Caddy v2 - TLS configuration

smebberson · January 8, 2020, 12:46am

1. My Caddy version (`caddy -version`):

v2.0.0-beta12 h1:LZnXOGDr1SbeJNyln8Xc/hXjWCa/a9qFpCbWt2iwJPw=

2. How I run Caddy:

a. System environment:

MacOS 10.15.1

b. Command:

./caddy adapt --config ./static/root/etc/Caddyfile --pretty

c. Service/unit/compose file:

N/A

d. My complete Caddyfile:

{env.APP_DOMAIN} {

    matcher all {
        path /
    }

    matcher all-excluding-local-files {
        path /
        not {
            path /css /fonts /images /js /favicon.ico /robots.txt
        }
    }

    encode match:all {
        gzip
    }

    tls {env.ACME_CA_EMAIL} {
        ca https://acme-staging-v02.api.letsencrypt.org/directory
        dns route53
    }

    header match:all {
        Content-Security-Policy "frame-ancestors 'none'"
        Strict-Transport-Security "max-age=31536000"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        X-XSS-Protection "1; mode=block"
    }

    proxy match:all app:4000 {
        except /css /fonts /images /js /favicon.ico /robots.txt /default.html
        transparent
    }

    file_server * {
        root /www
    }

}

3. The problem I’m having:

I’m trying to convert a Caddyfile from v1 to v2. I’m having problems with the TLS part.

4. Error messages and/or full log output:

adapt: parsing caddyfile tokens for ‘tls’: Caddyfile:20 - Error during parsing: unknown subdirective: dns

5. What I already tried:

I tried moving the tls directive out of the server scope…

tls {env.ACME_CA_EMAIL} {
    ca https://acme-staging-v02.api.letsencrypt.org/directory
    dns route53
}

{env.APP_DOMAIN} {
...

and received adapt: Caddyfile:2: unrecognized directive: ca.

I also tried

{
    
    tls {env.ACME_CA_EMAIL} {
        ca https://acme-staging-v02.api.letsencrypt.org/directory
        dns route53
    }

}

{env.APP_DOMAIN} {
...

and received adapt: unrecognized parameter name: tls.

I had a good read through Home · caddyserver/caddy Wiki · GitHub and JSON Config Structure - Caddy Documentation and noticed that the tls directive is missing from apps and seems to be moved up to the top level. But only the JSON is documented for this, I can’t find out how to write this in Caddyfile format.

Is this possible? Will this be possible?

In the meantime, do I need to move to JSON configuration to be able to do these things?

6. Links to relevant resources:

matt · January 8, 2020, 12:53am

Thanks for all the feedback about the v2 beta!

The tls directive is not finished in v2 (the whole v2 Caddyfile is being worked on right now, in fact), so there is not yet a way to configure DNS providers in v2 – but that’ll be coming up next.

smebberson · January 8, 2020, 12:58am

No worries.

Same goes for the JSON? I noticed there was little detail at JSON Config Structure - Caddy Documentation and wondered if that was still to come…

matt · January 8, 2020, 12:59am

Yeah, the DNS provider code is a bit of a thorn in my side, just gotta cringe and crank it out.

Basically will involve a day or two of tedium: lots of copying and pasting, then changing and inserting little stuff, then repeating, for over 50 packages, I think.

system · April 7, 2020, 1:03am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.