Skip to main content

Migrate from Zoraxy to Caddy

Here’s a step-by-step guide to migrate from Zoraxy to Caddy as your reverse proxy, including HTTPS and domain-based routing.

🧭 Assumptions

  • You’re currently using Zoraxy to proxy domains like app1.greenhome.stream and auth.greenhome.stream.
  • You want to replace Zoraxy with Caddy on the same server (172.17.1.15).

  • You already have:

    • A domain with DNS records pointing to your server.
    • Docker containers or apps running internally (e.g., 172.17.1.38:9091 for Authelia).
    • Port 80 and 443 open on your public IP.

✅ Step-by-Step Migration from Zoraxy to Caddy

🔁 1. Stop and Disable Zoraxy
sudo systemctl stop zoraxy
sudo systemctl disable zoraxy

If running via Docker:

docker stop zoraxy
docker rm zoraxy
📦 2. Install Caddy

🟢 Option 1: Install via Package (Recommended)

sudo apt update
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo tee /etc/apt/trusted.gpg.d/caddy.gpg > /dev/null
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy.list
sudo apt update
sudo apt install caddy

Caddy runs as a service and listens on ports 80 and 443 by default.

🧾 3. Create Your Caddyfile
sudo nano /etc/caddy/Caddyfile

Example:

# Authelia login portal
auth.greenhome.stream {
    reverse_proxy 172.17.1.38:9091
}

# App behind Authelia
app1.greenhome.stream {
    reverse_proxy 172.17.1.40:3000

    route {
        forward_auth auth.greenhome.stream {
            uri /api/verify?rd=https://auth.greenhome.stream
            copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
        }

        reverse_proxy 172.17.1.40:3000
    }
}
📌 Notes:
  • Replace 172.17.1.40:3000 with your actual app's internal IP and port.
  • auth.greenhome.stream should point to your Authelia instance.
  • The forward_auth directive checks auth before routing to the backend.
🔁 4. Reload Caddy to Apply Config
sudo caddy reload

If there's a syntax error:

sudo caddy validate
🔐 5. Ensure HTTPS Works (Auto Let's Encrypt)

Caddy will automatically:

  • Fetch and renew Let's Encrypt certificates.
  • Use HTTPS with HSTS, HTTP/2, etc.

Check certs:

sudo caddy list-certs
🚦 6. Set DNS Records (If Not Already)

Make sure these A records are set:

Subdomain Value
auth.greenhome.stream your_public_ip
app1.greenhome.stream your_public_ip
🧪 7. Test the Setup
  • Visit https://auth.greenhome.stream — should load Authelia.
  • Visit https://app1.greenhome.stream — should redirect to login if not authenticated.
🧹 8. Optional: Remove Zoraxy Completely

If everything works:

sudo rm -rf /etc/zoraxy /var/lib/zoraxy

🔁 Add More Apps?

Just extend your Caddyfile:

nextcloud.greenhome.stream {
    reverse_proxy 172.17.1.42:8080

    route {
        forward_auth auth.greenhome.stream {
            uri /api/verify?rd=https://auth.greenhome.stream
        }

        reverse_proxy 172.17.1.42:8080
    }
}

✅ You're Done!

Caddy now:

  • Proxies your apps with automatic HTTPS.
  • Integrates with Authelia for forward authentication.
  • Requires no web UI and minimal config.

Ins0mniA

No Comments
Back to top