API Remote Management

Help
1

1. The problem I’m having:

I’m trying to get remote management working but the documentation on it is pretty sparse and it’s been difficult finding much discussion about it. I’ve been using this (Configuring Caddy for Remote Administration) as a guide but not having much luck, I’m getting ERR_SSL_TLSV1_ALERT_INTERNAL_ERROR when I try to connect.

2. Error messages and/or full log output:

I’m making the request via node fetch and sending my cert/key, the full error is:

{
    library: 'SSL routines',
    reason: 'tlsv1 alert internal error',
    code: 'ERR_SSL_TLSV1_ALERT_INTERNAL_ERROR'
  }

3. Caddy version:

v2.7.5 h1:HoysvZkLcN2xJExEepaFHK92Qgs7xAiCFydN5x5Hs6Q=

4. How I installed and ran Caddy:

I’ve installed it as a service.

a. System environment:

AWS EC2, t2.micro running Amazon Linux

b. Command:

Running as a service.

d. My complete Caddy config:

{
	"admin": {
	   "identity": {
		 "identifiers": [
		 	"IP..REDACTED",
			"127.0.0.1",
			"localhost",
			"REDACTED.com"
		 ],
	   },
	   "remote": {
		 "listen": ":2019",
		 "access_control": [
		   {
			 "public_keys": [
			   "REDACTED"
			 ]
		   }
		 ]
	   }
	},
	"logging": {
	  "logs": {
		"json": {
			"writer": {
				"filename": "/var/log/caddy/caddy.log",
				"output": "file"
			},
			"encoder": {
				"format": "json"
			}
		}
	  }
	},
	"apps":
	{
		"http":
		{
			"servers":
			{
				"clients":
				{
					"listen": [":443"],
					"routes": [

						{
							"@id": "default_handler",
							"handle": [
								{
									"handler": "headers",
									"response": {
										"set": {
											"Content-Security-Policy": [";base-uri 'none';object-src 'none';"],
											"X-Frame-Options": [ "Deny" ]
										}
									}
								},
								{
									"bucket_address": stage_name+'.cdn.REDACTED.com',
									"handler": "vars"
								},
								{
									"handler": "vars",
									"original_path": "{http.request.uri.path}"
								},
								{
									"encodings":
									{
										"gzip": {}
									},
									"handler": "encode",
									"minimum_length": 0
								},
								{
									"handler": "subroute",
									"routes": [

									{
										"match": [
										{
											"path": ["/sitemap.xml"]
										}],
										"handle": [
										{
											"handler": "rewrite",
											"uri": "/sites/{http.vars.site_id}/live/html/sitemap.xml"
										},
										{
											"handler": "reverse_proxy",
											"headers":
											{
												"request":
												{
													"set":
													{
														"Host": ["{http.vars.bucket_address}"]
													}
												}
											},
											"upstreams": [
											{
												"dial": "{http.vars.bucket_address}:80"
											}]
										}]
									},


									{
										"match": [
										{
											"path": ["*.html"]
										}],
										"handle": [
										{
											"body": "404 - File Not Found - /{http.vars.site_id}/live/html{http.vars.original_path}",
											"handler": "static_response",
											"status_code": 404
										}]
									},
									{
										"match": [
										{
											"path_regexp":
											{
												"pattern": ".+[^/]$"
											}
										}],
										"handle": [
										{
											"handler": "static_response",
											"headers":
											{
												"Location": ["{http.request.uri}/"]
											},
											"status_code": 301
										}]
									},
									{
										"handle": [
										{
											"handler": "rewrite",
											"uri": "/sites/{http.vars.site_id}/live/html{http.vars.original_path}index.html"
										},
										{
											"handle_response": [
											{
												"match":
												{
													"status_code": [403]
												},
												"routes": [{
													"handle": [
														{
															"handler": "rewrite",
															"uri": "/api/publish?from_proxy=true&site_id={http.vars.site_id}&path={http.request.orig_uri}"
														},
														{
															"handler": "reverse_proxy",
															"headers":
															{
																"request":
																{
																	"set":
																	{
																		"Host": ["{http.reverse_proxy.upstream.hostport}"]
																	}
																}
															},
															"upstreams": [{
																"dial": stage_name+'.dashboard.REDACTED.com:443'
															}],
															"transport": {
																"protocol": "http",
																"tls": {}
														   }
														}
													]
												}]
											}],
											"handler": "reverse_proxy",
											"headers":
											{
												"request":
												{
													"set":
													{
														"Host": ["{http.vars.bucket_address}"]
													}
												}
											},
											"upstreams": [
											{
												"dial": "{http.vars.bucket_address}:80"
											}]
										}]
									}]
								}
							]
						}
					]
				}
			}
		}
	}
}
2

Yeah, sorry, totally my bad – something I want to work on this year after the 2.8 release is improving the docs, and one of those will be remote API setup.

We’ll need more details to reproduce the error you’re getting, right now domains are redacted (this matters, and is why it’s against our forum rules), and there’s no information about how you’re connecting to the API. That matters too. No Caddy logs given either… so all we can do is guess. With more information we may be able to help.

1 Like
3

I gave up and ended up just using NodeSSH to administer the API. But thank you for the response and I appreciate all you’re doing here with Caddy.