Able to access locally, but not with domain or public IP

CoolSlimbo · December 14, 2022, 11:14am

1. Output of `caddy version`:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

I run caddy installed via the apt package manager, using caddy run.

a. System environment:

Ubuntul 22.04. Installed via apt package manager.

b. Command:

$ sudo caddy adapt
$ sudo caddy run

c. Service/unit/compose file:

d. My complete Caddy config:

annuum.rocks {
        # reverse_proxy http://localhost:8080
        respond "Hello, world!"
}

https://localhost {
        respond "Hello, world!"
}

3. The problem I’m having:

I’m attempting to use caddy to reverse proxy to my backend, hosted on 8080. If I use curl https://localhost it responds with “Hello, world!”, as expected. But if I use my public IP (which I’ve checked is port forwarded, and the domain can resolve to), it ends up wanting to timeout. Using curl annuum.rocks without https:// results in a permanent redirect to it with https://.

4. Error messages and/or full log output:

2022/12/14 11:09:53.524 WARN    Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies    {"adapter": "caddyfile", "file": "Caddyfile", "line": 1}
2022/12/14 11:09:53.524 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2022/12/14 11:09:53.525 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2022/12/14 11:09:53.525 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2022/12/14 11:09:53.525 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0x40004a2e00"}
2022/12/14 11:09:53.525 INFO    tls     cleaning storage unit   {"description": "FileStorage:/root/.local/share/caddy"}
2022/12/14 11:09:53.526 INFO    tls     finished cleaning storage units
2022/12/14 11:09:53.536 INFO    pki.ca.local    root certificate is already trusted by system   {"path": "storage:pki/authorities/local/root.crt"}
2022/12/14 11:09:53.536 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2022/12/14 11:09:53.536 INFO    failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2022/12/14 11:09:53.536 DEBUG   http    starting server loop    {"address": "[::]:443", "tls": true, "http3": true}
2022/12/14 11:09:53.536 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2022/12/14 11:09:53.536 DEBUG   http    starting server loop    {"address": "[::]:80", "tls": false, "http3": false}
2022/12/14 11:09:53.536 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2022/12/14 11:09:53.536 INFO    http    enabling automatic TLS certificate management   {"domains": ["localhost", "150.230.11.14", "annuum.rocks"]}
2022/12/14 11:09:53.537 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [localhost]: no OCSP server specified in certificate", "identifiers": ["localhost"]}
2022/12/14 11:09:53.537 DEBUG   tls.cache       added certificate to cache      {"subjects": ["localhost"], "expiration": "2022/12/14 21:16:59.000", "managed": true, "issuer_key": "local", "hash": "a6109024294288c7083ece1fabd948b1f24a6eb1694159bf01b93f9d435db3c6", "cache_size": 1, "cache_capacity": 10000}
2022/12/14 11:09:53.537 DEBUG   events  event   {"name": "cached_managed_cert", "id": "eb9651bc-8dae-477c-a1ca-783d15abc321", "origin": "tls", "data": {"sans":["localhost"]}}
2022/12/14 11:09:53.537 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [150.230.11.14]: no OCSP server specified in certificate", "identifiers": ["150.230.11.14"]}
2022/12/14 11:09:53.537 DEBUG   tls.cache       added certificate to cache      {"subjects": ["150.230.11.14"], "expiration": "2022/12/14 22:54:48.000", "managed": true, "issuer_key": "local", "hash": "da9e4585bc49c903d89b6d67eecc3876898eca028519fe333d74325d04cfa527", "cache_size": 2, "cache_capacity": 10000}
2022/12/14 11:09:53.537 DEBUG   events  event   {"name": "cached_managed_cert", "id": "5dd040f5-d992-41b4-9a16-32579bf9a04e", "origin": "tls", "data": {"sans":["150.230.11.14"]}}
2022/12/14 11:09:53.537 DEBUG   tls     loading managed certificate     {"domain": "annuum.rocks", "expiration": "2023/03/14 07:11:26.000", "issuer_key": "acme-v02.api.letsencrypt.org-directory", "storage": "FileStorage:/root/.local/share/caddy"}
2022/12/14 11:09:53.537 DEBUG   tls.cache       added certificate to cache      {"subjects": ["annuum.rocks"], "expiration": "2023/03/14 07:11:26.000", "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "5284bcb59133c2ce9e59d698d1c0f11e034176c66429f8519795a8736b73d88d", "cache_size": 3, "cache_capacity": 10000}
2022/12/14 11:09:53.537 DEBUG   events  event   {"name": "cached_managed_cert", "id": "cc182864-3d35-44d0-9cd6-fd83fa73f96f", "origin": "tls", "data": {"sans":["annuum.rocks"]}}
2022/12/14 11:09:53.538 INFO    autosaved config (load with --resume flag)      {"file": "/root/.config/caddy/autosave.json"}
2022/12/14 11:09:53.538 INFO    serving initial configuration
2022/12/14 11:09:59.115 DEBUG   events  event   {"name": "tls_get_certificate", "id": "d1accca5-c92d-4410-972d-9dd4b6284a23", "origin": "tls", "data": {"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"localhost","SupportedCurves":[29,23,30,25,24,256,257,258,259,260],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
2022/12/14 11:09:59.115 DEBUG   tls.handshake   choosing certificate    {"identifier": "localhost", "num_choices": 1}
2022/12/14 11:09:59.115 DEBUG   tls.handshake   default certificate selection results   {"identifier": "localhost", "subjects": ["localhost"], "managed": true, "issuer_key": "local", "hash": "a6109024294288c7083ece1fabd948b1f24a6eb1694159bf01b93f9d435db3c6"}
2022/12/14 11:09:59.115 DEBUG   tls.handshake   matched certificate in cache    {"remote_ip": "127.0.0.1", "remote_port": "57214", "subjects": ["localhost"], "managed": true, "expiration": "2022/12/14 21:16:59.000", "hash": "a6109024294288c7083ece1fabd948b1f24a6eb1694159bf01b93f9d435db3c6"}

5. What I already tried:

I’ve been able to connect successfully when I disable automatic HTTPS. I’ve attempted to use my own SSL certificates provided by name.com, the service who has my domain, but that results in the same issue.

francislavoie · December 16, 2022, 6:32am

Are you trying that from your local network? Try making a request from outside your network (e.g. from your cellphone over cellular networks, not over WiFi).

I just tried it, and I see an “online blueprint viewer”, so I assume it’s working.

Your router probably doesn’t support NAT hairpinning, which means it doesn’t know how to take TCP packets containing your WAN IP (i.e. the IP address that your domain resolves to), and send it back into your network at the correct server.

The usual solution is to run a DNS server in your local network which can resolve your domain to your LAN IP instead, so all devices in your network will be able to directly connect to your local server instead packets getting stuck at your router.

system · January 13, 2023, 11:14am

This topic was automatically closed after 30 days. New replies are no longer allowed.