Caddy not working on docker

Help
1

1. Caddy version:

docker-compose exec caddy caddy version
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I installed, and run Caddy:

It is running on a docker container

a. System environment:

Host system: macOS Ventura 13.2
Chip: Apple M1 Pro
Docker version 20.10.21

b. Command:

N/A

c. Service/unit/compose file:

services:
    partners-api.test:
        build:
            context: ./vendor/laravel/sail/runtimes/8.1
            dockerfile: Dockerfile
            args:
                WWWGROUP: '${WWWGROUP}'
        image: sail-8.1/app
        extra_hosts:
            - 'host.docker.internal:host-gateway'
        ports:
            - '${VITE_PORT:-5173}:${VITE_PORT:-5173}'
        expose:
            - '${APP_PORT:-80}:80'
        environment:
            WWWUSER: '${WWWUSER}'
            LARAVEL_SAIL: 1
            XDEBUG_MODE: '${SAIL_XDEBUG_MODE:-off}'
            XDEBUG_CONFIG: '${SAIL_XDEBUG_CONFIG:-client_host=host.docker.internal}'
        volumes:
            - '.:/var/www/html'
        networks:
            - sail
    caddy:
        image: caddy:latest
        restart: unless-stopped
        ports:
            - '2443:443'
        volumes:
            - './docker/Caddyfile:/etc/caddy/Caddyfile'
            - sail-caddy:/data
            - sail-caddy:/config
        depends_on:
            - partners-api.test
        networks:
            - sail

networks:
    sail:
        driver: bridge

d. My complete Caddy config:

# docker/Caddyfile
{
        on_demand_tls {
                ask http://partners-api.test/.well-known/caddy-check
        }
        local_certs
}

:443 {
        tls internal {
                on_demand
        }

        reverse_proxy partners-api.test {
                header_up Host {host}
                header_up X-Real-IP {remote}
                header_up X-Forwarded-Port 443

                health_timeout 5s
        }
}

3. The problem I’m having:

When I try to visit my domain through Chrome browser, I see the following error message:

Screenshot 2023-01-26 at 12.10.43
Screenshot 2023-01-26 at 12.10.431428Ă—1046 30.9 KB

4. Error messages and/or full log output:

partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.6975405,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
partners-apimydomain-caddy-1              | {"level":"warn","ts":1674745412.6984694,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.6992054,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.699716,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x4000500930"}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.6997588,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.6997736,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
partners-apimydomain-caddy-1              | {"level":"warn","ts":1674745412.7116919,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.7119513,"msg":"Warning: \"certutil\" is not available, install \"certutil\" with \"apt install libnss3-tools\" or \"yum install nss-tools\" and try again"}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.7119637,"msg":"define JAVA_HOME environment variable to use the Java trust"}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.7321715,"msg":"certificate installed properly in linux trusts"}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.7325108,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.7325208,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.7325916,"logger":"tls","msg":"finished cleaning storage units"}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.7327018,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.732917,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.7329533,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.7330842,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
partners-apimydomain-caddy-1              | {"level":"info","ts":1674745412.7330997,"msg":"serving initial configuration"}

5. What I already tried:

I’ve tried to set the minimum TLS version (despite I’m running TLSv1.3) but it didn’t work:

tls {
   protocols tls1.0 tls1.3  #min max
}

6. Links to relevant resources:

4

My understanding is that Sail is only meant to be used for development, not in production. So I suggest you rethink things there. It uses PHP’s built in server, which is not production-ready.

Don’t do this. Caddy only supports TLS 1.2 and 1.3, because older versions are broken and insecure. Either way, you should let Caddy use its defaults.

You need to make sure Caddy is publicly accessible on ports 80 and 443. That’s a requirement by the ACME protocol.

5

I’ve changed the docker-compose.yml to the following config but I’m still getting the same error:

    caddy:
        image: caddy:latest
        restart: unless-stopped
        ports:
            - '443:443'
            - '80:80'
        volumes:
            - './docker/Caddyfile:/etc/caddy/Caddyfile'
            - sail-caddy:/data
            - sail-caddy:/config
        depends_on:
            - partners-api.test
        networks:
            - sail

Btw, your comment about sail, it is only being used locally. We have no intentions to use it on production.

6

What’s in your logs?

Please don’t say “same error” or “not working” etc. Always be specific about the behaviour you’re seeing.

7

I completely wiped out the project from my machine and installed everything from scratch. Now it is working as expected.

1 Like
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.