1. Output of caddy version
:
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I run Caddy:
I run caddy installed via the apt
package manager, using caddy run
.
a. System environment:
Ubuntul 22.04. Installed via apt
package manager.
b. Command:
$ sudo caddy adapt
$ sudo caddy run
c. Service/unit/compose file:
d. My complete Caddy config:
annuum.rocks {
# reverse_proxy http://localhost:8080
respond "Hello, world!"
}
https://localhost {
respond "Hello, world!"
}
3. The problem I’m having:
I’m attempting to use caddy to reverse proxy to my backend, hosted on 8080. If I use curl https://localhost
it responds with “Hello, world!”, as expected. But if I use my public IP (which I’ve checked is port forwarded, and the domain can resolve to), it ends up wanting to timeout. Using curl annuum.rocks
without https://
results in a permanent redirect to it with https://
.
4. Error messages and/or full log output:
2022/12/14 11:09:53.524 WARN Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies {"adapter": "caddyfile", "file": "Caddyfile", "line": 1}
2022/12/14 11:09:53.524 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2022/12/14 11:09:53.525 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2022/12/14 11:09:53.525 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2022/12/14 11:09:53.525 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0x40004a2e00"}
2022/12/14 11:09:53.525 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2022/12/14 11:09:53.526 INFO tls finished cleaning storage units
2022/12/14 11:09:53.536 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"}
2022/12/14 11:09:53.536 INFO http enabling HTTP/3 listener {"addr": ":443"}
2022/12/14 11:09:53.536 INFO failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2022/12/14 11:09:53.536 DEBUG http starting server loop {"address": "[::]:443", "tls": true, "http3": true}
2022/12/14 11:09:53.536 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2022/12/14 11:09:53.536 DEBUG http starting server loop {"address": "[::]:80", "tls": false, "http3": false}
2022/12/14 11:09:53.536 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2022/12/14 11:09:53.536 INFO http enabling automatic TLS certificate management {"domains": ["localhost", "150.230.11.14", "annuum.rocks"]}
2022/12/14 11:09:53.537 WARN tls stapling OCSP {"error": "no OCSP stapling for [localhost]: no OCSP server specified in certificate", "identifiers": ["localhost"]}
2022/12/14 11:09:53.537 DEBUG tls.cache added certificate to cache {"subjects": ["localhost"], "expiration": "2022/12/14 21:16:59.000", "managed": true, "issuer_key": "local", "hash": "a6109024294288c7083ece1fabd948b1f24a6eb1694159bf01b93f9d435db3c6", "cache_size": 1, "cache_capacity": 10000}
2022/12/14 11:09:53.537 DEBUG events event {"name": "cached_managed_cert", "id": "eb9651bc-8dae-477c-a1ca-783d15abc321", "origin": "tls", "data": {"sans":["localhost"]}}
2022/12/14 11:09:53.537 WARN tls stapling OCSP {"error": "no OCSP stapling for [150.230.11.14]: no OCSP server specified in certificate", "identifiers": ["150.230.11.14"]}
2022/12/14 11:09:53.537 DEBUG tls.cache added certificate to cache {"subjects": ["150.230.11.14"], "expiration": "2022/12/14 22:54:48.000", "managed": true, "issuer_key": "local", "hash": "da9e4585bc49c903d89b6d67eecc3876898eca028519fe333d74325d04cfa527", "cache_size": 2, "cache_capacity": 10000}
2022/12/14 11:09:53.537 DEBUG events event {"name": "cached_managed_cert", "id": "5dd040f5-d992-41b4-9a16-32579bf9a04e", "origin": "tls", "data": {"sans":["150.230.11.14"]}}
2022/12/14 11:09:53.537 DEBUG tls loading managed certificate {"domain": "annuum.rocks", "expiration": "2023/03/14 07:11:26.000", "issuer_key": "acme-v02.api.letsencrypt.org-directory", "storage": "FileStorage:/root/.local/share/caddy"}
2022/12/14 11:09:53.537 DEBUG tls.cache added certificate to cache {"subjects": ["annuum.rocks"], "expiration": "2023/03/14 07:11:26.000", "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "5284bcb59133c2ce9e59d698d1c0f11e034176c66429f8519795a8736b73d88d", "cache_size": 3, "cache_capacity": 10000}
2022/12/14 11:09:53.537 DEBUG events event {"name": "cached_managed_cert", "id": "cc182864-3d35-44d0-9cd6-fd83fa73f96f", "origin": "tls", "data": {"sans":["annuum.rocks"]}}
2022/12/14 11:09:53.538 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2022/12/14 11:09:53.538 INFO serving initial configuration
2022/12/14 11:09:59.115 DEBUG events event {"name": "tls_get_certificate", "id": "d1accca5-c92d-4410-972d-9dd4b6284a23", "origin": "tls", "data": {"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"localhost","SupportedCurves":[29,23,30,25,24,256,257,258,259,260],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
2022/12/14 11:09:59.115 DEBUG tls.handshake choosing certificate {"identifier": "localhost", "num_choices": 1}
2022/12/14 11:09:59.115 DEBUG tls.handshake default certificate selection results {"identifier": "localhost", "subjects": ["localhost"], "managed": true, "issuer_key": "local", "hash": "a6109024294288c7083ece1fabd948b1f24a6eb1694159bf01b93f9d435db3c6"}
2022/12/14 11:09:59.115 DEBUG tls.handshake matched certificate in cache {"remote_ip": "127.0.0.1", "remote_port": "57214", "subjects": ["localhost"], "managed": true, "expiration": "2022/12/14 21:16:59.000", "hash": "a6109024294288c7083ece1fabd948b1f24a6eb1694159bf01b93f9d435db3c6"}
5. What I already tried:
I’ve been able to connect successfully when I disable automatic HTTPS. I’ve attempted to use my own SSL certificates provided by name.com, the service who has my domain, but that results in the same issue.