I have a multi-server setup where my app lies on one set of servers, my database on one server and a load balancer on another server. I am using Caddy as the web server on both the app servers and the load balancer.
Accessing the app server directly works fine and accessing the load balancer server over HTTP works great as well. I run into problems when trying to access the load balancer over HTTPS. If I set the tls
directive to self_signed
it works great (minus the big warning in the browser), but when I change the directive to an email address, I get the following error in Chrome: This site can’t provide a secure connection
. However, no errors display in the load balancer’s error logs. I have manually created the .caddy
directory in the $HOME
directory and chown
ed it to the proper user and group (www-data). Not sure what else to do.
Here is the Caddyfile:
:80 {
log /var/www/html/access.log
errors /var/www/html/errors.log
tls off
# tls development@blusolutions.com
proxy / 159.203.66.146 {
policy least_conn
transparent
insecure_skip_verify
}
}
:443 {
log /var/www/html/access.log
errors /var/www/html/errors.log
# tls self_signed #this works
tls redacted@redacted.com #this does not work
proxy / https://159.203.66.146 {
policy least_conn
transparent
insecure_skip_verify
}
}
I am running caddy with the following command:
"/usr/bin/caddy --conf /etc/Caddyfile --agree"
Below is the entire docker file for the load balancer if that helps:
FROM phusion/baseimage
MAINTAINER redacted
RUN apt-get update -y
RUN apt-get upgrade -y
## Install add-apt-repository
RUN apt-get install -y \
software-properties-common \
python-software-properties
## Install prerequisites
RUN apt-get install -y \
curl \
vim
## Install Caddy
RUN curl --silent --show-error --fail --location \
--header "Accept: application/tar+gzip, application/x-gzip, application/octet-stream" \
-o - "https://github.com/mholt/caddy/releases/download/v0.9.1/caddy_linux_amd64.tar.gz" \
| tar --no-same-owner -xz caddy_linux_amd64 \
&& mv caddy_linux_amd64 /usr/bin/caddy
RUN chmod 0755 /usr/bin/caddy && \
setcap cap_net_bind_service=+ep /usr/bin/caddy
## Run Some Setup
EXPOSE 80 443
WORKDIR /var/www/html
RUN mkdir /var/www/.caddy && \
chown www-data:www-data /var/www/.caddy && \
chown www-data:www-data /var/www/html
USER www-data
COPY Caddyfile /etc/Caddyfile
CMD ["/usr/bin/caddy", "--conf", "/etc/Caddyfile", "--agree"]