Docs
View Categories

This guide explains how to make ITMKit accessible from the public internet with a trusted HTTPS certificate, using Caddy as a reverse proxy.

When Do You Need This?

  • Staff need to access ITMKit from home or while traveling
  • You have a registered domain name pointing to your server’s public IP
  • You want a trusted certificate with no warnings on any device and no certificate installation required on each device

How It Works

Caddy sits in front of ITMKit and handles all incoming traffic on ports 80 and 443. It automatically obtains and renews a free SSL certificate from Let’s Encrypt. ITMKit continues to run on HTTP on port 8000 internally — only Caddy faces the internet.

Internet → Port 443 (SSL) → Caddy → localhost:8000 → ITMKit

Before You Start

You will need:

  • A registered domain name (e.g. itmkit.yourcompany.com)
  • The domain’s DNS A record pointing to your server’s public IP address
  • Ports 80 and 443 open on your router (port forwarding to the server IP) and Windows Firewall
  • Caddy installed on the server

Step 1: Install Caddy

  1. Download Caddy from caddyserver.com/download — select the Windows AMD64 build.
  2. Place caddy.exe in C:\ITMKit\caddy.
  3. Allow caddy.exe through Windows Firewall on ports 80 and 443.

Step 2: Create the Caddyfile

Create a file named Caddyfile (no extension) in C:\ITMKit\caddy\ with the following content:

itmkit.yourcompany.com {
reverse_proxy localhost:8000
}

Replace itmkit.yourcompany.com with your actual domain. Caddy will automatically obtain the SSL certificate from Let’s Encrypt and renew it before it expires.

Step 3: Run Caddy as a Windows Service

Open Command Prompt as Administrator in C:\ITMKit\caddy\ and run:

caddy service install
caddy service start

Caddy will now start automatically when the server boots.

Step 4: Update the Server URL in ITMKit

  1. Go to Admin → Settings → System → Network Access.
  2. Set Host / IP to your domain name (e.g. itmkit.yourcompany.com).
  3. Select HTTPS — Internet (reverse proxy).
  4. Click Save.

Verify

Navigate to https://itmkit.yourcompany.com from a device outside your network (mobile phone on 4G, not WiFi). The login page should load with a valid padlock and no security warnings.

Keep in Mind

  • SSL certificates from Let’s Encrypt expire every 90 days. Caddy renews them automatically — no action needed.
  • Port 80 must be reachable from the internet for Let’s Encrypt to work.
  • ITMKit itself does not need to change — it stays on port 8000, HTTP only.

Troubleshooting

Certificate error / cannot obtain certificate
Check your DNS A record points to the correct public IP. DNS changes can take up to 24 hours to propagate.

Loads on LAN but not from internet
Check port forwarding on your router (ports 80 and 443 → server IP).

QR codes show wrong URL
Update the Server URL in Admin → Settings to your domain after completing this setup.

Next Steps

→ Network Access Setup
→ HTTPS Setup — LAN (Self-Signed Certificate)

What are your Feelings

Back To Top