I’ve the following scenario:
Internet (HTTPS) → Traefik → Caddy as reverse proxy → Backend service
Caddy and the backend-services are docker-images deployed by Nomad. Caddy is responsible to organzie the HTTPS cerificate through Let’s encrypt. Traefik is fowarding the TCP-traffic in “passthrough”-mode letting Caddy deliver the certificate (which is stored in Consul and is therefore distributes between multiplie instances of caddy)
Now I wanted to put Caddy in a Site Mesh with Consul Connect in order that the communication to its backend-system is encrypted as well. However the browser now doesn’t get the HTTPS-certificate from Caddy anymore, probably being intercepted by the sidecar proxy which is returning a invalid certificate for the browser. Is there some configuration-option to activate a passthrough from Envoy to Caddy or what would you suggest? Any idea is very welcome 