Cannot disable auto-SSL and other problems (initial install)

I copied the PEM files to /etc/caddy and now starting up with no errors:

Jul 19 11:34:44 batopi systemd[1]: Starting Caddy...
Jul 19 11:34:44 batopi caddy[2326]: caddy.HomeDir=/var/lib/caddy
Jul 19 11:34:44 batopi caddy[2326]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Jul 19 11:34:44 batopi caddy[2326]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Jul 19 11:34:44 batopi caddy[2326]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Jul 19 11:34:44 batopi caddy[2326]: caddy.Version=v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=
Jul 19 11:34:44 batopi caddy[2326]: runtime.GOOS=linux
Jul 19 11:34:44 batopi caddy[2326]: runtime.GOARCH=arm64
Jul 19 11:34:44 batopi caddy[2326]: runtime.Compiler=gc
Jul 19 11:34:44 batopi caddy[2326]: runtime.NumCPU=6
Jul 19 11:34:44 batopi caddy[2326]: runtime.GOMAXPROCS=6
Jul 19 11:34:44 batopi caddy[2326]: runtime.Version=go1.16.5
Jul 19 11:34:44 batopi caddy[2326]: os.Getwd=/
Jul 19 11:34:44 batopi caddy[2326]: LANG=C.UTF-8
Jul 19 11:34:44 batopi caddy[2326]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Jul 19 11:34:44 batopi caddy[2326]: NOTIFY_SOCKET=/run/systemd/notify
Jul 19 11:34:44 batopi caddy[2326]: HOME=/var/lib/caddy
Jul 19 11:34:44 batopi caddy[2326]: LOGNAME=caddy
Jul 19 11:34:44 batopi caddy[2326]: USER=caddy
Jul 19 11:34:44 batopi caddy[2326]: INVOCATION_ID=5d0bfabf1a8c41938f8d0c90934c2832
Jul 19 11:34:44 batopi caddy[2326]: JOURNAL_STREAM=8:28272
Jul 19 11:34:44 batopi caddy[2326]: {"level":"info","ts":1626708884.3110464,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Jul 19 11:34:44 batopi caddy[2326]: {"level":"warn","ts":1626708884.3129115,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
Jul 19 11:34:44 batopi caddy[2326]: {"level":"info","ts":1626708884.3143702,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["127.0.0.1:2019","localhost:2019","[::1]:2019"]}
Jul 19 11:34:44 batopi caddy[2326]: {"level":"info","ts":1626708884.3155248,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x40002a91f0"}
Jul 19 11:34:45 batopi caddy[2326]: {"level":"info","ts":1626708885.8284976,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
Jul 19 11:34:45 batopi caddy[2326]: {"level":"info","ts":1626708885.8287878,"logger":"http","msg":"skipping automatic certificate management because one or more matching certificates are already loaded","domain":"emupay.me","server_name":"srv1"}
Jul 19 11:34:45 batopi caddy[2326]: {"level":"info","ts":1626708885.8288605,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv1"}
Jul 19 11:34:45 batopi caddy[2326]: {"level":"info","ts":1626708885.8309228,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Jul 19 11:34:45 batopi caddy[2326]: {"level":"info","ts":1626708885.832361,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jul 19 11:34:45 batopi caddy[2326]: {"level":"info","ts":1626708885.832762,"msg":"serving initial configuration"}
Jul 19 11:34:45 batopi systemd[1]: Started Caddy.
Jul 19 11:34:45 batopi caddy[2326]: {"level":"info","ts":1626708885.8381886,"logger":"tls","msg":"finished cleaning storage units"}

So… finally… no errors on startup of caddy. Caddy has some certs loaded. The http (non “s”) test site works nicely using… http://emupay.me:9992 … So how can I actually do https to that site ? At this point the purpose of loading the certs into caddy is just to stop caddy trying to look for some certs (by auto ) which just cause delays and timeouts on the http webite… Now it is noticeably faster to load… Anyway, since I have the certs in there… may as well try to view it by https … how ?

{
http_port  80
https_port 8443
}
# The Caddyfile - to configure your Caddy web server.
:80 {
  root * /var/www/html
  file_server
}
emupay.me {
  tls /etc/caddy/emufullchain1.pem /etc/caddy/emuprivkey1.pem
  root * /var/www/html
  file_server
 }

With https://emupay.me:8443 presumably. Make sure your router forwards that port to your Caddy server.

no problems on the router… how about the Caddyfile (above) … is it obvious to you why that Caddyfile does not serve any https when using https://emupay.me:8443 haha, cos it is not obvious to me

As with other replies in this thread, not without evidence. What’s in your logs? What do you see when you use curl? Are you sure you’re mapping 8443 to 8443 (and not 8443 to 443, because you set https_port to a different value than its default of 443)?

hahah yeah, I am sure about the port mappings from router to caddy server… I been doing port mappings and IPTABLES configs for many years. I only been (bumbling though) Caddyfile for a few days… But that’s cool ! you are implying that the Caddyfile looks good

In summary - when I thought (wrongly) it was possible that caddy and LetsEncrypt might be able to do the auto certs because caddy was setup to receive on 80 and 443… so it was setup like that (80,443). At that time router here was forwarding 9991 to 443 on the caddy server. And - as you pointed out - the difficulty/problem was not about “caddy receiving it on 443” (which was happening)… rather, the difficulty was LetsEncrypt was going to send out - on 443 - which would never arrive to caddy because my ISP blocks ports under 5000 (new connections). So … therefore… no particular reason to keep (9991 → 443) for caddy, when the sender would be something else (eg 9991). Then, I changed the port I had been using for https (9991) to something more meaningful and more standard (i.e. 8443). And then - to keep it more simple - decided not to map that port to something different for the caddy server. . rather just pass on 8443 as 8443 to the caddy server…

I am not sure what you mean has “no evidence” ? curl is curl from anywhere. But, its all good I will put some curl output here… in the morning. Its all good Thanks again for all your help. The responsiveness and helpfulness on this forums is amazing !

PS C:\WINDOWS\system32> curl -v http://emupay.me:9992                                                                                                                                                                                                                          VERBOSE: GET http://emupay.me:9992/ with 0-byte payload
VERBOSE: received 4729-byte response of content type text/html; charset=utf-8


StatusCode        : 200
StatusDescription : OK
Content           : <!DOCTYPE html>
                    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" class="no-js">

                    <head>
                      <title>Ira</title>
                      <link rel="stylesheet" href="style.css" type="text/css">
                      <meta name="...
RawContent        : HTTP/1.1 200 OK
                    Accept-Ranges: bytes
                    Content-Length: 4729
                    Content-Type: text/html; charset=utf-8
                    Date: Mon, 19 Jul 2021 17:12:31 GMT
                    ETag: "qwhlz63nd"
                    Last-Modified: Mon, 19 Jul 2021 10:18:42 GM...
Forms             : {}
Headers           : {[Accept-Ranges, bytes], [Content-Length, 4729], [Content-Type, text/html; charset=utf-8], [Date,
                    Mon, 19 Jul 2021 17:12:31 GMT]...}
Images            : {@{innerHTML=; innerText=; outerHTML=<IMG style="FLOAT: left" src="ira_profile.jpg" width=90>;
                    outerText=; tagName=IMG; style=FLOAT: left; src=ira_profile.jpg; width=90}, @{innerHTML=;
                    innerText=; outerHTML=<IMG onclick=image_click(this.id) id=Ira3 alt="3d shapes" src="ira3.jpg">;
                    outerText=; tagName=IMG; onclick=image_click(this.id); id=Ira3; alt=3d shapes; src=ira3.jpg},
                    @{innerHTML=; innerText=; outerHTML=<IMG onclick=image_click(this.id) id=Ira1 alt="My Emma doll"
                    src="ira1.jpg">; outerText=; tagName=IMG; onclick=image_click(this.id); id=Ira1; alt=My Emma doll;
                    src=ira1.jpg}, @{innerHTML=; innerText=; outerHTML=<IMG onclick=image_click(this.id) id=Ira5
                    alt="elepante beatbox" src="ira5.jpg">; outerText=; tagName=IMG; onclick=image_click(this.id);
                    id=Ira5; alt=elepante beatbox; src=ira5.jpg}...}
InputFields       : {}
Links             : {@{innerHTML=It is very old; innerText=It is very old; outerHTML=<A
                    href="https://sites.google.com/site/tomasmoratoelementaryschool/our-school">It is very old</A>;
                    outerText=It is very old; tagName=A;
                    href=https://sites.google.com/site/tomasmoratoelementaryschool/our-school}, @{innerHTML=Facebook;
                    innerText=Facebook; outerHTML=<A
                    href="https://www.facebook.com/Tomas-Morato-Elementary-School-104559317934534">Facebook</A>;
                    outerText=Facebook; tagName=A;
                    href=https://www.facebook.com/Tomas-Morato-Elementary-School-104559317934534}, @{innerHTML=Youtube
                    Channel; innerText=Youtube Channel; outerHTML=<A
                    href="https://www.youtube.com/channel/UCEK3Z9uLLNooM3Yah_0itmA">Youtube Channel</A>;
                    outerText=Youtube Channel; tagName=A;
                    href=https://www.youtube.com/channel/UCEK3Z9uLLNooM3Yah_0itmA}, @{innerHTML=click here;
                    innerText=click here; outerHTML=<A href="http://tinapay/mj/">click here</A>; outerText=click here;
                    tagName=A; href=http://tinapay/mj/}}
ParsedHtml        : mshtml.HTMLDocumentClass
RawContentLength  : 4729



PS C:\WINDOWS\system32> curl -v https://emupay.me:8443
VERBOSE: GET https://emupay.me:8443/ with 0-byte payload
VERBOSE: received 0-byte response of content type


StatusCode        : 200
StatusDescription : OK
Content           : {}
RawContent        : HTTP/1.1 200 OK
                    Content-Length: 0
                    Date: Mon, 19 Jul 2021 17:13:30 GMT
                    Server: Caddy


Headers           : {[Content-Length, 0], [Date, Mon, 19 Jul 2021 17:13:30 GMT], [Server, Caddy]}
RawContentLength  : 0

This part means Caddy is serving valid HTTPS on port 8443 to your request - ostensibly, working as configured.

However, when I tried it just now, my request timed out. This is one of the reasons why we ask you run curl yourself - mostly so we can see better into exactly what you are seeing in your networking circumstance, but partially so that you know and can ensure Caddy is up, not firewalled, running on the expected IP address etc. etc. when you test it.

P.S.:

I don’t think the behaviour of this configuration is behaviour you want.

Refer to the documentation, emphasis mine:

http_port

The port for the server to use for HTTP. For internal use only; does not change the HTTP port for clients. Default: 80

—https://caddyserver.com/docs/caddyfile/options#http-port

https_port

The port for the server to use for HTTPS. For internal use only; does not change the HTTPS port for clients. Default: 443

—https://caddyserver.com/docs/caddyfile/options#https-port

These directives are useful for port detouring, i.e. when packets reach the standard ports externally (80 and 443) but take a roundabout route to get to Caddy.

Their intended use case is to have automatic redirections send clients to standard ports despite Caddy running on different ports. With your current configuration, this has no specific benefit for you anyway, because Caddy is not issuing any redirects. All it does is let you move port specification away from the site labels (when I believe it is more readable to have them in the site labels anyway).

Since your externally accessible ports are http://:9992 and https://:8443, my honest opinion is that you should forward ports straight through (9992->9992 and 8443->8443) and exert direct control over port specification and HTTP->S redirection in your Caddyfile:

http://emupay.me:9992 {
  redir https://emupay.me:8443{uri}
}

https://emupay.me:8443 {
  tls /etc/caddy/emufullchain1.pem /etc/caddy/emuprivkey1.pem
  root * /var/www/html
  file_server
}

This would be the least complicated way of achieving default-Caddy-like behaviour on nonstandard ports. There’s no specific benefit to trying to half-host Caddy on default ports; you might as well have things lined up.

oh oh oh ! I missed that… so, yes, you are 100% correct ! That is not what I was trying to do… ok ok … I will remove those port assignments in my Caddyfile and change the forwarding so it keeps 9992 and 8443 all the way to the Caddy server.

Seems much better like that ! Actually seems fully working… am still testing it. I only wish I could give more than one (like 100!) thank you so very much… And all my (100s) failed attempts to get it working have taught me so much about Caddy ! This forum is amazing ! Thank you to all who helped me …

No worries. Sometimes it really helps to have an outside opinion, or at the very least, take a step back and reframe the situation.

As someone who writes a lot of Caddyfiles and does a lot of helping other people write Caddyfiles, the best solution is, without exception, the simplest one. Leverage the basics and be specific about what you want - Caddy configuration is both simpler and more powerful than people often think!

you are 100% correct ! and I agree…
Sometimes just knowing how to do “the simplest” can be the problem, when someone is completely new to something

That what this community is for.

This topic was automatically closed after 30 days. New replies are no longer allowed.