1. Output of caddy version
:
v2.6.1
2. How I run Caddy:
sudo caddy run --config /etc/caddy/caddyfile
caddy is not running in a docker, neko is
a. System environment:
Im running the latest version of ubuntu server 22.02 and the latest version of docker,
Im trying to run “neko” which is a browser streaming app
docker version is 20.10.18
docker-compose version 1.29.2
b. Command:
sudo caddy run --config /etc/caddy/Caddyfile
c. Service/unit/compose file:
version: "3.4"
services:
neko:
image: "m1k1o/neko:arm-firefox"
restart: "unless-stopped"
shm_size: "2gb"
ports:
- "8080:8080"
- "52000-52100:52000-52100/udp"
environment:
NEKO_SCREEN: 1920x1080@30
NEKO_PASSWORD: neko
NEKO_PASSWORD_ADMIN: admin
NEKO_EPR: 52000-52100
NEKO_ICELITE: 1
d. My complete Caddy config:
130.162.254.206:80 {
route {
redir https://nyuware.pw
}
}
130.162.254.206:443 {
route {
redir https://nyuware.pw
}
}
https://rabbit.nyuware.pw {
tls nyuware@protonmail.com
reverse_proxy localhost:8080 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
}
}
3. The problem I’m having:
Im just trying to expose the website to the internet but the SSL challenge keeps failing and I have no idea why
4. Error messages and/or full log output:
2022/10/12 11:26:26.211 INFO using provided configuration {"config_file": "/etc/caddy/Caddyfile", "config_adapter": ""}
2022/10/12 11:26:26.216 WARN caddyfile Unnecessary header_up X-Forwarded-For: the reverse proxy's default behavior is to pass headers to the upstream
2022/10/12 11:26:26.216 WARN caddyfile Unnecessary header_up X-Forwarded-Proto: the reverse proxy's default behavior is to pass headers to the upstream
2022/10/12 11:26:26.218 WARN Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies {"adapter": "caddyfile", "file": "/etc/caddy/Caddyfile", "line": 7}
2022/10/12 11:26:26.223 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//127.0.0.1:2019", "//localhost:2019", "//[::1]:2019"]}
2022/10/12 11:26:26.224 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0x40004991f0"}
2022/10/12 11:26:26.225 WARN http server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srv1", "http_port": 80}
2022/10/12 11:26:26.225 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2022/10/12 11:26:26.225 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2022/10/12 11:26:26.231 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2022/10/12 11:26:26.233 INFO tls finished cleaning storage units
2022/10/12 11:26:26.245 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"}
2022/10/12 11:26:26.246 INFO http.log server running {"name": "srv1", "protocols": ["h1", "h2", "h3"]}
2022/10/12 11:26:26.246 INFO http enabling HTTP/3 listener {"addr": ":443"}
2022/10/12 11:26:26.247 INFO failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2022/10/12 11:26:26.248 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2022/10/12 11:26:26.248 INFO http enabling automatic TLS certificate management {"domains": ["rabbit.nyuware.pw", "130.162.254.206"]}
2022/10/12 11:26:26.249 WARN tls stapling OCSP {"error": "no OCSP stapling for [130.162.254.206]: no OCSP server specified in certificate", "identifiers": ["130.162.254.206"]}
2022/10/12 11:26:26.250 INFO tls.obtain acquiring lock {"identifier": "rabbit.nyuware.pw"}
2022/10/12 11:26:26.251 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2022/10/12 11:26:26.251 INFO serving initial configuration
2022/10/12 11:26:26.253 INFO tls.obtain lock acquired {"identifier": "rabbit.nyuware.pw"}
2022/10/12 11:26:26.254 INFO tls.obtain obtaining certificate {"identifier": "rabbit.nyuware.pw"}
2022/10/12 11:26:26.256 INFO http waiting on internal rate limiter {"identifiers": ["rabbit.nyuware.pw"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "nyuware@protonmail.com"}
2022/10/12 11:26:26.256 INFO http done waiting on internal rate limiter {"identifiers": ["rabbit.nyuware.pw"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "nyuware@protonmail.com"}
2022/10/12 11:26:27.347 INFO http.acme_client trying to solve challenge {"identifier": "rabbit.nyuware.pw", "challenge_type": "tls-alpn-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2022/10/12 11:26:31.115 ERROR http.acme_client challenge failed {"identifier": "rabbit.nyuware.pw", "challenge_type": "tls-alpn-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "130.162.254.206: Error getting validation data", "instance": "", "subproblems": []}}
2022/10/12 11:26:31.115 ERROR http.acme_client validating authorization {"identifier": "rabbit.nyuware.pw", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "130.162.254.206: Error getting validation data", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/772311766/133867716566", "attempt": 1, "max_attempts": 3}
2022/10/12 11:26:32.631 INFO http.acme_client trying to solve challenge {"identifier": "rabbit.nyuware.pw", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2022/10/12 11:26:33.194 ERROR http.acme_client challenge failed {"identifier": "rabbit.nyuware.pw", "challenge_type": "http-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "130.162.254.206: Fetching http://rabbit.nyuware.pw/.well-known/acme-challenge/8MGs5HJHr5GwWMV7X7a9v6tiFXH0renIKwbeOZZIbbI: Error getting validation data", "instance": "", "subproblems": []}}
2022/10/12 11:26:33.194 ERROR http.acme_client validating authorization {"identifier": "rabbit.nyuware.pw", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "130.162.254.206: Fetching http://rabbit.nyuware.pw/.well-known/acme-challenge/8MGs5HJHr5GwWMV7X7a9v6tiFXH0renIKwbeOZZIbbI: Error getting validation data", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/772311766/133867731996", "attempt": 2, "max_attempts": 3}
2022/10/12 11:26:33.194 ERROR tls.obtain could not get certificate from issuer {"identifier": "rabbit.nyuware.pw", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 400 urn:ietf:params:acme:error:connection - 130.162.254.206: Fetching http://rabbit.nyuware.pw/.well-known/acme-challenge/8MGs5HJHr5GwWMV7X7a9v6tiFXH0renIKwbeOZZIbbI: Error getting validation data"}
2022/10/12 11:26:33.195 INFO http waiting on internal rate limiter {"identifiers": ["rabbit.nyuware.pw"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "nyuware@protonmail.com"}
2022/10/12 11:26:33.195 INFO http done waiting on internal rate limiter {"identifiers": ["rabbit.nyuware.pw"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "nyuware@protonmail.com"}
as you can see, I just simply start caddy with the provided config and the challenge simply fails and I cannot find why
2022/10/12 11:26:27.347 INFO http.acme_client trying to solve challenge {"identifier": "rabbit.nyuware.pw", "challenge_type": "tls-alpn-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2022/10/12 11:26:31.115 ERROR http.acme_client challenge failed {"identifier": "rabbit.nyuware.pw", "challenge_type": "tls-alpn-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "130.162.254.206: Error getting validation data", "instance": "", "subproblems": []}}
2022/10/12 11:26:31.115 ERROR http.acme_client validating authorization {"identifier": "rabbit.nyuware.pw", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "130.162.254.206: Error getting validation data", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/772311766/133867716566", "attempt": 1, "max_attempts": 3}
2022/10/12 11:26:32.631 INFO http.acme_client trying to solve challenge {"identifier": "rabbit.nyuware.pw", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2022/10/12 11:26:33.194 ERROR http.acme_client challenge failed {"identifier": "rabbit.nyuware.pw", "challenge_type": "http-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "130.162.254.206: Fetching http://rabbit.nyuware.pw/.well-known/acme-challenge/8MGs5HJHr5GwWMV7X7a9v6tiFXH0renIKwbeOZZIbbI: Error getting validation data", "instance": "", "subproblems": []}}
2022/10/12 11:26:33.194 ERROR http.acme_client validating authorization {"identifier": "rabbit.nyuware.pw", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "130.162.254.206: Fetching http://rabbit.nyuware.pw/.well-known/acme-challenge/8MGs5HJHr5GwWMV7X7a9v6tiFXH0renIKwbeOZZIbbI: Error getting validation data", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/772311766/133867731996", "attempt": 2, "max_attempts": 3}
2022/10/12 11:26:33.194 ERROR tls.obtain could not get certificate from issuer {"identifier": "rabbit.nyuware.pw", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 400 urn:ietf:params:acme:error:connection - 130.162.254.206: Fetching http://rabbit.nyuware.pw/.well-known/acme-challenge/8MGs5HJHr5GwWMV7X7a9v6tiFXH0renIKwbeOZZIbbI: Error getting validation data"}
This is where I believe it’s failing but I tried looking everywhere and I don’t find anything related to this error
5. What I already tried:
I guess it’s something outside of caddy because I also tried exposing the website through the IP adress, but it also fails, it just times out, the port 8080 is open on the firewall
any help would be appreciated