Caddy and Vaultwarden -> Docker Windows

1. Caddy version:

image: caddy:2

CADDY_VERSION v2.6.2

2. How I installed, and run Caddy:

Docker Compose, through docker-compose.yml

a. System environment:

Docker Windows

b. Command:

##THIS IS THE DOCKER-COMPOSE.YML FILE ##

version: '3'

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    environment:
      SMTP_HOST: 'my_host'
      SMTP_FROM: 'my_email'
      SMTP_USERNAME: 'my_email'
      SMTP_PASSWORD : 'my_pw'
      SMTP_PORT: 465
      SMTP_SECURITY: force_tls
      WEBSOCKET_ENABLED: "true"  # Enable WebSocket notifications.
      DOMAIN: 'https://my_domain.com:2387' 
      ADMIN_TOKEN: 'my_token'
    volumes:
      - ./vw-data:/data
  
      
  caddy:
    image: caddy:2
    container_name: caddy
    restart: always
    ports:
      - 2387:80  # Needed for the ACME HTTP-01 challenge.
      - 2132:443
      - 2019:3012
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./caddy-config:/config
      - ./caddy-data:/data
    environment:
      DOMAIN: "https://my_domain.com"  # Your domain.
      EMAIL: "my_email"                 # The email address to use for ACME registration.
      LOG_FILE: "/data/access.log"

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddy config:

{$DOMAIN}:443 {
  log {
    level INFO
    output file {$LOG_FILE} {
      roll_size 10MB
      roll_keep 10
    }
  }

  # Use the ACME HTTP-01 challenge to get a cert for the configured domain.
  tls {$EMAIL}

  # This setting may have compatibility issues with some browsers
  # (e.g., attachment downloading on Firefox). Try disabling this
  # if you encounter issues.
  encode gzip

  # Notifications redirected to the WebSocket server
  reverse_proxy /notifications/hub vaultwarden:3012

  # Proxy everything else to Rocket
  reverse_proxy vaultwarden:80 {
       # Send the true remote IP to Rocket, so that vaultwarden can put this in the
       # log, so that fail2ban can ban the correct IP.
       header_up X-Real-IP {remote_host}
  }
}

3. The problem I’m having:

I am trying to run vaultwarden with caddy in Docker Windows on non-standard ports.
So the intent is access it via a domain and port (example https://my_domain.com:2387) however I get the SSL errors with no success.
I temporarily forward ports 80/443 over to caddy to build the cert - which succeeds, and if I go to https://my_domain.com everything works great, however when I remove that forwarding and use :2387 to get in I start getting SSL errors. I tried this style with the bitwarden docker setup and had no issues, but with vaultwarden/caddy it is not working.

4. Error messages and/or full log output:

Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.

Error is not caddy side specifically (don’t even see it logged):
Secure Connection Failed

An error occurred during a connection to my_domain.com:2387. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

5. What I already tried:

Tried all variations of port changes in the config docs without success.

6. Links to relevant resources:

I gave up with this attempt and used vaultwarden by itself with alternatively generated SSL, no issues.