Hello,
I’m using the symfony/caddy/docker repository to create a new project.
caddy:2.7-builder-alpine
It works fine locally but when I try to deploy to AWS I get the following error when going to the url.
ERR_SSL_PROTOCOL_ERROR
Debugging the docker file using curl https://localhost gives me the following.
OpenSSL/3.1.0: error:0A000438:SSL routines::tlsv1 alert internal error
I tried adding the tls internal thing but I think that made it worse.
My caddyfile
# Debug
{$CADDY_DEBUG}
}
{$SERVER_NAME}
{$CADDY_EXTRA_CONFIG}
tls internal
log
route {
root * /srv/app/public
php_fastcgi unix//var/run/php/php-fpm.sock
encode zstd gzip
file_server
}
Full logs of the deploy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.988972,"logger":"tls.obtain","msg":"releasing lock","identifier":"ec2-3-71-180-224.eu-central-1.compute.amazonaws.com"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.988754,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"ec2-3-71-180-224.eu-central-1.compute.amazonaws.com"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9862328,"logger":"tls.obtain","msg":"lock acquired","identifier":"ec2-3-71-180-224.eu-central-1.compute.amazonaws.com"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9865072,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"ec2-3-71-180-224.eu-central-1.compute.amazonaws.com"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9843495,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9845133,"logger":"tls","msg":"finished cleaning storage units"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9829824,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9831784,"msg":"serving initial configuration"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.983562,"logger":"tls.obtain","msg":"acquiring lock","identifier":"ec2-3-71-180-224.eu-central-1.compute.amazonaws.com"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9819977,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9825065,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9826229,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["ec2-3-71-180-224.eu-central-1.compute.amazonaws.com"]} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.981091,"msg":"certificate installed properly in linux trusts"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9815476,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9817789,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9350076,"msg":"warning: \"certutil\" is not available, install \"certutil\" with \"apt install libnss3-tools\" or \"yum install nss-tools\" and try again"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9352045,"msg":"define JAVA_HOME environment variable to use the Java trust"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"warn","ts":1685443014.9346704,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9181857,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000213c70"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9054646,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9056873,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"warn","ts":1685443014.9058027,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.9020207,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"warn","ts":1685443014.9003615,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2} 87c968621da64b5c99e4c5a8b9de8e7c caddy
5/30/2023, 12:36:54 PM GMT+2 {"level":"info","ts":1685443014.897928,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}```
What could be the problem? Im at a loss.