Nginx Reverse Proxy with Wildcard Routing behind a Caddy Reverse Proxy: Two layers are better than one

Anyone running more complex services with Caddy as a reverse proxy on the host system, especially when Docker container stacks are involved, cannot avoid the setup process of a second reverse proxy. I now had the use case of using another Nginx reverse proxy as a Docker ingress service behind a Caddy reverse proxy (which listens on port 443, runs as a system service, and then proxies to a local port). For this setup to work, however, it is important to note that the domains must be specified statically - wildcard placeholders do not work in Caddy behind another reverse proxy.

So here, in brief, is a Docker demo setup that has been tested and works for this rather special case:

Wildcards and Caddy

As I found out, Caddy cannot process wildcard forwarding in the following format: *.SLD.TLD

Nginx, on the other hand, has no problem with this - so my only option was to use Nginx as a second reverse proxy. Since Caddy would not really be able to play to its greatest strength of automatically creating SSL certificates as a Docker ingress proxy behind a system-wide proxy anyway, that is not particularly dramatic.