1. Caddy version:
image: caddy:2
CADDY_VERSION v2.6.2
2. How I installed, and run Caddy:
Docker Compose, through docker-compose.yml
a. System environment:
Docker Windows
b. Command:
##THIS IS THE DOCKER-COMPOSE.YML FILE ##
version: '3'
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
SMTP_HOST: 'my_host'
SMTP_FROM: 'my_email'
SMTP_USERNAME: 'my_email'
SMTP_PASSWORD : 'my_pw'
SMTP_PORT: 465
SMTP_SECURITY: force_tls
WEBSOCKET_ENABLED: "true" # Enable WebSocket notifications.
DOMAIN: 'https://my_domain.com:2387'
ADMIN_TOKEN: 'my_token'
volumes:
- ./vw-data:/data
caddy:
image: caddy:2
container_name: caddy
restart: always
ports:
- 2387:80 # Needed for the ACME HTTP-01 challenge.
- 2132:443
- 2019:3012
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy-config:/config
- ./caddy-data:/data
environment:
DOMAIN: "https://my_domain.com" # Your domain.
EMAIL: "my_email" # The email address to use for ACME registration.
LOG_FILE: "/data/access.log"
c. Service/unit/compose file:
Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.
d. My complete Caddy config:
{$DOMAIN}:443 {
log {
level INFO
output file {$LOG_FILE} {
roll_size 10MB
roll_keep 10
}
}
# Use the ACME HTTP-01 challenge to get a cert for the configured domain.
tls {$EMAIL}
# This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues.
encode gzip
# Notifications redirected to the WebSocket server
reverse_proxy /notifications/hub vaultwarden:3012
# Proxy everything else to Rocket
reverse_proxy vaultwarden:80 {
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host}
}
}
3. The problem I’m having:
I am trying to run vaultwarden with caddy in Docker Windows on non-standard ports.
So the intent is access it via a domain and port (example https://my_domain.com:2387) however I get the SSL errors with no success.
I temporarily forward ports 80/443 over to caddy to build the cert - which succeeds, and if I go to https://my_domain.com everything works great, however when I remove that forwarding and use :2387 to get in I start getting SSL errors. I tried this style with the bitwarden docker setup and had no issues, but with vaultwarden/caddy it is not working.
4. Error messages and/or full log output:
Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.
Error is not caddy side specifically (don’t even see it logged):
Secure Connection Failed
An error occurred during a connection to my_domain.com:2387. SSL received a record that exceeded the maximum permissible length.
Error code: SSL_ERROR_RX_RECORD_TOO_LONG
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
5. What I already tried:
Tried all variations of port changes in the config docs without success.