Caddy not serving files over HTTPS

Marcotrix · March 22, 2025, 7:31pm

1. The problem I’m having:

Caddy is not serving static files over https, theyre avaliable locally, curl detects them, but its not visible outside, it is not a firewall issue as the ports are open and i have tried disabling it, it does not seem like a network problem since i was hosting perfectly fine with nodejs earlier.

2. Error messages and/or full log output:

Mar 22 19:08:09 localhost caddy[1211611]: caddy.HomeDir=/var/lib/caddy
Mar 22 19:08:09 localhost caddy[1211611]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Mar 22 19:08:09 localhost caddy[1211611]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Mar 22 19:08:09 localhost caddy[1211611]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Mar 22 19:08:09 localhost caddy[1211611]: caddy.Version=2.6.2
Mar 22 19:08:09 localhost caddy[1211611]: runtime.GOOS=linux
Mar 22 19:08:09 localhost caddy[1211611]: runtime.GOARCH=amd64
Mar 22 19:08:09 localhost caddy[1211611]: runtime.Compiler=gc
Mar 22 19:08:09 localhost caddy[1211611]: runtime.NumCPU=1
Mar 22 19:08:09 localhost caddy[1211611]: runtime.GOMAXPROCS=1
Mar 22 19:08:09 localhost caddy[1211611]: runtime.Version=go1.19.8
Mar 22 19:08:09 localhost caddy[1211611]: os.Getwd=/
Mar 22 19:08:09 localhost caddy[1211611]: LANG=en_US.UTF-8
Mar 22 19:08:09 localhost caddy[1211611]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Mar 22 19:08:09 localhost caddy[1211611]: NOTIFY_SOCKET=/run/systemd/notify
Mar 22 19:08:09 localhost caddy[1211611]: HOME=/var/lib/caddy
Mar 22 19:08:09 localhost caddy[1211611]: LOGNAME=caddy
Mar 22 19:08:09 localhost caddy[1211611]: USER=caddy
Mar 22 19:08:09 localhost caddy[1211611]: INVOCATION_ID=df772ce7196a46e1a4f0bbd780a2a61f
Mar 22 19:08:09 localhost caddy[1211611]: JOURNAL_STREAM=8:16482715
Mar 22 19:08:09 localhost caddy[1211611]: SYSTEMD_EXEC_PID=1211611
Mar 22 19:08:09 localhost caddy[1211611]: XDG_CONFIG_HOME=/var/lib/caddy/.config
Mar 22 19:08:09 localhost caddy[1211611]: XDG_DATA_HOME=/var/lib/caddy/.local/share
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.3569345,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"warn","ts":1742670489.3578742,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.3666363,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.3670845,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.3671584,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.367848,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.3682754,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.3700757,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0004fbf10"}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.3701055,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.371915,"logger":"tls","msg":"finished cleaning storage units"}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.3719552,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.3719833,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.3719878,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["marcothepucci.dev"]}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.3734896,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Mar 22 19:08:09 localhost caddy[1211611]: {"level":"info","ts":1742670489.3735209,"msg":"serving initial configuration"}

3. Caddy version:

2.6.2

4. How I installed and ran Caddy:

Installed using APT, followed the Getting Started

a. System environment:

Debian GNU/Linux 12, kernel 6.1.0 x86

b. Command:

sudo systemctl start caddy.service

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectHome=false
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
Environment=XDG_CONFIG_HOME=/var/lib/caddy/.config
Environment=XDG_DATA_HOME=/var/lib/caddy/.local/share

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:

marcothepucci.dev {
    root * /var/www/marcothepucci-dev
    file_server
}

timelordx · March 22, 2025, 8:17pm

What do you mean by that? Can you share the steps or commands you used to determine this, along with their output? Also, could you post the result of:

ls -lsa /var/www/marcothepucci-dev

Marcotrix · March 23, 2025, 10:05am

Heres the output of the command as you requested

ls -lsa /var/www/marcothepucci-dev
total 36
4 drwxr-xr-x 7 caddy caddy 4096 Mar 22 18:12 .
4 drwxr-xr-x 5 root  root  4096 Mar 22 17:57 ..
4 drwxr-xr-x 2 caddy caddy 4096 Mar 22 17:57 assets
4 -rwxr-xr-x 1 caddy caddy  419 Mar 22 17:57 caddy.json
4 drwxr-xr-x 2 caddy caddy 4096 Mar 22 17:57 how
4 drwxr-xr-x 2 caddy caddy 4096 Mar 22 17:57 main
4 -rwxr-xr-x 1 caddy caddy 1346 Mar 22 17:57 output.log
4 drwxr-xr-x 2 caddy caddy 4096 Mar 22 17:57 scripts
4 drwxr-xr-x 2 caddy caddy 4096 Mar 22 17:57 stylesheets

Looking at it now i think i should fix my Caddyfile

As for the commands i used to determine accessibility, i forgot what i ran, but from what i can tell runnning curl marcothepucci.dev on my local machine returns:

curl: (7) Failed to connect to marcothepucci.dev port 443 after 18 ms: Couldn't connect to server

while running this on the server returns

root@localhost:~# curl https://localhost
curl: (35) OpenSSL/3.0.15: error:0A000438:SSL routines::tlsv1 alert internal error

Mohammed90 · March 23, 2025, 10:21am

Caddy is not configured to answer localhost, only marcothepucci.dev

Checking marcothepucci.dev, I get Connection refused. Is your firewall blocking access?

This is extremely old. Don’t use what’s provided by default by Debian/Ubuntu. The packagers aren’t in contact with us. Use our APT repo: Install — Caddy Documentation,

Marcotrix · March 23, 2025, 11:06am

Thanks for the quick response, these are my firewall settings

Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
3000/tcp                   ALLOW       Anywhere                  
Nginx Full                 ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
8000/tcp                   ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
3000/tcp (v6)              ALLOW       Anywhere (v6)             
Nginx Full (v6)            ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
8000/tcp (v6)              ALLOW       Anywhere (v6)

I doubt this could be a firewall issue as i was hosting perfectly fine on node earlier, also i followed the guide and deleted to reinstall caddy, still didn’t fix the issue, i am considering wiping my server to get rid of any issues.

Also this reply cooldown seems very annoying, does it get lower with time?

Mohammed90 · March 23, 2025, 11:14am

Enable debug mode for extra logging by adding this at the top:

{
    debug
}

Not really. We’re fighting aggressive Indian scammers, and the rate-limit slows them down. Their ISPs (Jio and Airtel) are not acknowledging our reports.

Marcotrix · March 23, 2025, 12:06pm

I enabled debug mode and it added two extra lines to the logs in systemctl status

Mar 23 11:48:17 localhost caddy[2137653]: {"level":"info","ts":1742730497.551198,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Mar 23 11:48:17 localhost caddy[2137653]: {"level":"info","ts":1742730497.5512009,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["marcothepucci.dev"]}
Mar 23 11:48:17 localhost caddy[2137653]: {"level":"info","ts":1742730497.5524836,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0000e1700"}
Mar 23 11:48:17 localhost caddy[2137653]: {"level":"info","ts":1742730497.5560942,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"3560a36f-2767-4354-a918-26d2816201d6","try_again":1742816897.5560935,"try_again_in":86399.99999976}
Mar 23 11:48:17 localhost caddy[2137653]: {"level":"info","ts":1742730497.55614,"logger":"tls","msg":"finished cleaning storage units"}
Mar 23 11:48:17 localhost caddy[2137653]: {"level":"debug","ts":1742730497.557356,"logger":"tls.cache","msg":"added certificate to cache","subjects":["marcothepucci.dev"],"expiration":1750439036,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"74c5817fcaf1ad6d8c9728a61fd535445aabf80f9a43ba24c7c9d4d3ab1ad8a3","cache_size":1,"cache_capacity":10000}
Mar 23 11:48:17 localhost caddy[2137653]: {"level":"debug","ts":1742730497.5573807,"logger":"events","msg":"event","name":"cached_managed_cert","id":"640b9236-fe94-4c40-96fa-21f4fe1bd590","origin":"tls","data":{"sans":["marcothepucci.dev"]}}
Mar 23 11:48:17 localhost caddy[2137653]: {"level":"info","ts":1742730497.5574865,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Mar 23 11:48:17 localhost caddy[2137653]: {"level":"info","ts":1742730497.5575285,"msg":"serving initial configuration"}
Mar 23 11:48:17 localhost systemd[1]: Started caddy.service - Caddy.

Mohammed90 · March 23, 2025, 12:17pm

That’s not enough. Make a request and share the logs it prints. If no logs show up, the request didn’t reach Caddy.

Marcotrix · March 23, 2025, 4:51pm

I tried making a request, nothing in logs, as you said the request is not reachind caddy, im seriously considering wiping everything.

Mar 23 16:49:13 localhost caddy[2335500]: {"level":"warn","ts":1742748553.3068743,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}
Mar 23 16:49:13 localhost caddy[2335500]: {"level":"info","ts":1742748553.3068771,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Mar 23 16:49:13 localhost caddy[2335500]: {"level":"info","ts":1742748553.306881,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["marcothepucci.dev"]}
Mar 23 16:49:13 localhost caddy[2335500]: {"level":"debug","ts":1742748553.307934,"logger":"tls.cache","msg":"added certificate to cache","subjects":["marcothepucci.dev"],"expiration":1750439036,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"74c5817fcaf1ad6d8c9728a61fd535445aabf80f9a43ba24c7c9d4d3ab1ad8a3","cache_size":1,"cache_capacity":10000}
Mar 23 16:49:13 localhost caddy[2335500]: {"level":"debug","ts":1742748553.30803,"logger":"events","msg":"event","name":"cached_managed_cert","id":"b35180d9-d7aa-40f4-9e45-228486be8803","origin":"tls","data":{"sans":["marcothepucci.dev"]}}
Mar 23 16:49:13 localhost caddy[2335500]: {"level":"info","ts":1742748553.308707,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Mar 23 16:49:13 localhost caddy[2335500]: {"level":"info","ts":1742748553.308837,"msg":"serving initial configuration"}
Mar 23 16:49:13 localhost caddy[2335500]: {"level":"info","ts":1742748553.3101819,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"3560a36f-2767-4354-a918-26d2816201d6","try_again":1742834953.3101811,"try_again_in":86399.99999968}
Mar 23 16:49:13 localhost caddy[2335500]: {"level":"info","ts":1742748553.3102648,"logger":"tls","msg":"finished cleaning storage units"}
Mar 23 16:49:13 localhost caddy[2335500]: {"level":"info","ts":1742748553.3104062,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00033f980"}```

Mohammed90 · March 23, 2025, 4:56pm

Is the DNS configuration correct?

Marcotrix · March 23, 2025, 5:54pm

As i mentioned previously, i was hosting on nodejs perfectly fine, and i have made sure to double check my DNS settings, everything is correct.

timelordx · March 23, 2025, 6:26pm

Can you run the following command on your server? Just want to see what’s listening on ports 80 and 443

sudo lsof -i :80 -i :443 -sTCP:LISTEN

Marcotrix · March 23, 2025, 7:11pm

Its just caddy

root@localhost:~# sudo lsof -i :80 -i :443 -sTCP:LISTEN
COMMAND     PID  USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
caddy   3850069 caddy    6u  IPv6 365727880      0t0  TCP *:https (LISTEN)
caddy   3850069 caddy    8u  IPv6 365727882      0t0  TCP *:http (LISTEN)

timelordx · March 23, 2025, 7:20pm

If your server directly exposed to the Internet or is there a router or something else forwarding the ports 80 and 443 to your Caddy?

Marcotrix · March 24, 2025, 6:41am

found the issue, i had forgotten to delete the rule that forwards 443 traffic to port 3000, thanks for the help!

system · April 23, 2025, 6:42am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.