1. The problem I’m having:
I am posting again with a different configuration, same outcome. I am trying to connect Tailscale to caddy and use my custom domain so that while I am on VPN I can access my web application running on port :4000. I am not able to open the web application using my custom domain after the setup. The sections below will go into further detail, but I am getting a no page found error via browser.
2. Error messages and/or full log output:
The following are my log files using `docker logs
❯ docker logs 6e9176da1102
{"level":"info","ts":1735931839.9662943,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
{"level":"info","ts":1735931839.9817467,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"info","ts":1735931839.9948528,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1735931840.0003579,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x2954540"}
{"level":"info","ts":1735931840.0021322,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1735931840.0026307,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1735931840.0083904,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1735931840.0124984,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1735931840.0130408,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1735931840.0136046,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["tesla.doronkatz.cloud"]}
{"level":"info","ts":1735931840.0182827,"logger":"tls.obtain","msg":"acquiring lock","identifier":"tesla.doronkatz.cloud"}
{"level":"info","ts":1735931840.0198243,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1735931840.0200775,"msg":"serving initial configuration"}
{"level":"info","ts":1735931840.0243845,"logger":"tls.obtain","msg":"lock acquired","identifier":"tesla.doronkatz.cloud"}
{"level":"info","ts":1735931840.0258145,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"tesla.doronkatz.cloud"}
{"level":"info","ts":1735931840.0312903,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"4940206e-f19d-4739-9fa3-ab567716d63e","try_again":1736018240.0307264,"try_again_in":86399.999564}
{"level":"info","ts":1735931840.0325017,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1735931840.0810828,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["tesla.doronkatz.cloud"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1735931840.081323,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["tesla.doronkatz.cloud"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1735931840.081921,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/2148300205","account_contact":[]}
{"level":"info","ts":1735931840.5764203,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"tesla.doronkatz.cloud","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
3. Caddy version:
❯ docker-compose exec caddy caddy version
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
4. How I installed and ran Caddy:
a. System environment:
Dockerfile to install caddy:
❯ cat Dockerfile
ARG VERSION=2
FROM caddy:${VERSION}-builder AS builder
# We need this plugin to obtain SSL certificates from Cloudflare
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM caddy:${VERSION}
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
b. Command:
❯ docker-compose up -d
c. Service/unit/compose file:
❯ cat docker-compose.yml
services:
caddy:
caddy:
build: .
container_name: caddy
hostname: caddy
restart: unless-stopped
networks:
- caddynet
cap_add:
- NET_ADMIN
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- $PWD/Caddyfile:/etc/caddy/Caddyfile
- $PWD/site:/srv
- caddy_data:/data
- caddy_config:/config
env_file:
- container-vars.env
volumes:
caddy_data:
external: true
caddy_config:
d. My complete Caddy config:
❯ cat Caddyfile
tesla.doronkatz.cloud {
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
reverse_proxy localhost:4000
}
5. Links to relevant resources:
I was trying to follow an example from How to securely access homelab with Tailscale — Evgenii Burmakin on the setup, but changed it slightly as I experimented.
Other than that, my DNS I use is cloudflare. My DNS settings are as follows:
Update
I got further logs:
Attaching to caddy
caddy | {"level":"info","ts":1735935747.8399806,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
caddy | {"level":"info","ts":1735935747.840765,"msg":"adapted config to JSON","adapter":"caddyfile"}
caddy | {"level":"warn","ts":1735935747.840836,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":10}
caddy | {"level":"info","ts":1735935747.8409395,"msg":"redirected default logger","from":"stderr","to":"stdout"}
caddy | {"level":"info","ts":1735935747.8413637,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
caddy | {"level":"info","ts":1735935747.841196,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
caddy | {"level":"info","ts":1735935747.8412526,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy | {"level":"info","ts":1735935747.8412564,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy | {"level":"debug","ts":1735935747.8412647,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{"subjects":["tesla.doronkatz.cloud"]},{}]}},"http":{"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"localhost:4000"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
caddy | {"level":"info","ts":1735935747.8413448,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
caddy | {"level":"debug","ts":1735935747.8413954,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
caddy | {"level":"info","ts":1735935747.84193,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x4000458e80"}
caddy | {"level":"info","ts":1735935747.8419523,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy | {"level":"info","ts":1735935747.8419557,"msg":"serving initial configuration"}
caddy | {"level":"info","ts":1735935747.842872,"logger":"tls.obtain","msg":"acquiring lock","identifier":"tesla.doronkatz.cloud"}
caddy | {"level":"info","ts":1735935747.8433363,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"1663357e-09de-4c51-8767-39a3c1816f88","try_again":1736022147.8433356,"try_again_in":86399.99999975}
caddy | {"level":"info","ts":1735935747.8434267,"logger":"tls","msg":"finished cleaning storage units"}
caddy | {"level":"info","ts":1735935747.8435113,"logger":"tls.obtain","msg":"lock acquired","identifier":"tesla.doronkatz.cloud"}
caddy | {"level":"info","ts":1735935747.8436117,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"tesla.doronkatz.cloud"}
caddy | {"level":"debug","ts":1735935747.8436415,"logger":"events","msg":"event","name":"cert_obtaining","id":"13a4598b-2092-498e-828d-1633b6a07d5f","origin":"tls","data":{"identifier":"tesla.doronkatz.cloud"}}
caddy | {"level":"debug","ts":1735935747.8438277,"logger":"tls.obtain","msg":"trying issuer 1/1","issuer":"acme-v02.api.letsencrypt.org-directory"}
caddy | {"level":"info","ts":1735935747.8450956,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["tesla.doronkatz.cloud"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy | {"level":"info","ts":1735935747.8451064,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["tesla.doronkatz.cloud"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy | {"level":"debug","ts":1735935748.088627,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; arm64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Fri, 03 Jan 2025 20:22:28 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["LPSR-4-sAovldXe1EXTRNBcZdnVHJP2Df2cxtZ8h8O9ZOyve_as"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
caddy | {"level":"debug","ts":1735935748.2724822,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; arm64)"]},"response_headers":{"Boulder-Requester":["2149589065"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["355"],"Content-Type":["application/json"],"Date":["Fri, 03 Jan 2025 20:22:28 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/2149589065/340439091455"],"Replay-Nonce":["1QDIi77bLyOpx0dI4BA6CDJz1MLlBm0DvWQFJDka_fX2shoW-20"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
caddy | {"level":"debug","ts":1735935748.3386161,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz/2149589065/455080227545","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (linux; arm64)"]},"response_headers":{"Boulder-Requester":["2149589065"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["829"],"Content-Type":["application/json"],"Date":["Fri, 03 Jan 2025 20:22:28 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["1QDIi77bnTsZoUxAkRLW1-8DGXNVc_G-LEASflJDqBpZ0QYhPos"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
caddy | {"level":"debug","ts":1735935748.3390133,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"tls-alpn-01"}
caddy | {"level":"info","ts":1735935748.3390453,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"tesla.doronkatz.cloud","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
caddy | {"level":"debug","ts":1735935748.818564,"logger":"tls.issuance.acme.acme_client","msg":"waiting for solver before continuing","identifier":"tesla.doronkatz.cloud","challenge_type":"dns-01"}
Thank you