Caddy Docker cannot started, server listening on [:80] is HTTP, but attempts to configure TLS connection policies

1. Caddy version (caddy version): 2 (docker latest)

2. How I run Caddy:

Use a docker-compose up -d command.

With our own certificate located at /etc/caddy/cert/cert.pem and /etc/caddy/key/key.pem as we deploy it on a disconnected (intranet) Kubernetes cluster, so we cannot use auto ssl from lets encrypt.

a. System environment:

Docker

b. Command:

docker-compose up -d

c. Service/unit/compose file:

version: "3.4"

services:
  database:
    image: postgres:13-alpine
    environment:
      POSTGRES_USER: db_user
      POSTGRES_PASSWORD: db_pass
      POSTGRES_DB: db_name
    ports:
      - "5432:5432"
    restart: unless-stopped
    networks:
      - xxx

  redis:
    image: redis:latest
    ports:
      - "6379:6379"
    restart: unless-stopped
    networks:
      - xxx
    volumes:
      - db_data:/var/lib/postgresql/data:rw

  php:
    build:
      context: .
      target: symfony_php
      args:
        SYMFONY_VERSION: ${SYMFONY_VERSION:-}
        STABILITY: ${STABILITY:-stable}
    restart: unless-stopped
    ports:
      - "9000:9000"
    healthcheck:
      interval: 10s
      timeout: 3s
      retries: 3
      start_period: 30s
    depends_on:
      - redis
      - database
    links:
      - database
      - redis
    networks:
      - xxx
    environment:
      # Run "composer require symfony/orm-pack" to install and configure Doctrine ORM
      DATABASE_URL: postgresql://${POSTGRES_USER:-db_user}:${POSTGRES_PASSWORD:-db_pass}@database:5432/${POSTGRES_DB:-db_name}?serverVersion=${POSTGRES_VERSION:-13}
      # Run "composer require symfony/mercure-bundle" to install and configure the Mercure integration
      MERCURE_PUBLISH_URL: ${MERCURE_URL:-http://caddy/.well-known/mercure}
      REDIS_URL: redis://redis:6379
      SYMFONY_VERSION:

  caddy:
    build:
      context: .
      target: symfony_caddy
    depends_on:
      - php
    environment:
      SERVER_NAME: ${SERVER_NAME:-localhost, caddy:80}
      MERCURE_PUBLISHER_JWT_KEY: ${MERCURE_PUBLISHER_JWT_KEY:-!ChangeMe!}
      MERCURE_SUBSCRIBER_JWT_KEY: ${MERCURE_SUBSCRIBER_JWT_KEY:-!ChangeMe!}
    restart: unless-stopped
    networks:
      - xxx
    volumes:
      - caddy_data:/data
      - caddy_config:/config
    ports:
      # HTTP
      - target: 80
        published: 80
        protocol: tcp
      # HTTPS
      - target: 443
        published: 443
        protocol: tcp
      # HTTP/3
      - target: 443
        published: 443
        protocol: udp

volumes:
  php_socket:
  db_data:
  caddy_data:
  caddy_config:

networks:
  xxx:
    driver: bridge

d. My complete Caddyfile or JSON config:

{
    # Debug
    {$DEBUG}
    https_port 443
    http_port 80
    # HTTP/3 support
    servers :443 {
        protocol {
            experimental_http3
        }
    }
}

{$SERVER_NAME}

log
tls /etc/caddy/cert/cert.pem /etc/caddy/key/key.pem

# Matches requests for HTML documents, for static files and for Next.js files,
# except for known API paths and paths with extensions handled by API Platform
@pwa expression `(
        {header.Accept}.matches("\\btext/html\\b")
        && !{path}.matches("(?i)(?:^/docs|^/graphql|^/bundles/|^/_profiler|^/_wdt|\\.(?:json|html$|csv$|ya?ml$|xml$))")
    )
    || {path} == "/favicon.ico"
    || {path} == "/manifest.json"
    || {path} == "/robots.txt"
    || {path}.startsWith("/_next")
    || {path}.startsWith("/sitemap")`

route {
    root * /srv/app/public
    mercure {
        # Transport to use (default to Bolt)
        transport_url {$MERCURE_TRANSPORT_URL:bolt:///data/mercure.db}
        # Publisher JWT key
        publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
        # Subscriber JWT key
        subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
        # Allow anonymous subscribers (double-check that it's what you want)
        anonymous
        # Enable the subscription API (double-check that it's what you want)
        subscriptions
        # Extra directives
        {$MERCURE_EXTRA_DIRECTIVES}
    }
    vulcain
    push

    # Add links to the API docs and to the Mercure Hub if not set explicitly (e.g. the PWA)
    header ?Link `</docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation", </.well-known/mercure>; rel="mercure"`
    # Disable Google FLOC tracking if not enabled explicitly: https://plausible.io/blog/google-floc
    header ?Permissions-Policy "interest-cohort=()"

    # Comment the following line if you don't want Next.js to catch requests for HTML documents.
    # In this case, they will be handled by the PHP app.
    # reverse_proxy @pwa http://{$PWA_UPSTREAM}

    php_fastcgi {$PHP_URL}:9000
    encode zstd gzip
    file_server
}


3. The problem I’m having:

The Caddy docker container failed to start, always on restarting mode

4. Error messages and/or full log output:

From docker-compose logs caddy:
caddy_1 | {“level”:“info”,“ts”:1623220920.7339053,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220921.6641388,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220922.4822927,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220923.4717433,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220924.8811944,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220927.0776203,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220931.0630443,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220938.3391,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220952.044764,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220978.4552333,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221030.2683733,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221091.1259382,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221151.8138654,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221212.4587266,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221273.0983336,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221333.8365161,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221394.4517975,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221455.1708891,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221515.8733654,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221576.5468569,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221637.1689231,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221697.8414037,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221758.538146,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221819.2685597,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221879.9837012,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221940.6721,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623222001.4267666,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies

5. What I already tried:

I have tried to use auto_https to disable_redirect, and adding on_demand tls, but the error still exist

6. Links to relevant resources:

Your environment variable has caddy:80, which is the HTTP port. You cannot configure tls on sites that listen on the HTTP port.