1. Output of caddy version
:
Caddy:2
2. How I run Caddy:
from docker-compose.yml
a. System environment:
WSL2 with Ubuntu 20.4
b. Command:
Paste command here.
c. Service/unit/compose file:
version: '3'
services:
vaultwarden:
image: vaultwarden/server:latest
container_name: vaultwarden
restart: always
environment:
WEBSOCKET_ENABLED: "true" # Enable WebSocket notifications.
SIGNUPS_ALLOWED: "false"
INVITATIONS_ALLOWED: "false"
SHOW_PASSWORD_HINT: "false"
WEB_VAULT_ENABLED: "false"
# mail service settings
SMTP_HOST: "smtp.gmail.com"
SMTP_FROM: "myemail@gmail.com"
SMTP_PORT: "587"
SMTP_SECURITY: "starttls"
SMTP_USERNAME: "myeamil@gmail.com"
SMTP_PASSWORD: "123456"
# SMTP_DEBUG: "true"
# ADMIN_TOKEN: "123456"
volumes:
- ./vw-data:/data
caddy:
image: caddy:2
container_name: caddy
restart: always
- 80:80 # Needed for the ACME HTTP-01 challenge.
- 443:443
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy-config:/config
- ./caddy-data:/data
environment:
EMAIL: "myemail@yahoo.com" # The email address to use for ACME registration.
LOG_FILE: "/data/access.log"
d. My complete Caddy config:
{$DOMAIN}:443 {
log {
level INFO
output file {$LOG_FILE} {
roll_size 10MB
roll_keep 10
}
}
# Use the ACME HTTP-01 challenge to get a cert for the configured domain.
tls zung102@yahoo.com
# This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues.
encode gzip
# The file size is set to 500MB to support the Vaultwarden (Bitwarden) Send feature.
request_body {
max_size 500MB
}
header {
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Disallow the site to be rendered within a frame (clickjacking protection)
X-Frame-Options "DENY"
# Prevent search engines from indexing (optional)
X-Robots-Tag "none"
# Server name removing
-Server
}
# Notifications redirected to the WebSocket server
# The negotiation endpoint is also proxied to Rocket
reverse_proxy /notifications/hub/negotiate vaultwarden:80
# Notifications redirected to the websockets server
reverse_proxy /notifications/hub vaultwarden:3012
# Proxy everything else to Rocket
reverse_proxy vaultwarden:80 {
# Send the true remote IP to Rocket, so that vaultwarden can put this in the
# log, so that fail2ban can ban the correct IP.
header_up X-Real-IP {remote_host}
}
}
3. The problem I’m having:
curl -v 172.20.0.2 yielded this result:
zung@Dzungabc:~/vaultwarden$ curl -v --insecure https://172.20.0.3
* Trying 172.20.0.3:443...
* TCP_NODELAY set
^C
i.e. I guessed it could not connect to the Caddy network. The same was true for Vaultwarden docker network interface: 172.20.0.2
4. Error messages and/or full log output:
2023-01-18 12:21:14 {"level":"info","ts":1674062474.2557902,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"vfor26.duckdns.org","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
2023-01-18 12:21:45 {"level":"error","ts":1674062505.8908184,"logger":"http.acme_client","msg":"challenge failed","identifier":"vfor26.duckdns.org","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"72.140.211.179: Fetching http://vfor26.duckdns.org/.well-known/acme-challenge/KzddrLgACaMCcRI1XYuqG-96IenJeAMD8EKzvmiu9bk: Connection reset by peer","instance":"","subproblems":[]}}
2023-01-18 12:21:45 {"level":"error","ts":1674062505.8909328,"logger":"http.acme_client","msg":"validating authorization","identifier":"vfor26.duckdns.org","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"72.140.211.179: Fetching http://vfor26.duckdns.org/.well-known/acme-challenge/KzddrLgACaMCcRI1XYuqG-96IenJeAMD8EKzvmiu9bk: Connection reset by peer","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/83660683/6618821093","attempt":2,"max_attempts":3}
2023-01-18 12:21:45 {"level":"error","ts":1674062505.8910525,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vfor26.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 72.140.211.179: Fetching http://vfor26.duckdns.org/.well-known/acme-challenge/KzddrLgACaMCcRI1XYuqG-96IenJeAMD8EKzvmiu9bk: Connection reset by peer"}
for Vaultwarden log ...
2023-01-18 11:28:43 [INFO] No .env file found.
2023-01-18 11:28:43
2023-01-18 11:28:44 [2023-01-18 16:28:44.037][vaultwarden::api::notifications][INFO] Starting WebSockets server on 0.0.0.0:3012
2023-01-18 11:28:44 [2023-01-18 16:28:44.047][start][INFO] Rocket has launched from http://0.0.0.0:80
5. What I already tried:
I actually have gotten Vaultwarden and Caddy dockers ran successfully after guidance from this post Cannot start Caddy via Docker - #61 by zung102
I made some minor changes then backed out the changes then I ran into this problem. I have tried to remove vaultwarden image and to pull it again, but the same result remained.
Port forwarding is below …
Address Port Address Port
--------------- ---------- --------------- ----------
192.168.0.146 80 172.20.0.3 80
192.168.0.146 443 172.20.0.3 443
Thanks for any help toward this issue.