Send all other traffic to the regular Vaultwarden endpoint
reverse_proxy 0.0.0.0:80
}
Paste your config here, replacing this text.
Use caddy fmt to make it readable.
DO NOT REDACT anything except credentials.
LEAVE DOMAIN NAMES INTACT.
Make sure the backticks stay on their own lines.
The Caddyfile resides at /etc and etc/caddy/
### 3. The problem I'm having:
<!-- What are you trying to do, and what isn't working? Please describe the issue thoroughly enough so that anyone can reproduce the exact behavior you're seeing. Be as specific as possible. DO NOT USE WEB BROWSERS; use "curl -v" instead. -->
Caddy container was created but failed to start
### 4. Error messages and/or full log output:
<!--
Please DO NOT REDACT any information except credentials. Leave domain names intact!
Please DO NOT POST TRUNCATED LOG LINES as systemd is notorious for this.
Please USE THIS COMMAND TO VIEW LOGS with systemd:
$ journalctl -u caddy --no-pager | less +G`
Please DO NOT USE WEB BROWSERS. Use `curl -v` instead.
Please ENABLE DEBUG MODE FIRST by adding "debug" to the global options of your Caddyfile.
-->
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/run/desktop/mnt/host/wsl/docker-desktop-bind-mounts/Ubuntu-20.04/641d0cc536e6a36b2d065081e4109cffb48a2a3427f15e2c0be7cb25a6934b25" to rootfs at "/etc/caddy/Caddyfile": mount /run/desktop/mnt/host/wsl/docker-desktop-bind-mounts/Ubuntu-20.04/641d0cc536e6a36b2d065081e4109cffb48a2a3427f15e2c0be7cb25a6934b25:/etc/caddy/Caddyfile (via /proc/self/fd/14), flags: 0x5000: not a directory: unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type.
Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.
### 5. What I already tried:
<!-- Show us what effort you've put in to solving the problem. Be specific -- people are volunteering their time to help you! Low effort posts are not likely to get good answers! -->
### 6. Links to relevant resources:
dzung.duckdns.org {
encode gzip
# The negotiation endpoint is also proxied to Rocket
reverse_proxy /notifications/hub/negotiate 0.0.0.0:80
# Notifications redirected to the websockets server
reverse_proxy /notifications/hub 0.0.0.0:3012
# Send all other traffic to the regular Vaultwarden endpoint
reverse_proxy 0.0.0.0:8008
}
Also tried âŠ
reverse_proxy 0.0.0.0:80
reverse_proxy 192.168.0.146:80 which is local address where vaultwarden resides
I was following installation instructions from various source. However, I have tried the following without success. âŠ
reverse_proxy localhost:8008
reverse_proxy 192.168.0.146:8008
reverse_proxy :8008
Usually a firewall problem means that a router or firewall is misconfigured and is not allowing the connection on port 80 or port 443 through to Caddy.
If your Vaultwarden server IP address is 192.168.0.146, your firewall settings for PORT 80 and 443 should forward it to your Caddy IP (not 192.168.0.146) , and let Caddy do itâs reverse_proxy task.
You should accept ALL connection FROM WAN side for 80/tcp, 443/tcp, 80/tcp(v6), 443/tcp(v6) to your Caddy server / service. I am not sure and not comfortable with âALLOW IN Anywhereâ
I just saw your are using WSL2. I now understand why you are sturggling.
WSL2 networks are all isolated by default. You have to open up and port the port manually, as mentioned here in Microsoft documentation ( Comparing WSL Versions | Microsoft Learn )
Thank you for pointing to me this great resource about WSL port forwarding need. However, I have applied this but the problem remained. I have no experience about Caddy and according to the log Caddy has encountered issues related to validating authorization timeout, or various challenge failures, could not get certificate from issuer
I have tried another way: manually obtaining the SSL certificate via acme.sh for DSN Duckdsn.org and specified it in Caddyfile as below ⊠dzung.duckdns.org:443 {
encode gzip
tls internal {$HOME/.acme.sh/dzung.duckdns.org/dzung.duckdns.org.cer} {$H> reverse_proxy * 192.168.0.146:8080
}
now there is no error in the Caddy log but I still could not access vaultwarden by HTTPS âŠtimeout still
Apply above caddy config, can you access the page from host computer ?
How about other device at local network ?
If not, are you able to Ping it ?
What happen if you try to access https://127.0.0.1 and the host IP in local network ?
When you ping dzung.duckdns.org , what IP do you get ?
Is it same as your public IP which you able to find out and obtain here https://www.wtfismyip.com/
I ran Caddy with your suggested âsomething basicâ I can access vaultwarden using localhost:8080 or dzung.duckdns.org:8080 or 192.168.0.146:8080 (i.e. no HTPPS) from another PC on the LAN. Pinging dzung.duckdns.org does return the public IP address as set by ISP
localhost:443 or 127.0.0.1:443 resulted in âClient sent an HTTP request to an HTTPS server.â
Because you are using locally issue certificate, your browser will prompt ERR_CERT_AUTH_INVALID âCertificate Invalidâ when you try to access it. You can click proceed to continue
But not ERR_SSL_PROTOCOL_ERROR
