1. Caddy version (caddy version
):
v2.3.0
2. How I run Caddy:
I am using caddy docker image: caddy:2.3.0
a. System environment:
Docker version 20.10.7
b. Command:
docker-compose up -d
c. Service/unit/compose file:
version: "3.7"
services:
caddy:
image: caddy:2.3.0
restart: unless-stopped
ports:
- 80:80
- 8080:8080
- 443:443
- 4430:4430
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data
- caddy_config:/config
networks:
- wazuh-docker_default
volumes:
caddy_data:
caddy_config:
networks:
wazuh-docker_default:
external: true
d. My complete Caddyfile or JSON config:
monitoring.eyelab.kz {
reverse_proxy kibana:5601
}
95.58.194.34:8080 {
tls internal {
on_demand
}
respond "Hello"
}
3. The problem I’m having:
I have a site on domain monitoring.eyelab.kz
which works perfectly fine. And now I need to be able to access the site via its ip address, because of a device that can only use ip address. I also want the communication to be encrypted, but the ip part does not seem to work. The error I get is This site can’t provide a secure connection
when trying https://95.58.194.34:8080
or https://95.58.194.34
on my browser.
4. Error messages and/or full log output:
* Rebuilt URL to: https://95.58.194.34:8080/
* Trying 95.58.194.34...
* TCP_NODELAY set
* Connected to 95.58.194.34 (95.58.194.34) port 8080 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, Server hello (2):
* error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
* stopped the pause stream!
* Closing connection 0
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
5. What I already tried:
When remove domain name part in Caddyfile and leave it as
:443 {
tls internal {
on_demand
}
respond "Hello"
}
or
{
https_port 8080
}
:8080 {
tls internal {
on_demand
}
respond "Hello"
}
it works for ip address