Omada Controller with caddy as reverse proxy

2023-07-04 · 370 words · 2 minute read

I switched from Mikrotiks wAP accesspoints to TP-Link Omada EAP650s a while ago (check out my blog post ). As explained in that post, I started self hosting Omada controller which is the management software for these APs.

But I never mangaged to get it working behind caddy , my webserver / reverse proxy.

So it ran as a docker container on my home server with exposed ports without HTTPS. In my home environment that’s not a big deal but it always felt wrong.

A few days ago I setup blocky as my DNS server, again check the blog post if you’re interested. So I setup omada.bouni.de as a local DNS entry and let caddy serve it via HTTPS using a wildcard certificate. I decided to not have this subdomain in my public entries because I don’t need to access it remotly. If I need to, I can do that via a Wireguard tunnel.

First the relevant part of my docker-compose.yml

 1  omada-controller:
 2    container_name: omada-controller
 3    image: mbentley/omada-controller:latest
 4    restart: unless-stopped
 5    environment:
 6      - TZ=Europe/Berlin
 7      - MANAGE_HTTP_PORT=8088
 8      - MANAGE_HTTPS_PORT=8043
 9      - PORTAL_HTTP_PORT=8088
10      - PORTAL_HTTPS_PORT=8043
11      - PORT_APP_DISCOVERY=27001
12      - PORT_ADOPT_V1=29812
13      - PORT_UPGRADE_V1=29813
14      - PORT_MANAGER_V1=29811
15      - PORT_MANAGER_V2=29814
16      - PORT_DISCOVERY=29810
17      - SHOW_SERVER_LOGS=true
18      - SHOW_MONGODB_LOGS=false
19      - PGID=508
20      - PUID=508
21    ports:
22      - 8043:8043
23      - 29810:29810/udp
24      - 29811:29811
25      - 29812:29812
26      - 29813:29813
27      - 29814:29814
28    volumes:
29      - ./omada/data:/opt/tplink/EAPController/data
30      - ./omada/logs:/opt/tplink/EAPController/logs

And this is what my Caddyfile looks like:

 1{
 2    admin off
 3    log {
 4        format console
 5    }
 6
 7}
 8
 9*.bouni.de, bouni.de {
10
11  tls {
12    dns hetzner {env.HETZNER_AUTH_API_TOKEN}
13  }
14  
15  @omada host omada.bouni.de
16  handle @omada {
17    reverse_proxy omada-controller:8043 {
18      transport http {
19        tls_insecure_skip_verify
20      }
21      header_up Host {host}:8043
22      header_down Location :8043 :443
23    }
24  }
25
26}

Be aware that the dns hetzner part only works with a custom caddy build, explained here

I found this solution in the caddy forums , posted by user drglove

As I had a hard time finding this, I decided to write this blog post, hoping to help others getting this working.

Omada TP-Link network self-hosted Wifi reverse proxy caddy