Basic Caddy installation failing on Automatic HTTPS

rhester72 · August 15, 2016, 4:37pm

Dual-stack Linux box with multiple IPv4 and IPv6 addresses (among which are 172.16.0.26 and 172.16.0.27) using Caddy 0.9.0.

Starting out simple, I created the following Caddyfile:

www.friendsr.us {
  bind 172.16.0.27
  proxy / http://127.0.0.1:2368 {
    transparent
  }
  tls admin@friendsr.us
}

The expectation is that Caddy will bind to 172.16.0.27:80 and 172.16.0.27:443, which is the target of the following network chain:

Router → port forward WAN 80 to 172.16.0.26:80 → sslh forward to 172.16.0.27:80
Router → port forward WAN 443 to 172.16.0.26:443 → sslh forward to 172.16.0.27:443

Naturally, sslh (on the same box) is already listening on 80 and 443 (on 172.16.0.26).

No matter what I put in the “bind” directive, however, Caddy seems to insist on a box-wide binding:

[pid 30387] bind(4, {sa_family=AF_INET6, sin6_port=htons(443), inet_pton(AF_INET6, “::”, &sin6_addr), sin6_flowinfo=htonl(0), sin6_scope_id=0}, 28) = -1 EADDRINUSE (Address already in use)
[pid 30387] close(4) = 0
[pid 30387] write(2, “2016/08/15 12:36:42 [www.friends”…, 1992016/08/15 12:36:42 [www.friendsr.us] failed to get certificate: [www.friendsr.us] error presenting token: Could not start HTTPS server for challenge → listen tcp :443: bind: address already in use
) = 199

How can I get Caddy to respect this bind request?

Thanks,

Rodney

matt · August 15, 2016, 5:48pm

Thanks for the report. Bug fix will go out with Caddy 0.9.1 later this week.

matt · August 15, 2016, 6:09pm

Fixed in https://github.com/mholt/caddy/commit/454b1e3939dea3a7131181c8ffbd6885e6a6b998

rhester72 · August 15, 2016, 9:03pm

Confirmed, thank you!

I didn’t want to waste another topic on this, but is the unable-to-bind-IPv4-and-IPv6-separately issue still out there? In the slightly-less-simplistic example, what I need to achieve is this:

www.friendsr.us {
  bind 172.16.0.27
  bind 2001:470:8a59::27
  proxy / http://127.0.0.1:2368 {
    transparent
  }
  tls admin@friendsr.us
}

I can make either the IPv4 path or the IPv6 path work, but not both…it seems to accept whichever appears later in the Caddyfile.

Rodney

matt · August 15, 2016, 9:44pm

That’s right; currently, only one bind is accepted. That issue is still open. https://github.com/mholt/caddy/issues/864

And thank you for confirming!

system · November 13, 2016, 9:44pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.