Websockets not functional /w CF proxy and loopback

So this is totally backwards in my mind. I use CaddyV2 as a reverse proxy. All sites work EXCEPT when accessing from within my internal network and DNS cnames are proxied. To me this seems backwards as loopback problems would normally occur without proxy not with.

If I disable the proxy, the sites work without issue. If I use a VPN to route outside my network, the sites work. If I access externally they work. If I enable proxy and try to access the site, websockets are not available.

By all my logic, this is backwards from where loopback issues would normally happen. Any recommendations on where to start? My only idea to work around this is to override my DNS records to use a local IP, but that seems like more work than I should have to do.

Note: This happens across web server platforms… I’ve attempted both nginx and caddy.

Can you please clarify your architecture here?
Is the CaddyV2 reverse proxy configure between Cloudflare and your origin?
Or before Cloudflare?
When you say “websockets are not available”, can you provide more details?
Are you getting specific errors? Network error? Timeout?

I am running CaddyV2 reverse proxy for incoming traffic to my server. If I have orange cloud proxy off, it works perfect. If I turn on orange cloud, my websocket connections timeout. Or according to developer tools in chromium, the connection was closed before the connection was established. However, if I turn proxy (orange cloud) off, it functions without issue.

If I connect to a VPN to come in from external, it works.
If I turn off proxy (orange cloud) and it accesses via my IP it works.
If I turn on proxy (orange cloud) and it accesses via cloudflare IP, all works EXCEPT for websockets, they all timeout or receive other various errors.

This issue occurs across all of my webapps, which are mostly run within docker. This websocket issue occurs /w CaddyV2 AND NGINX reverse proxy, so it’s not my proxy/load balancer.

Here is a mapping showing this if thats easier to understand?

Here is an example of my Caddyfile.

  default_sni dulanic.com
  acme_ca https://acme-v02.api.letsencrypt.org/directory
  email {$ACMEEMAIL}
(proxyheaders) {
  header_up Host {host}
  header_up X-Real-IP {http.request.header.CF-Connecting-IP}
  header_up X-Forwarded-For {http.request.header.CF-Connecting-IP}
  header_up X-Forwarded-Proto {scheme}
  header_up X-Forwarded-Host {host}
  header_up X-Forwarded-Ssl {on}
(tlscf) {
  tls {
    dns cloudflare {env.CLOUDFLARE_API_TOKEN}
  basicauth {
https://dulanic.com {
  import tlscf
  redir /images /images/
  handle_path /images/* {
    root * /www/img
https://dl.dulanic.com {
  import tlscf
  reverse_proxy  droppy:8989 {
    import proxyheaders
https://teslamate.dulanic.com {
  import tlscf
  import XAUTH
  reverse_proxy teslamate:4000 {
    import proxyheaders

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.