1. Caddy version (caddy version): 2 (docker latest)
2. How I run Caddy:
Use a docker-compose up -d command.
With our own certificate located at /etc/caddy/cert/cert.pem and /etc/caddy/key/key.pem as we deploy it on a disconnected (intranet) Kubernetes cluster, so we cannot use auto ssl from lets encrypt.
a. System environment:
Docker
b. Command:
docker-compose up -d
c. Service/unit/compose file:
version: "3.4"
services:
database:
image: postgres:13-alpine
environment:
POSTGRES_USER: db_user
POSTGRES_PASSWORD: db_pass
POSTGRES_DB: db_name
ports:
- "5432:5432"
restart: unless-stopped
networks:
- xxx
redis:
image: redis:latest
ports:
- "6379:6379"
restart: unless-stopped
networks:
- xxx
volumes:
- db_data:/var/lib/postgresql/data:rw
php:
build:
context: .
target: symfony_php
args:
SYMFONY_VERSION: ${SYMFONY_VERSION:-}
STABILITY: ${STABILITY:-stable}
restart: unless-stopped
ports:
- "9000:9000"
healthcheck:
interval: 10s
timeout: 3s
retries: 3
start_period: 30s
depends_on:
- redis
- database
links:
- database
- redis
networks:
- xxx
environment:
# Run "composer require symfony/orm-pack" to install and configure Doctrine ORM
DATABASE_URL: postgresql://${POSTGRES_USER:-db_user}:${POSTGRES_PASSWORD:-db_pass}@database:5432/${POSTGRES_DB:-db_name}?serverVersion=${POSTGRES_VERSION:-13}
# Run "composer require symfony/mercure-bundle" to install and configure the Mercure integration
MERCURE_PUBLISH_URL: ${MERCURE_URL:-http://caddy/.well-known/mercure}
REDIS_URL: redis://redis:6379
SYMFONY_VERSION:
caddy:
build:
context: .
target: symfony_caddy
depends_on:
- php
environment:
SERVER_NAME: ${SERVER_NAME:-localhost, caddy:80}
MERCURE_PUBLISHER_JWT_KEY: ${MERCURE_PUBLISHER_JWT_KEY:-!ChangeMe!}
MERCURE_SUBSCRIBER_JWT_KEY: ${MERCURE_SUBSCRIBER_JWT_KEY:-!ChangeMe!}
restart: unless-stopped
networks:
- xxx
volumes:
- caddy_data:/data
- caddy_config:/config
ports:
# HTTP
- target: 80
published: 80
protocol: tcp
# HTTPS
- target: 443
published: 443
protocol: tcp
# HTTP/3
- target: 443
published: 443
protocol: udp
volumes:
php_socket:
db_data:
caddy_data:
caddy_config:
networks:
xxx:
driver: bridge
d. My complete Caddyfile or JSON config:
{
# Debug
{$DEBUG}
https_port 443
http_port 80
# HTTP/3 support
servers :443 {
protocol {
experimental_http3
}
}
}
{$SERVER_NAME}
log
tls /etc/caddy/cert/cert.pem /etc/caddy/key/key.pem
# Matches requests for HTML documents, for static files and for Next.js files,
# except for known API paths and paths with extensions handled by API Platform
@pwa expression `(
{header.Accept}.matches("\\btext/html\\b")
&& !{path}.matches("(?i)(?:^/docs|^/graphql|^/bundles/|^/_profiler|^/_wdt|\\.(?:json|html$|csv$|ya?ml$|xml$))")
)
|| {path} == "/favicon.ico"
|| {path} == "/manifest.json"
|| {path} == "/robots.txt"
|| {path}.startsWith("/_next")
|| {path}.startsWith("/sitemap")`
route {
root * /srv/app/public
mercure {
# Transport to use (default to Bolt)
transport_url {$MERCURE_TRANSPORT_URL:bolt:///data/mercure.db}
# Publisher JWT key
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
# Subscriber JWT key
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
# Allow anonymous subscribers (double-check that it's what you want)
anonymous
# Enable the subscription API (double-check that it's what you want)
subscriptions
# Extra directives
{$MERCURE_EXTRA_DIRECTIVES}
}
vulcain
push
# Add links to the API docs and to the Mercure Hub if not set explicitly (e.g. the PWA)
header ?Link `</docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation", </.well-known/mercure>; rel="mercure"`
# Disable Google FLOC tracking if not enabled explicitly: https://plausible.io/blog/google-floc
header ?Permissions-Policy "interest-cohort=()"
# Comment the following line if you don't want Next.js to catch requests for HTML documents.
# In this case, they will be handled by the PHP app.
# reverse_proxy @pwa http://{$PWA_UPSTREAM}
php_fastcgi {$PHP_URL}:9000
encode zstd gzip
file_server
}
3. The problem I’m having:
The Caddy docker container failed to start, always on restarting mode
4. Error messages and/or full log output:
From docker-compose logs caddy:
caddy_1 | {“level”:“info”,“ts”:1623220920.7339053,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220921.6641388,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220922.4822927,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220923.4717433,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220924.8811944,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220927.0776203,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220931.0630443,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220938.3391,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220952.044764,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623220978.4552333,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221030.2683733,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221091.1259382,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221151.8138654,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221212.4587266,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221273.0983336,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221333.8365161,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221394.4517975,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221455.1708891,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221515.8733654,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221576.5468569,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221637.1689231,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221697.8414037,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221758.538146,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221819.2685597,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221879.9837012,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623221940.6721,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
caddy_1 | {“level”:“info”,“ts”:1623222001.4267666,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
caddy_1 | run: adapting config using caddyfile: server listening on [:80] is HTTP, but attempts to configure TLS connection policies
5. What I already tried:
I have tried to use auto_https to disable_redirect, and adding on_demand tls, but the error still exist