Caddy server with reverse proxy on custom domain and sub-domain

1. Caddy version (caddy version): v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=

2. How I run Caddy: caddy run

a. System environment: mac os(big sur)

b. Command:

caddy run

c. Service/unit/compose file: I’m not using any containers

hello.life {
    reverse_proxy localhost:3000 
}

api.hello.life {
    reverse_proxy localhost:4000 
}

d. My complete Caddyfile or JSON config:

hello.life {
    reverse_proxy localhost:3000 
}

api.hello.life {
    reverse_proxy localhost:4000 
}

3. The problem I’m having: unable to use custom domains while running caddy

4. Error messages and/or full log output:

{"level":"info","ts":1631246838.3194711,"msg":"using adjacent Caddyfile"}
{"level":"warn","ts":1631246838.327212,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"Caddyfile","line":2}
{"level":"info","ts":1631246838.340451,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1631246838.351688,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000546540"}
{"level":"info","ts":1631246838.361684,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1631246838.3618271,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1631246838.367006,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/Users/avi/Library/Application Support/Caddy"}
{"level":"info","ts":1631246838.3693912,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["api.hello.life","hello.life"]}
{"level":"info","ts":1631246838.373826,"logger":"tls.obtain","msg":"acquiring lock","identifier":"api.hello.life"}
{"level":"info","ts":1631246838.373835,"msg":"autosaved config (load with --resume flag)","file":"/Users/avi/Library/Application Support/Caddy/autosave.json"}
{"level":"info","ts":1631246838.37485,"msg":"serving initial configuration"}
{"level":"info","ts":1631246838.377813,"logger":"tls.obtain","msg":"acquiring lock","identifier":"hello.life"}
{"level":"info","ts":1631246838.393932,"logger":"tls.obtain","msg":"lock acquired","identifier":"api.hello.life"}
{"level":"info","ts":1631246838.394253,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1631246838.404062,"logger":"tls.obtain","msg":"lock acquired","identifier":"hello.life"}
{"level":"info","ts":1631246838.419054,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["hello.life"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1631246838.41908,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["hello.life"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1631246838.419462,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["api.hello.life"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1631246838.4195101,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["api.hello.life"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1631246841.707753,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"hello.life","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1631246843.263273,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"api.hello.life","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1631246845.62238,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"api.hello.life","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: SERVFAIL looking up A for api.hello.life - the domain's nameservers may be malfunctioning"}
{"level":"error","ts":1631246845.622485,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"api.hello.life","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: SERVFAIL looking up A for api.hello.life - the domain's nameservers may be malfunctioning","order":"https://acme-v02.api.letsencrypt.org/acme/order/136710620/23331096750","attempt":1,"max_attempts":3}
{"level":"info","ts":1631246847.648432,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"api.hello.life","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1631246850.0144582,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"api.hello.life","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: SERVFAIL looking up A for api.hello.life - the domain's nameservers may be malfunctioning"}
{"level":"error","ts":1631246850.0145228,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"api.hello.life","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: SERVFAIL looking up A for api.hello.life - the domain's nameservers may be malfunctioning","order":"https://acme-v02.api.letsencrypt.org/acme/order/136710620/23331111320","attempt":2,"max_attempts":3}
{"level":"error","ts":1631246852.4044979,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"api.hello.life","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[api.hello.life] solving challenges: api.hello.life: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/136710620/23331123520) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"warn","ts":1631246852.414479,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
{"level":"info","ts":1631246853.81291,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"aiHeguxQllu84bCBzErqMQ"}
{"level":"error","ts":1631246854.515438,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"hello.life","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: SERVFAIL looking up A for hello.life - the domain's nameservers may be malfunctioning"}
{"level":"error","ts":1631246854.5154922,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"hello.life","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: SERVFAIL looking up A for hello.life - the domain's nameservers may be malfunctioning","order":"https://acme-v02.api.letsencrypt.org/acme/order/136710620/23331093920","attempt":1,"max_attempts":3}
{"level":"error","ts":1631246855.61081,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"api.hello.life","issuer":"acme.zerossl.com-v2-DV90","error":"registering account [mailto:caddy@zerossl.com] with server: fetching new nonce from server: HTTP 504: "}
{"level":"error","ts":1631246855.611053,"logger":"tls.obtain","msg":"will retry","error":"[api.hello.life] Obtain: registering account [mailto:caddy@zerossl.com] with server: fetching new nonce from server: HTTP 504: ","attempt":1,"retrying_in":60,"elapsed":17.216921142,"max_duration":2592000}
{"level":"info","ts":1631246856.9393868,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"hello.life","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1631246859.3924422,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"hello.life","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: SERVFAIL looking up A for hello.life - the domain's nameservers may be malfunctioning"}
{"level":"error","ts":1631246859.3925178,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"hello.life","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: SERVFAIL looking up A for hello.life - the domain's nameservers may be malfunctioning","order":"https://acme-v02.api.letsencrypt.org/acme/order/136710620/23331134990","attempt":2,"max_attempts":3}
{"level":"error","ts":1631246862.275104,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"hello.life","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[hello.life] solving challenges: hello.life: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/136710620/23331146290) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"warn","ts":1631246862.275466,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
{"level":"info","ts":1631246862.686527,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"286ofmKUJ2EycgrjLUfZnA"}
{"level":"info","ts":1631246864.524544,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["hello.life"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1631246864.524609,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["hello.life"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1631246866.476463,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"hello.life","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
^C{"level":"info","ts":1631246899.986015,"msg":"shutting down","signal":"SIGINT"}
{"level":"warn","ts":1631246899.9863622,"msg":"exiting; byeee!! 👋","signal":"SIGINT"}
{"level":"info","ts":1631246899.989776,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000546540"}
{"level":"info","ts":1631246899.9901881,"logger":"tls.obtain","msg":"releasing lock","identifier":"api.hello.life"}
{"level":"warn","ts":1631246899.99072,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme.zerossl.com/v2/DV90/authz/diq8K704YaYo0HjmFfg0VA","error":"performing request: Post \"https://acme.zerossl.com/v2/DV90/authz/diq8K704YaYo0HjmFfg0VA\": context canceled"}
{"level":"error","ts":1631246899.9907572,"logger":"tls.issuance.acme.acme_client","msg":"deactivating authorization","identifier":"hello.life","authz":"https://acme.zerossl.com/v2/DV90/authz/diq8K704YaYo0HjmFfg0VA","error":"request to https://acme.zerossl.com/v2/DV90/authz/diq8K704YaYo0HjmFfg0VA failed after 1 attempts: context canceled"}
{"level":"error","ts":1631246899.990793,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"hello.life","issuer":"acme.zerossl.com-v2-DV90","error":"[hello.life] solving challenges: [hello.life] context canceled (order=https://acme.zerossl.com/v2/DV90/order/GmcaM-g9pVy7dEjqY2sP0Q) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"info","ts":1631246899.9913962,"logger":"tls.obtain","msg":"releasing lock","identifier":"hello.life"}
{"level":"error","ts":1631246899.9916852,"logger":"tls","msg":"job failed","error":"api.hello.life: obtaining certificate: context canceled"}
{"level":"error","ts":1631246899.991849,"logger":"tls.obtain","msg":"unable to unlock","identifier":"hello.life","lock_key":"issue_cert_hello.life","error":"remove /Users/avi/Library/Application Support/Caddy/locks/issue_cert_hello.life.lock: no such file or directory"}
{"level":"error","ts":1631246899.991874,"logger":"tls","msg":"job failed","error":"hello.life: obtaining certificate: [hello.life] Obtain: [hello.life] solving challenges: [hello.life] context canceled (order=https://acme.zerossl.com/v2/DV90/order/GmcaM-g9pVy7dEjqY2sP0Q) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"info","ts":1631246899.991936,"logger":"admin","msg":"stopped previous server","address":"tcp/localhost:2019"}
{"level":"info","ts":1631246899.9919481,"msg":"shutdown complete","signal":"SIGINT","exit_code":0}

5. What I already tried:

6. Links to relevant resources:

I’ve a caddy server running on my localhost. right now my Caddyfile looks like as follows:


hello.life {
    reverse_proxy localhost:3000 
}

api.hello.life {
    reverse_proxy localhost:4000 
}

unfortunately when I run caddy run my custom domains are not working in my browser, how do I make it work also make the reverse proxy available?

Thanks for your time.

Please fill out the help topic template. We’re missing key information here, so we won’t be able to help until you clarify some things.

When you click “New Topic” and choose the “Help” category, the text box should be filled in with a template. Please copy that template, and fill it out either in a comment in this topic, or edit your original post with the template filled out. (If you edit, then please make a comment to notify us that you’ve done it).

hi! I’ve updated my post, thanks for any help on this query.

Do you own the hello.life domain?

You can’t use a domain that someone else owns, you must use your own domain, and you must configure it to point to your server.

Hi! Thanks a lot for the reply.

I don’t own that domain, I’m just working on my local machine, can I use localhost and api.localhost, just for testing?

It depends what you’re testing. But in general, yes; note that Caddy will treat localhost domains differently (it will use its own, internal CA for certificates instead of a publicly-trusted CA).

2 Likes