    header Cache-Control \"public, max-age=604800\"
    root * /var/www/html
    file_server
}

Use Caddy V2 to directly render HTML

somedomain.aiursoft.com {
        respond / "<h1>Welcome</h1>" 200
}

Use Caddy V2 to reverse proxy on certain address

somedomain.aiursoft.com {
        reverse_proxy /admin http://v2ray:10000 {
        }
}

Use Caddy V2 to do a permenant redirect

git.aiursoft.com {
        redir https://git.aiursoft.cn{uri} permanent
}

Use Caddy V2 to reversey proxy and remove\add custom header

git.aiursoft.cn {
        header -x-frame-options # Remove x-frame-options header
        reverse_proxy http://gitea:3000
}

Use Caddy V2 to reverse proxy but ignore cert issue

pve.aiursoft.cn {
        reverse_proxy https://pve:8006 {
                transport http {
                        tls_insecure_skip_verify # Allow insecure cert
                }
        }
}

Use Caddy V2 to reverse proxy, but only allow LAN access

media.aiursoft.cn {
        @blocked not remote_ip 192.168.1.0/24
        respond @blocked "<h1>Access Denied</h1>" 403
        reverse_proxy http://jellyfin:8096 {
        }
}

Use Caddy V2 to reverse proxy, but override the HTTP Host header

nextcloud.aiursoft.cn {
        reverse_proxy http://nextcloud {
                header_up Host nextcloud.aiursoft.cn
        }
}

Use Caddy V2 to reverse proxy, and also protect by basic auth password authentication

You need to generate password hash first. You can generate it here.

jump.aiursoft.cn {
        basicauth / {
                Anduin password-hash
        }
        reverse_proxy https://jump:9090 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

Full demo

Reverse Proxy:

  • Protected by basic auth password authentication for external IP address.
  • Allow direct access from LAN.
  • Override HTTP Host from jump to cockpit
  • Allow insecure HTTPS
  • Remove Header x-frame-options
jump.aiursoft.cn {
    header -x-frame-options # Remove x-frame-options header
    @2fa not remote_ip 192.168.50.0/24
    basicauth @2fa  {
        anduin $2a$12$hashhashhashhashhashhashhashhashhash
    }
    reverse_proxy https://jump:9090 {
        header_up Host cockpit
        transport http {
            tls_insecure_skip_verify
        }
    }
}