8

I've been running some services as docker containers on a DigitalOcean droplet for a few years now, and recently I figured it was time to update one of them to the latest version (the service in question is ghost blogging platform). Previously, my working setup was using caddy as a reverse proxy, so I could access my blog by going to blog.mydomain.example. The Caddyfile setup looked like this:

blog.mydomain.example {
    proxy / 192.0.2.5:1268
}

Where the IP:port is that of the local ghost docker container.

However, after updating my ghost instance to the latest version, and keeping the same config, I got a strange error. Navigating to blog.mydomain.example would load for a long while then suddenly redirect to https://192.0.2.5:2368, which of course wouldn't work as that's a local IP on my droplet. After a long time of scouring the internet, I eventually found the fix, which required modifying my Caddyfile like so:

blog.mydomain.example {
    proxy / 192.0.2.5:1268 {
        transparent
    }
}

The caddy docs page for proxies has a bit on what transparent does:

transparent: Passes thru host information from the original request as most backend apps would expect.
Shorthand for:
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded-For {remote}
header_upstream X-Forwarded-Proto {scheme}

I also read this article on proxy types, but I'm still confused on what it means to make a reverse proxy transparent, and why it was needed in this case. Could someone shed some light?

Patrick Mevzek
  • 9,273
  • 7
  • 29
  • 42
ROODAY
  • 205
  • 2
  • 5

1 Answers1

11

Here it means that Caddy doesn't modify the request by stripping out the HTTP Host header when passing the request to your web server in Docker container.

These can be the reasons why it is required now:

  1. Your blog software was updated and now it wants Host header to match the hostname set up in the software.
  2. Caddy's proxying behaviour was modified so that it now removed Host header by default.
Tero Kilkanen
  • 34,499
  • 3
  • 38
  • 58
  • 2
    Maybe to be more precise, it does not literally strip Host header in any case, it is just the question whether it preserves the one from original request (`blog.mydomain.com`) or modifies it to backend one (`172.17.0.5`) – Dusan Bajic Jan 14 '19 at 14:14
  • Thanks for the clarification. I haven't used Caddy myself so I don't know the exact details. – Tero Kilkanen Jan 15 '19 at 21:42