Amazon EC2, Caddy and Collabora

Hello,

I’m trying to setup a very basic instance of CODE on Amazon.

I currently have 2 VMs:

  • A reverse proxy server running Caddy
  • An instance running CODE on Docker, the docker port 9980 is mapped to: 80, 443 and 9980.

More info in the Collabora Code Docker manual: CODE Docker image — SDK https://sdk.collaboraonline.com/ documentation

I really would like to keep the HTTPS stuff handled only by Caddy and keep the communication between Caddy and Collabora in HTTP (I don’t even know yet if this is possible given the amount of test I made so far)

On Collabora, I get this:

Jul 31 21:16:21 collabora collabora[11078]: wsd-00001-00022 2022-07-31 19:16:21.986949 +0000 [ websrv_poll ] ERR  Unknown resource: /.well-known/acme-challenge/elrRJmo5XiGmybcJI9w7O1bQ2d_Efo_xASWVY7lfFbQ G, host: collabora.server, path: 3
Jul 31 21:16:21 collabora collabora[11078]: [0] '.well-known'
Jul 31 21:16:21 collabora collabora[11078]: [1] 'acme-challenge'
Jul 31 21:16:21 collabora collabora[11078]: [2] 'elrRJmo5XiGmybcJI9w7O1bQ2d_Efo_xASWVY7lfFbQ'
Jul 31 21:16:21 collabora collabora[11078]: full URI: /.well-known/acme-challenge/elrRJmo5XiGmybcJI9w7O1bQ2d_Efo_xASWVY7lfFbQ| wsd/COOLWSD.cpp:3560
Jul 31 21:16:21 collabora podman-collabora-start[10950]: wsd-00001-00022 2022-07-31 19:16:21.986949 +0000 [ websrv_poll ] ERR  Unknown resource: /.well-known/acme-challenge/elrRJmo5XiGmybcJI9w7O1bQ2d_Efo_xASWVY7lfFbQ G, host: collabora.server, path: 3

I don’t know what I can do to fix the situation, I tried many combination of configuration, none of them worked so far. Do you have any advise?

1. Output of caddy version:

Caddy 2.5.2

2. How I run Caddy:

It is completely managed by NixOS. The declaration of the service is:

{ modulesPath, pkgs, lib, config, hostname, ... }:
{
  services.caddy = {
    enable = true;

    virtualHosts."collabora.server".extraConfig = ''
      reverse_proxy https://172.31.36.97
    '';
  };
}

a. System environment:

NixOS 22.05, using systemd.

b. Command:

None, NixOS read the specification and run the service for me.

c. Service/unit/compose file:

[Unit]
StartLimitBurst=10
StartLimitIntervalSec=14400

[Service]
Environment="LOCALE_ARCHIVE=/nix/store/vg0bf7hykzasylkdfd5alb8zw38g1ar0-glibc-locales-2.34-210/lib/locale/locale-archive"
Environment="PATH=/nix/store/2j2lmqsq9pgadlbzzzx70k2iydilq99p-coreutils-9.1/bin:/nix/store/vb34kj44sziw0zslkdfbkdmrx21j7chn-findutils-4.9.0/bin:/nix/store/hq7m6n9wgdf8ds8zd210881wpznm9kjc-gnugrep-3.7/bin:/nix/store/aq35ngg834iw836wi718f8qh12jzcr1h-gnused-4.8/bin:/nix/store/a8586g88saq9fd3jxwl3xgmyr49zp2a7-systemd-251.3/bin:/nix/store/2j2lmqsq9pgadlbzzzx70k2iydilq99p-coreutils-9.1/sbin:/nix/store/vb34kj44sziw0zslkdfbkdmrx21j7chn-findutils-4.9.0/sbin:/nix/store/hq7m6n9wgdf8ds8zd210881wpznm9kjc-gnugrep-3.7/sbin:/nix/store/aq35ngg834iw836wi718f8qh12jzcr1h-gnused-4.8/sbin:/nix/store/a8586g88saq9fd3jxwl3xgmyr49zp2a7-systemd-251.3/sbin"
Environment="TZDIR=/nix/store/5f6s016y7s9n2k6a3h6h5ss3kcxapw3s-tzdata-2022a/share/zoneinfo"



ExecReload=
ExecReload=/nix/store/w8zlc0xzv4m1qmdjfimyr2cj1ds5zjkv-caddy-2.5.2/bin/caddy reload --config /nix/store/cx5n8rsld1m8yk8px7n75lkdrr7nvijs-Caddyfile-formatted --adapter caddyfile --force
ExecStart=
ExecStart=/nix/store/w8zlc0xzv4m1qmdjfimyr2cj1ds5zjkv-caddy-2.5.2/bin/caddy run --config /nix/store/cx5n8rsld1m8yk8px7n75lkdrr7nvijs-Caddyfile-formatted --adapter caddyfile 
ExecStartPre=/nix/store/w8zlc0xzv4m1qmdjfimyr2cj1ds5zjkv-caddy-2.5.2/bin/caddy validate --config /nix/store/cx5n8rsld1m8yk8px7n75lkdrr7nvijs-Caddyfile-formatted --adapter caddyfile
Group=caddy
LogsDirectory=caddy
NoNewPrivileges=true
PrivateDevices=true
ProtectHome=true
ReadWriteDirectories=/var/lib/caddy
Restart=on-abnormal
StateDirectory=caddy
User=caddy

d. My complete Caddy config:

{
    acme_ca https://acme-v02.api.letsencrypt.org/directory
    log {
        level ERROR
    }
}
collabora.server {
    bind

    log {
        output file /var/log/caddy/access-collabora.server.log
    }

    reverse_proxy https://172.31.36.97 {
        transport http {
            tls
            tls_insecure_skip_verify
            read_buffer 8192
        }
    }
}

3. The problem I’m having:

See initial message on the top.

4. Error messages and/or full log output:

See initial message on the top.

5. What I already tried:

I tried to enable/disable https on collabora, caddy and tried all the combinations.

6. Links to relevant resources:

See initial message on the top.

Hi,

We’d love to help you but we need more information. Please fill out the help template completely and then we can assist you.

Thanks!

Hi Matt,

I just updated my original message, I hope it’s ok now.

1 Like

Thanks, that’s helpful.

Are you sure your DNS records for redacted by request is pointed at your machine? It resolves to redacted by request and it replies with an HTTP header of Server: COOLWSD HTTP Server 22.05.4.1 which is definitely not Caddy.

So start by making sure your DNS and network are properly configured.

Oh my god, the IP is not the proper one anymore. Looks like a bad copy paste has been made in the DNS config and/or the IP changed in Amazon. I just updated the DNS records, I’ll report as soon as possible once it’s propagated correctly. THANKS !

1 Like

Issue is now fixed, sorry for the noise !

Matt,

Do you mind obfuscating the dns name into something else now that the issue has been solved?

Thx

Sure, but note that it’s in the edit history and probably archived by third party sites and search engines already. Domains are public knowledge and so redacting them doesn’t do anything useful.

You’re right… Feel free to delete the topic if you’re ok with that ?

That won’t have any effect either, except frustrating future searchers who have the same problem and are looking for a solution. We like to keep topics visible here to reduce repeated questions.

Understood. I was hoping you’d say yes because the issue was, in the end, not because of Caddy or Collabora, but because of a misconfiguration in the DNS.

Yep, and that’s actually a very very common mistake, so it’s important to leave that up for other searchers to find. Thanks for understanding!