Kapow! Behind a Reverse Proxy

In this section we present a series of reverse proxy configurations that augment the capabilities of Kapow!.


In this section we refer to the host running the Kapow! server as kapow:8080.

Serving over HTTPS

Kapow! currently does not support HTTPS but you can use a reverse proxy to serve a Kapow! service via HTTPS.

For testing purposes you can generate a self-signed certificate with the following command:

$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes


  • Automatic Let’s Encrypt Certificate

    Caddy automatically enables HTTPS using Let's Encrypt certificates given that some criteria are met.

    proxy / kapow:8080
  • Automatic Self-signed Certificate

    If you want Caddy to automatically generate a self-signed certificate for testing you can use the following configuration.

    proxy / kapow:8080
    tls self_signed
  • Custom Certificate

    If you already have a valid certificate for your server use this configuration.

    proxy / kapow:8080
    tls /path/to/cert.pem /path/to/key.pem


With the following configuration you can run HAProxy with a custom certificate.

frontend myserver.local
    bind *:443 ssl crt /path/to/myserver.local.pem
    mode http
    default_backend nodes

backend nodes
    mode http
    server kapow1 kapow:8080


You can produce myserver.local.pem from the certificates in previous examples with this command:

$ cat /path/to/cert.pem /path/to/key.pem > /path/to/myserver.local.pem


With the following configuration you can run nginx with a custom certificate.

server {
 listen              443 ssl;
 server_name         myserver.local;
 ssl_certificate     /path/to/cert.pem;
 ssl_certificate_key /path/to/key.pem;

 location / {
     proxy_pass http://kapow:8080;