1. Caddy version (caddy version):
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=
2. How I run Caddy:
I used docker-compose.
a. System environment:
uname -a
Linux ubuntu 5.4.0-66-generic #74-Ubuntu SMP Wed Jan 27 22:54:38 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
docker -v
Docker version 20.10.3, build 48d30b5
docker-compose -v
docker-compose version 1.28.4, build cabd5cfb
b. Command:
# inside the container
/app # curl https://localhost
Hello, world!
/app #
# on the host
/caddy $ curl https://localhost
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
/caddy $
c. Service/unit/compose file:
version: "3"
services:
caddy:
image: caddy
volumes:
- ./caddy:/app
tty: true
network_mode: host
working_dir: /app
command: ash -c "caddy run --watch"
d. My complete Caddyfile or JSON config:
# Caddyfile
localhost
respond "Hello, world!"
3. The problem I’m having:
- Accessing to https://localhost from container seems to be working.
- Accessing to the same from the host seems to fail even with this option
network_mode: host. - Accessing to https://hostname through a browser also fails with ERR_SSL_PROTOCOL_ERROR.
- On the tutorial, it says it will ask for a password, but it doesn’t.
https://caddyserver.com/docs/caddyfile-tutorial
The first time, you’ll be asked for your password. This is so Caddy can serve your site over HTTPS.
I simply want to use Caddy to develop a server like this below.
ANY CLIENTS in LAN → HTTPS → HOST (docker) → Caddy container → reverse proxy to other containers
It seems that only accessing Caddy from the localhost (container) is getting granted to respond correctly.
4. Error messages and/or full log output:
Attaching to caddy_caddy_1
caddy_1 | 2021/05/02 07:58:47.837 INFO using adjacent Caddyfile
caddy_1 | 2021/05/02 07:58:47.838 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
caddy_1 | 2021/05/02 07:58:47.839 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
caddy_1 | 2021/05/02 07:58:47.839 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
caddy_1 | 2021/05/02 07:58:47.839 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc000366bd0"}
caddy_1 | 2021/05/02 07:58:47.872 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"}
caddy_1 | 2021/05/02 07:58:47.872 INFO http enabling automatic TLS certificate management{"domains": ["localhost"]}
caddy_1 | 2021/05/02 07:58:47.873 WARN tls stapling OCSP {"error": "no OCSP stapling for [localhost]: no OCSP server specified in certificate"}
caddy_1 | 2021/05/02 07:58:47.873 INFO autosaved config {"file": "/config/caddy/autosave.json"}
caddy_1 | 2021/05/02 07:58:47.873 INFO serving initial configuration
caddy_1 | 2021/05/02 07:58:47.873 INFO watcher watching config file for changes {"config_file": "Caddyfile"}
caddy_1 | 2021/05/02 07:58:47.874 INFO tls cleaned up storage units
5. What I already tried:
I changed localhost to its hostname, but then Caddy started to fetching certificates? from let’s encrypt or something and it was giving errors.
caddy_1 | 2021/05/02 08:03:41.863 ERROR tls.obtain will retry {"error": "[ubuntu] Obtain: [ubuntu] creating new order: request to https://acme.zerossl.com/v2/DV90/newOrder failed after 1 attempts: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Invalid DNS identifier [ubuntu] (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 3.040546303, "max_duration": 2592000}