Hello,
I’m trying to setup a very basic instance of CODE on Amazon.
I currently have 2 VMs:
- A reverse proxy server running Caddy
- An instance running CODE on Docker, the docker port 9980 is mapped to: 80, 443 and 9980.
More info in the Collabora Code Docker manual: CODE Docker image — SDK https://sdk.collaboraonline.com/ documentation
I really would like to keep the HTTPS stuff handled only by Caddy and keep the communication between Caddy and Collabora in HTTP (I don’t even know yet if this is possible given the amount of test I made so far)
On Collabora, I get this:
Jul 31 21:16:21 collabora collabora[11078]: wsd-00001-00022 2022-07-31 19:16:21.986949 +0000 [ websrv_poll ] ERR Unknown resource: /.well-known/acme-challenge/elrRJmo5XiGmybcJI9w7O1bQ2d_Efo_xASWVY7lfFbQ G, host: collabora.server, path: 3
Jul 31 21:16:21 collabora collabora[11078]: [0] '.well-known'
Jul 31 21:16:21 collabora collabora[11078]: [1] 'acme-challenge'
Jul 31 21:16:21 collabora collabora[11078]: [2] 'elrRJmo5XiGmybcJI9w7O1bQ2d_Efo_xASWVY7lfFbQ'
Jul 31 21:16:21 collabora collabora[11078]: full URI: /.well-known/acme-challenge/elrRJmo5XiGmybcJI9w7O1bQ2d_Efo_xASWVY7lfFbQ| wsd/COOLWSD.cpp:3560
Jul 31 21:16:21 collabora podman-collabora-start[10950]: wsd-00001-00022 2022-07-31 19:16:21.986949 +0000 [ websrv_poll ] ERR Unknown resource: /.well-known/acme-challenge/elrRJmo5XiGmybcJI9w7O1bQ2d_Efo_xASWVY7lfFbQ G, host: collabora.server, path: 3
I don’t know what I can do to fix the situation, I tried many combination of configuration, none of them worked so far. Do you have any advise?
1. Output of caddy version
:
Caddy 2.5.2
2. How I run Caddy:
It is completely managed by NixOS. The declaration of the service is:
{ modulesPath, pkgs, lib, config, hostname, ... }:
{
services.caddy = {
enable = true;
virtualHosts."collabora.server".extraConfig = ''
reverse_proxy https://172.31.36.97
'';
};
}
a. System environment:
NixOS 22.05, using systemd.
b. Command:
None, NixOS read the specification and run the service for me.
c. Service/unit/compose file:
[Unit]
StartLimitBurst=10
StartLimitIntervalSec=14400
[Service]
Environment="LOCALE_ARCHIVE=/nix/store/vg0bf7hykzasylkdfd5alb8zw38g1ar0-glibc-locales-2.34-210/lib/locale/locale-archive"
Environment="PATH=/nix/store/2j2lmqsq9pgadlbzzzx70k2iydilq99p-coreutils-9.1/bin:/nix/store/vb34kj44sziw0zslkdfbkdmrx21j7chn-findutils-4.9.0/bin:/nix/store/hq7m6n9wgdf8ds8zd210881wpznm9kjc-gnugrep-3.7/bin:/nix/store/aq35ngg834iw836wi718f8qh12jzcr1h-gnused-4.8/bin:/nix/store/a8586g88saq9fd3jxwl3xgmyr49zp2a7-systemd-251.3/bin:/nix/store/2j2lmqsq9pgadlbzzzx70k2iydilq99p-coreutils-9.1/sbin:/nix/store/vb34kj44sziw0zslkdfbkdmrx21j7chn-findutils-4.9.0/sbin:/nix/store/hq7m6n9wgdf8ds8zd210881wpznm9kjc-gnugrep-3.7/sbin:/nix/store/aq35ngg834iw836wi718f8qh12jzcr1h-gnused-4.8/sbin:/nix/store/a8586g88saq9fd3jxwl3xgmyr49zp2a7-systemd-251.3/sbin"
Environment="TZDIR=/nix/store/5f6s016y7s9n2k6a3h6h5ss3kcxapw3s-tzdata-2022a/share/zoneinfo"
ExecReload=
ExecReload=/nix/store/w8zlc0xzv4m1qmdjfimyr2cj1ds5zjkv-caddy-2.5.2/bin/caddy reload --config /nix/store/cx5n8rsld1m8yk8px7n75lkdrr7nvijs-Caddyfile-formatted --adapter caddyfile --force
ExecStart=
ExecStart=/nix/store/w8zlc0xzv4m1qmdjfimyr2cj1ds5zjkv-caddy-2.5.2/bin/caddy run --config /nix/store/cx5n8rsld1m8yk8px7n75lkdrr7nvijs-Caddyfile-formatted --adapter caddyfile
ExecStartPre=/nix/store/w8zlc0xzv4m1qmdjfimyr2cj1ds5zjkv-caddy-2.5.2/bin/caddy validate --config /nix/store/cx5n8rsld1m8yk8px7n75lkdrr7nvijs-Caddyfile-formatted --adapter caddyfile
Group=caddy
LogsDirectory=caddy
NoNewPrivileges=true
PrivateDevices=true
ProtectHome=true
ReadWriteDirectories=/var/lib/caddy
Restart=on-abnormal
StateDirectory=caddy
User=caddy
d. My complete Caddy config:
{
acme_ca https://acme-v02.api.letsencrypt.org/directory
log {
level ERROR
}
}
collabora.server {
bind
log {
output file /var/log/caddy/access-collabora.server.log
}
reverse_proxy https://172.31.36.97 {
transport http {
tls
tls_insecure_skip_verify
read_buffer 8192
}
}
}
3. The problem I’m having:
See initial message on the top.
4. Error messages and/or full log output:
See initial message on the top.
5. What I already tried:
I tried to enable/disable https on collabora, caddy and tried all the combinations.
6. Links to relevant resources:
See initial message on the top.