Hey @izykopa
I haven’t verified every step, but this should work in your case:
1. SSL with Internal CA Certificates
When you’re using certificates signed by an internal CA (rather than a public CA like Let’s Encrypt), Caddy needs to be explicitly told to use your certificates instead of trying to obtain them automatically, as you did:
baserow.yourdomain.local {
tls /etc/caddy/certs/cert.pem /etc/caddy/certs/key.pem
reverse_proxy baserow:80
}
Then mount your certificates into the Caddy container in your docker-compose.yml:
caddy:
volumes:
- ./certs/cert.pem:/etc/caddy/certs/cert.pem:ro
- ./certs/key.pem:/etc/caddy/certs/key.pem:ro
A few things to check:
- The certificate file should contain the full chain (your server cert + intermediate CA certs)
- The key file should be the private key corresponding to your server certificate
- File permissions: Caddy needs read access to both files
2. Disabling QUIC/HTTP3
Yes, you can disable HTTP/3 (QUIC) in Caddy using the global options block. Add this at the top of your Caddyfile:
{
servers {
protocols h1 h2
}
}
This restricts Caddy to HTTP/1.1 and HTTP/2 only — no QUIC traffic will be served.
Troubleshooting Tips
If you’re still having issues after applying this config:
-
Check Caddy logs for certificate-related errors:
docker logs <caddy-container-name> -
Verify your certificate chain is valid:
openssl verify -CAfile /path/to/ca-root.pem /path/to/cert.pem -
Test the connection from a client that trusts your internal CA:
curl -v https://baserow.yourdomain.local
I hope this helps.