caddy-reverse-proxy - Man Page

A quick and production-ready reverse proxy

Synopsis

caddy reverse-proxy [flags]

Description

A simple but production-ready reverse proxy. Useful for quick deployments, demos, and development.

Simply shuttles HTTP(S) traffic from the --from address to the --to address. Multiple --to addresses may be specified by repeating the flag.

Unless otherwise specified in the addresses, the --from address will be assumed to be HTTPS if a hostname is given, and the --to address will be assumed to be HTTP.

If the --from address has a host or IP, Caddy will attempt to serve the proxy over HTTPS with a certificate (unless overridden by the HTTP scheme or port).

If serving HTTPS:
 --disable-redirects can be used to avoid binding to the HTTP port.
 --internal-certs can be used to force issuance certs using the internal
   CA instead of attempting to issue a public certificate.

For proxying:
 --header-up can be used to set a request header to send to the upstream.
 --header-down can be used to set a response header to send back to the client.
 --change-host-header sets the Host header on the request to the address
   of the upstream, instead of defaulting to the incoming Host header. This is a shortcut for --header-up "Host: {http.reverse_proxy.upstream.hostport}".
 --insecure disables TLS verification with the upstream. WARNING: THIS
   DISABLES SECURITY BY NOT VERIFYING THE UPSTREAM'S CERTIFICATE.

Options

--access-log[=false] Enable the access log

-c, --change-host-header[=false] Set upstream Host header to address of upstream

-v, --debug[=false] Enable verbose debug logs

-r, --disable-redirects[=false] Disable HTTP->HTTPS redirects

-f, --from="localhost" Address on which to receive traffic

-d, --header-down=[] Set a response header to send back to the client (format: "Field: value")

-H, --header-up=[] Set a request header to send to the upstream (format: "Field: value")

-h, --help[=false] help for reverse-proxy

--insecure[=false] Disable TLS verification (WARNING: DISABLES SECURITY BY NOT VERIFYING TLS CERTIFICATES!)

-i, --internal-certs[=false] Use internal CA for issuing certs

-t, --to=[] Upstream address(es) to which traffic should be sent

See Also

caddy(8)

History

11-Feb-2024 Auto generated by spf13/cobra

Referenced By

caddy(8).

Feb 2024 Auto generated by spf13/cobra