1. The problem I’m having:
I am building a multi-tenant app with subdomains that people can point their CNAMEs to and have a white-label solution.
Everything worked fine until yesterday. Out of nowhere, the main domain and all subdomains become unreachable via browser. Upon inspecting the logs, it looks like Caddy is not able to get confirmation from the ask_endpoint
.
It looks to me that caddy is unable to reach out to endpoint on my domain jatra.club/caddy/ask
to figure out if it should allow jatra.club
should be allowed; and therefore timing out.
How should I fix this issue? Would really appreciate your support.
Update: I’d also like it if an expert can review my Caddyfille and suggest improvements; while keeping the functionality. It’d be a good learning exercise for me.
2. Error messages and/or full log output:
{"level":"error","ts":1705062677.5662203,"logger":"tls","msg":"request to 'ask' endpoint failed","ask_endpoint":"https://jatra.club/caddy/ask","domain":"jatra.club","error":"error checking https://jatra.club/caddy/ask to determine if certificate for hostname 'jatra.club' should be allowed: Get \"https://jatra.club/caddy/ask?domain=jatra.club\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1705062686.3597019,"logger":"tls","msg":"request to 'ask' endpoint failed","ask_endpoint":"https://jatra.club/caddy/ask","domain":"community.jatra.club","error":"error checking https://jatra.club/caddy/ask to determine if certificate for hostname 'community.jatra.club' should be allowed: Get \"https://jatra.club/caddy/ask?domain=community.jatra.club\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1705062687.5675354,"logger":"tls","msg":"request to 'ask' endpoint failed","ask_endpoint":"https://jatra.club/caddy/ask","domain":"jatra.club","error":"error checking https://jatra.club/caddy/ask to determine if certificate for hostname 'jatra.club' should be allowed: Get \"https://jatra.club/caddy/ask?domain=jatra.club\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
3. Caddy version:
v2.7.5
4. How I installed and ran Caddy:
Simply followed the instructions here: Install — Caddy Documentation
a. System environment:
Ubuntu
b. Command:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
c. Service/unit/compose file:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
d. My complete Caddy config:
{
on_demand_tls {
ask https://jatra.club/caddy/ask
interval 2m
burst 5
}
# Global logging settings
log {
output file /var/log/caddy/jatra.club.log {
roll_size 100mb # Max size of a log file before it's rolled
roll_keep 5 # Number of rolled files to keep
roll_keep_for 720h # Duration to keep rolled files
}
}
}
# Main domain and all subdomains
https://jatra.club, https://*.jatra.club {
tls {
on_demand
}
root * /home/forge/jatra.club/public
encode gzip
file_server
php_fastcgi unix//run/php/php8.2-fpm.sock
header {
# Ensure the header specifying the original host is passed to PHP
X-Original-Host {host}
}
}
# Catch-all for any other domain (for your customer's custom domains)
https:// {
tls {
on_demand
}
root * /home/forge/jatra.club/public
encode gzip
file_server
php_fastcgi unix//run/php/php8.2-fpm.sock
header {
# Ensure the header specifying the original host is passed to PHP
X-Original-Host {host}
}
}