1. Caddy version (caddy version
):
v2.4.6
2. How I run Caddy:
caddy run
a. System environment:
Linux Debian 11
b. Command:
caddy run
c. Service/unit/compose file:
Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.
d. My complete Caddyfile or JSON config:
# Global config
{
# Let's Encrypt
email etienne.blanchet@soverin.net
# No admin
admin off
}
*.etienneblanchet.fr {
tls {
dns gandi SECRET
}
#@password host password.etienneblanchet.fr
#handle @password {
#respond "Password"
# reverse_proxy 192.168.2.60:443 {
# header_up Host {upstream_hostport}
# header_up X-Forwarded-Host {host}
# }
#}
@drive host drive.etienneblanchet.fr
handle @drive {
#respond "Drive"
reverse_proxy 192.168.2.100:10003
}
@diskstation host diskstation.etienneblanchet.fr
handle @diskstation {
#respond "Diskstation"
reverse_proxy 192.168.2.100:5001
header / Strict-Transport-Security "max-age=63072000"
}
#Fallback for otherwise unhandled domains
handle {
abort
respond "Ce domaine n'existe pas!"
}
}
3. The problem I’m having:
Hi, I’m trying to use Caddy for reverse proxy purposes.
I need a wildcard certificate for my domain etienneblanchet.fr and redirect each subdomain to the specific server.
So far the wildcard certificate runs perfectly but I’m having an issue with redirections.
With the Caddyfile above, I’m not able to have access to my HTTPS services. I’m always having an answer on the site.
Use case
- In my Pi-hole, I’m having directed all my subdomains to Caddy IP
- I run caddy with “caddy run”
- Accessing from my browser (Edge or Firefox) the URL : https://diskstation.etienneblanchet.fr gives me the following error
"400 Bad Request
The plain HTTP request was sent to HTTPS port"
Am I missing some instructions in my Caddyfile ?
Thanks for helping
4. Error messages and/or full log output:
Preformatted text
nov. 24 13:28:48 Caddy systemd[1]: Starting Caddy...
nov. 24 13:28:48 Caddy caddy[8681]: caddy.HomeDir=/var/lib/caddy
nov. 24 13:28:48 Caddy caddy[8681]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
nov. 24 13:28:48 Caddy caddy[8681]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
nov. 24 13:28:48 Caddy caddy[8681]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
nov. 24 13:28:48 Caddy caddy[8681]: caddy.Version=v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=
nov. 24 13:28:48 Caddy caddy[8681]: runtime.GOOS=linux
nov. 24 13:28:48 Caddy caddy[8681]: runtime.GOARCH=amd64
nov. 24 13:28:48 Caddy caddy[8681]: runtime.Compiler=gc
nov. 24 13:28:48 Caddy caddy[8681]: runtime.NumCPU=8
nov. 24 13:28:48 Caddy caddy[8681]: runtime.GOMAXPROCS=8
nov. 24 13:28:48 Caddy caddy[8681]: runtime.Version=go1.17
nov. 24 13:28:48 Caddy caddy[8681]: os.Getwd=/
nov. 24 13:28:48 Caddy caddy[8681]: LANG=fr_FR.UTF-8
nov. 24 13:28:48 Caddy caddy[8681]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
nov. 24 13:28:48 Caddy caddy[8681]: NOTIFY_SOCKET=/run/systemd/notify
nov. 24 13:28:48 Caddy caddy[8681]: HOME=/var/lib/caddy
nov. 24 13:28:48 Caddy caddy[8681]: LOGNAME=caddy
nov. 24 13:28:48 Caddy caddy[8681]: USER=caddy
nov. 24 13:28:48 Caddy caddy[8681]: INVOCATION_ID=30af1ba617d04ba7a133183dceed7f18
nov. 24 13:28:48 Caddy caddy[8681]: JOURNAL_STREAM=8:29456
nov. 24 13:28:48 Caddy caddy[8681]: {"level":"info","ts":1637756928.3894627,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
nov. 24 13:28:48 Caddy caddy[8681]: {"level":"warn","ts":1637756928.3905225,"logger":"admin","msg":"admin endpoint disabled"}
nov. 24 13:28:48 Caddy caddy[8681]: {"level":"info","ts":1637756928.3906913,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
nov. 24 13:28:48 Caddy caddy[8681]: {"level":"info","ts":1637756928.3907025,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
nov. 24 13:28:48 Caddy caddy[8681]: {"level":"info","ts":1637756928.3907456,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00038d7a0"}
nov. 24 13:28:48 Caddy caddy[8681]: {"level":"info","ts":1637756928.3910933,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/etc/caddy"}
nov. 24 13:28:48 Caddy caddy[8681]: {"level":"info","ts":1637756928.3912022,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc00038d7a0"}
nov. 24 13:28:48 Caddy caddy[8681]: run: loading initial config: loading new config: http app module: start: tcp: listening on :443: listen tcp :443: bind: address already in use
nov. 24 13:28:48 Caddy systemd[1]: Started Caddy.
nov. 24 13:28:48 Caddy systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
nov. 24 13:28:48 Caddy systemd[1]: caddy.service: Failed with result 'exit-code'.
5. What I already tried:
I tried added header_up Host {upstream_hostport} & header_up X-Forwarded-Host {host} to the reverse proxy section but does not work