Caddy layer 4 with MongoDB, tls error in MongoDB

Herman · November 8, 2024, 9:23am

1. The problem I’m having:

I have a docker container with Caddy and a docker container with MongoDB
a domain mongodb.notepad.be points to my caddyserver public ip
the certificate is ok, but when i connect with MongoDB Compass and set tls=true
I get an error

2. Error messages and/or full log output:

Client network socket disconnected before secure TLS connection was established

3. Caddy version:

Caddy 2.8.4-Alpine

4. How I installed and ran Caddy:

caddy image from hub.docker.com

a. System environment:

Host Debian GNU/Linux 12 (bookworm)
Docker version 27.0.2, build 912c1dd

b. Command:

docker run -d -p 80:80 -p 443:443 -p 27017:27017 -p 443:443/udp \
--network mongodbnet \
--restart unless-stopped \
--name caddy284 \
-v caddyconfig:/config \
-v caddydata:/data \
caddy:2.8.4-alpine \
caddy run --config /config/caddy/macmini1-caddy.json

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

{
  "apps": {
    "layer4": {
      "servers": {
        "localhost": {
          "listen": [":27017"],
          "routes": [
            {
              "match": [
                {
                  "tls": { "sni": ["mongodb.notepad.be"] }
                }
              ]
            },
            {
              "handle": [
                {
                  "handler": "proxy",
                  "upstreams": [
                    {
                      "dial": ["192.168.1.203:27017"]
                    }
                  ]
                }
              ]
            }
          ]
        }
      }
    },
    "http": {
      "servers": {
        "localhost": {
          "listen": [":443"],
          "routes": [
            {
              "handle": [
                {
                  "handler": "reverse_proxy",
                  "transport": {
                    "protocol": "http"
                  },
                  "upstreams": [
                    {
                      "dial": "hub:7000"
                    }
                  ]
                }
              ],
              "match": [
                {
                  "host": ["hub.notepad.be"]
                }
              ]
            },
            {
              "handle": [
                {
                  "handler": "reverse_proxy",
                  "transport": {
                    "protocol": "http"
                  },
                  "upstreams": [
                    {
                      "dial": "apipdf:5300"
                    }
                  ]
                }
              ],
              "match": [
                {
                  "host": ["apipdf.notepad.be"]
                }
              ]
            },
            {
              "handle": [
                {
                  "handler": "reverse_proxy",
                  "transport": {
                    "protocol": "http"
                  },
                  "upstreams": [
                    {
                      "dial": "backoffice:5100"
                    }
                  ]
                }
              ],
              "match": [
                {
                  "host": ["my.notepad.be"]
                }
              ]
            }
          ]
        }
      }
    },
    "tls": {
      "automation": {
        "policies": [
          {
            "issuers": [
              {
                "email": "herman@vanlooveren.com",
                "module": "acme"
              }
            ]
          }
        ]
      },
      "certificates": {
        "automate": ["mongodb.notepad.be", "hub.notepad.be", "apipdf.notepad.be", "my.notepad.be"]
      }
    }
  }
}

5. Links to relevant resources:

system · December 8, 2024, 9:24am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.