Paste config here, replacing this text.
Use `caddy fmt` to make it readable.
DO NOT REDACT anything except credentials.
LEAVE DOMAIN NAMES INTACT.
Make sure the backticks stay on their own lines.
3. The problem Iām having:
I am unable to have Caddy serve VaultWarden as HTTPS. VaultWarden is on the same server, using port 8000 mapped to 80 in Portainer. VaultWarden opens ok, but I need to enable SSL to be able to set-up and continue
4. Error messages and/or full log output:
No errors as such. Just canāt get Caddy to work with this set-up
Caddy will have logs. Check the containerās log outputs.
Did you bind Caddy to ports 80 and 443 on the host machine?
Do you have your local DNS server (I assume pihole) resolving that hostname to the IP address of your server?
I canāt suggest anything without actually seeing evidence of the errors. Check your logs, explain whatās not working. Make a request with curl -v to show what happens.
And please place your logs and config within code blocks in your post, between the lines with ``` backticks. Code blocks will makes sure formatting is preserved. Itās hard to read otherwise. (Also see the help topic template, you were meant to paste your logs within those code fences where it says āPaste config hereā)
I think that Caddy is kind of working but I donāt think the CaddyFile is correct. Yes, I bind ports 80 and 443 on the host machine. Yes, the local DNS is Pi-hole and this is resolving back to the Caddy server.
The issue is that Chrome is saying the connection is Not Secure when connecting both internally (with Pihole DNS forwarding to Caddy) or externally (where the web-server A Host points to Caddy IP).
This is an example of the CaddyFile where āserviceā is accessible from within the network (local.lan) and externally (example.com):
But in both cases, I get Not Secure. I think that this is issuing local certs in both cases, so need to only issue local certs to the local version (local.lan) and not to external. But, not sure how do do this within the CaddyFile.
Right, the local_certs global option just makes Caddy issue local certs for all sites regardless of whether itās a public domain or not. Itās more meant as a quick switch to flip when testing things to avoid hitting public ACME issuers.
Instead, you should use the tls internal directive on any sites you want to use local certs.
As I said, please use backticks for code blocks when posting config or logs. Whitespace gets lost otherwise, making it harder to read.
You used block quotes. Use code blocks, which involves putting 3 backticks on the lines immediately preceding and following the logs/config.
it ends up looking like this
Thereās also a button in the reply editor that looks like </>
Thatās strange, but harmless.
I tried to load https://vault.dsewell.co.uk myself, and it seems to work fine (HTTPS, with a valid publicly trusted cert). So you should be good to go.
