apps/docs/content/self-hosting/manage/reverseproxy/caddy/index.mdx
import ProxyGuideOverview from '../_proxy_guide_overview.mdx'; import ProxyGuideTLSMode from '../_proxy_guide_tls_mode.mdx'; import ProxyGuideMore from '../_proxy_guide_more.mdx'; import Compose from "./docker-compose.yaml"; import ConfigDisabled from "./disabled-tls.Caddyfile"; import ConfigExternal from "./external-tls.Caddyfile"; import ConfigEnabled from "./enabled-tls.Caddyfile";
export const providername = 'Caddy'; export const lower = "caddy"; export const link = <a href="https://caddyserver.com/">{providername}</a>
<ProxyGuideOverview components={props.components} name={providername} link={link} compose={Compose}></ProxyGuideOverview>
You can either setup your environment for <a href={'#tls-mode-external'}>TLS mode external</a> or <a href={'#tls-mode-enabled'}>TLS mode enabled</a>.
<ProxyGuideTLSMode components={props.components} mode="external" configfilename="external-tls.Caddyfile" configfilecontent={ConfigExternal} providername={providername} link={link} lower={lower}></ProxyGuideTLSMode>
<ProxyGuideTLSMode components={props.components} mode="enabled" configfilename="enabled-tls.Caddyfile" configfilecontent={ConfigEnabled} providername={providername} link={link} lower={lower}></ProxyGuideTLSMode>
When a browser sends a TE: trailers HTTP header (common with HTTP/2), Caddy may forward it upstream where it conflicts with ZITADEL's gRPC-gateway handling.
Requests that result in an error response will hang indefinitely instead of returning the error to the client.
Workaround: strip the header in Caddy before it reaches ZITADEL:
reverse_proxy h2c://zitadel:8080 {
header_up -TE
}
<ProxyGuideMore components={props.components} ></ProxyGuideMore>