1. Caddy version (caddy version
):
v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=
2. How I run Caddy:
a. System environment:
Ubuntu Server 20.04.1
b. Command:
paste command here
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=systemd-networkd-wait-online.service
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
Environment="GANDI_API_TOKEN=xxx"
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
*.baxter.works {
tls email.address@no.spam {
dns gandi {env.GANDI_API_TOKEN}
}
bind 127.0.0.2 #prevent caddy from taking port 443 everywhere and then the next section fails
}
home.baxter.works {
bind home.baxter.works
reverse_proxy /* localhost:8123 {
}
}
files.baxter.works {
respond / "Hello!"
}
3. The problem I’m having:
I can get one site to bind to a specific address just fine, but if I have any other sites without binds then everything fails
i.e. home.baxter.works bound to its own IP, if I then try to add files.baxter.works without specifying another IP (and adding yet another v6 address to the server) then Caddy fails, instead of binding on other available addresses (and maybe warning me)
4. Error messages and/or full log output:
Nov 04 17:21:20 boxodisks caddy[92409]: caddy.HomeDir=/var/lib/caddy
Nov 04 17:21:20 boxodisks caddy[92409]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Nov 04 17:21:20 boxodisks caddy[92409]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Nov 04 17:21:20 boxodisks caddy[92409]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Nov 04 17:21:20 boxodisks caddy[92409]: runtime.GOOS=linux
Nov 04 17:21:20 boxodisks caddy[92409]: runtime.GOARCH=amd64
Nov 04 17:21:20 boxodisks caddy[92409]: runtime.Compiler=gc
Nov 04 17:21:20 boxodisks caddy[92409]: runtime.NumCPU=8
Nov 04 17:21:20 boxodisks caddy[92409]: runtime.GOMAXPROCS=8
Nov 04 17:21:20 boxodisks caddy[92409]: runtime.Version=go1.14
Nov 04 17:21:20 boxodisks caddy[92409]: os.Getwd=/
Nov 04 17:21:20 boxodisks caddy[92409]: LANG=en_AU.UTF-8
Nov 04 17:21:20 boxodisks caddy[92409]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Nov 04 17:21:20 boxodisks caddy[92409]: HOME=/var/lib/caddy
Nov 04 17:21:20 boxodisks caddy[92409]: LOGNAME=caddy
Nov 04 17:21:20 boxodisks caddy[92409]: USER=caddy
Nov 04 17:21:20 boxodisks caddy[92409]: SHELL=/bin/sh
Nov 04 17:21:20 boxodisks caddy[92409]: INVOCATION_ID=97419f90b2644fff8cd1fc28886fffe0
Nov 04 17:21:20 boxodisks caddy[92409]: JOURNAL_STREAM=9:4781497
Nov 04 17:21:20 boxodisks caddy[92409]: {"level":"info","ts":1604470880.4427464,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Nov 04 17:21:20 boxodisks caddy[92409]: {"level":"info","ts":1604470880.4476025,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
Nov 04 17:21:20 boxodisks caddy[92409]: 2020/11/04 17:21:20 [INFO][cache:0xc00013ae40] Started certificate maintenance routine
Nov 04 17:21:20 boxodisks caddy[92409]: {"level":"info","ts":1604470880.4484506,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Nov 04 17:21:20 boxodisks caddy[92409]: {"level":"info","ts":1604470880.4485078,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 04 17:21:20 boxodisks caddy[92409]: {"level":"info","ts":1604470880.448563,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv1","https_port":443}
Nov 04 17:21:20 boxodisks caddy[92409]: {"level":"info","ts":1604470880.4485908,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv1"}
Nov 04 17:21:20 boxodisks caddy[92409]: {"level":"info","ts":1604470880.4506757,"logger":"tls","msg":"cleaned up storage units"}
Nov 04 17:21:21 boxodisks caddy[92409]: run: loading initial config: loading new config: http app module: start: tcp: listening on home.baxter.works:443: listen tcp [2403:5800:7300:a600::4663]:443: bind: address already in use
Nov 04 17:21:21 boxodisks systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Nov 04 17:21:21 boxodisks systemd[1]: caddy.service: Failed with result 'exit-code'.
5. What I already tried:
-
When moving to a wildcard cert I needed to put that localhost bind in there or even my single site would fail with that ‘address already in use’ message.
-
I can use multiple IPs but I’d rather split out Home Assistant on to its own IP, then be able to have Caddy listening on one other IP for all the rest of the sites.