Backend HTTPS for Self-Signed Certificates
🚀 Installation & Setup
·
Updated 3 weeks ago
Backend HTTPS for Self-Signed Certificates
Some services only accept HTTPS connections using self-signed certificates. Backend HTTPS ensures Caddy connects to the backend via HTTPS without validating the certificate.
The Problem
Client → Caddy → http://10.8.0.3:5001 → Backend rejects HTTP ✕The Solution
Client → Caddy (Let's Encrypt) → https://10.8.0.3:5001 → Backend (Self-Signed) ✓Typical Services
| Service | Port |
|---|---|
| Synology DSM | 5001 |
| Proxmox VE | 8006 |
| UniFi Controller | 8443 |
| Portainer | 9443 |
Setup
- Create or edit route
- Enable Backend HTTPS toggle
- Set Target Port to the HTTPS port (e.g. 5001)
- Save
Important Notes
- Only enable when the backend enforces HTTPS
insecure_skip_verifytrusts any certificate — acceptable in VPN context- Only available for HTTP routes
- With load balancing, all backends must support HTTPS