CaddyFile Issue Connection Refused

oitconz · January 21, 2024, 10:52pm

1. The problem I’m having:

I am trying to install Caddy as a Docker image so I can use it to access other dockers on the same server (e.g. wordpress, osticket, nextcloud etc) by using urls ( wordpress.outsourcedit.co.nz, nextcloud.outsourcedit.co.nz )

I have followed these instructions here.

Every time I tried to access the caddy server ( by url, port, ip number etc) I got connection refused.

After burning 18 hours, hitting every helpfile, system systematically destroying docker, server etc and restarting i have found a way forward. however it still leaves me wondering what was wrong with the initial config and why I need to add extra params to my Caddyfile.

Specifically, without using the :80 directives in my Caddyfile I always got connection refused . With it in I can now curl and get headers etc for pages.

This is the working Caddyfile

{
    auto_https off
}

:80 {
    respond "hello world 2"
}

test1.outsourcedit.co.nz {
    respond "hello world"
}

This is the failing Caddyfile

{
    auto_https off
}

test1.outsourcedit.co.nz {
    respond "hello world"
}

2. Error messages and/or full log output:

With the directives in place netstat inside my caddy docker looks like:

/srv # netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:38077         0.0.0.0:*               LISTEN      -
tcp        0      0 localhost:2019          0.0.0.0:*               LISTEN      1/caddy
tcp        0      0 :::http                 :::*                    LISTEN      1/caddy
tcp        0      0 :::https                :::*                    LISTEN      1/caddy
/srv #

Without the directives it looks like:

/srv # netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:38603         0.0.0.0:*               LISTEN      -
tcp        0      0 localhost:2019          0.0.0.0:*               LISTEN      1/caddy
tcp        0      0 localhost:60224         localhost:2019          TIME_WAIT   -
tcp        0      0 :::https                :::*

3. Caddy version:

Docker Version:
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

docker-compose pulls as below:

services:

  caddy:
    image: caddy
    container_name: caddy

4. How I installed and ran Caddy:

I exactly followed this selfhosted-apps-docker/caddy_v2 at master · DoTheEvo/selfhosted-apps-docker · GitHub

a. System environment:

Ubuntu 22.04 server
Docker version 25.0.0, build e758fe5
Server Name: docker01
Hosts File: The docker ip is 172.18.0.3. The hosts ip is 192.168.1.10

172.18.0.3 test1.outsourcedit.co.nz   
192.168.1.10 www.test1.outsourcedit.co.nz

b. Command:

 docker-compose up -d

c. Service/unit/compose file:

cat docker-compose.yml
services:

  caddy:
    image: caddy
    container_name: caddy
    hostname: caddy
    restart: unless-stopped
    env_file: .env
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./caddy_config:/config
      - ./caddy_data:/data

networks:
  default:
    name: caddy_net
    external: true

d. My complete Caddy config:

.env file

# GENERAL
TZ=Pacific/Auckland
DOCKER_MY_NETWORK=caddy_net
MY_DOMAIN=outsourcedit.co.nz

Caddyfile

 cat Caddyfile
{
    auto_https off
    http_port 80
    https_port 443
}

:80 {
    respond "hello world 2"
}

test1.outsourcedit.co.nz {
    respond "hello world"
}

 docker network ls
NETWORK ID     NAME        DRIVER    SCOPE
8e7647c500b9   bridge      bridge    local
5a7e13bcd933   caddy_net   bridge    local
98eaa8a583cf   host        host      local
928fb8f052b4   none        null      local

docker network inspect caddy_net
[
    {
        "Name": "caddy_net",
        "Id": "5a7e13bcd933a392c84a1a44f0546ea1f06e84c05d1dc85d53e77c88f90371d7",
        "Created": "2024-01-20T21:05:32.504534978+13:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.18.0.0/16",
                    "Gateway": "172.18.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "c2ea4284020f67c4508fdc756d5b7229ab5fce3bcf809676e39624bc262652cc": {
                "Name": "caddy",
                "EndpointID": "968285c4308b8123ac13e5a3f98918bfd6498af5d02f3c64c37816d00a9052b9",
                "MacAddress": "02:42:ac:12:00:02",
                "IPv4Address": "172.18.0.3/16",
                "IPv6Address": ""
            },
            "ce4baee20fb6da2b05eb9d1599d768b8d042a650dcf8b14f638cacdadfefc32c": {
                "Name": "wordpress-db",
                "EndpointID": "248962a55ffb359c17dcb3e9bcfde1161c3a648ea93ca0182e434759a9c936ad",
                "MacAddress": "02:42:ac:12:00:04",
                "IPv4Address": "172.18.0.2/16",
                "IPv6Address": ""
            },
            "e0ab4fe1045c4f4430e493cb2d87fa9c017803e200f2b979424de6d3b70970c6": {
                "Name": "wordpress",
                "EndpointID": "079ad053f1f61a7297e4acee75973d698d80a9e9a28d131bc23441b47537c2a1",
                "MacAddress": "02:42:ac:12:00:03",
                "IPv4Address": "172.18.0.4/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

5. Links to relevant resources:

francislavoie · January 22, 2024, 2:19am

When you use auto_https off, you’re telling Caddy “don’t try to automate TLS issuance, I’ll provide my own certs”. But you didn’t provide a cert, so it’s impossible for Caddy to successfully serve HTTPS.

It also turns off HTTP->HTTPS redirects, which means you won’t have a server running on port 80 to handle HTTP requests.

When you use a site address with your domain, Caddy still defaults to HTTPS (so this is listening on port 443).

So, either provide a cert with the tls directive, OR enable tls internal to have Caddy issue certs using its internal CA, OR just remove auto_https off so Caddy can actually issue real certificates from Let’s Encrypt or ZeroSSL.

If you do the latter, make sure your server is publicly accessible on ports 80 and 443 (port forwarding, firewall) and your DNS is configured to point to your IP address.

oitconz · January 24, 2024, 2:52am

Thank you - that helped

It got me close enough to work out the next bugs.

system · February 23, 2024, 2:52am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.