- I have vaultwarden running on port 9000 and am running Caddy for forward web traffic to it. It works but I can’t figure the certificate out. I have been through the documentation and still can’t find a solution. I am able to get to the site locally (only want it to be locally) but when I try other types of code and/or solutions, none of them have worked for me. All ports used have been opened.
What is the most basic way to make your Caddy file have a Lets encrypt cert? This is what I have in my Caddyfile and I run ‘caddy run’
I also see that in the logs while it is running, it says localhost:2019, which is confusing to me.
2. Error messages and/or full log output:
caddy run
2024/05/03 19:25:52.441 INFO using adjacent Caddyfile
2024/05/03 19:25:52.443 WARN Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies{"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2024/05/03 19:25:52.444 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/05/03 19:25:52.445 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc000528700"}
2024/05/03 19:25:52.445 INFO http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2024/05/03 19:25:52.445 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2024/05/03 19:25:52.445 INFO http enabling HTTP/3 listener {"addr": ":443"}
2024/05/03 19:25:52.446 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/05/03 19:25:52.446 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/05/03 19:25:52.446 INFO http enabling automatic TLS certificate management {"domains": ["fl000sbwd001.network.root"]}
2024/05/03 19:25:52.446 WARN tls stapling OCSP {"error": "no OCSP stapling for [fl000sbwd001.network.root]: no OCSP server specified in certificate", "identifiers": ["fl000sbwd001.network.root"]}
2024/05/03 19:25:52.448 WARN tls storage cleaning happened too recently; skipping for now {"storage": "FileStorage:/root/.local/share/caddy", "instance": "099a3dc3-49b0-4e88-9d6f-2da38c9bb8bb", "try_again": "2024/05/04 19:25:52.448", "try_again_in": 86399.999999484}
2024/05/03 19:25:52.448 INFO tls finished cleaning storage units
2024/05/03 19:25:52.464 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"}
2024/05/03 19:25:52.464 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2024/05/03 19:25:52.465 INFO serving initial configuration
- Caddy version: v2.7.6
- How I installed and ran Caddy:
Installed and ran it on RockyOS
caddy run
2024/05/03 19:30:25.605 INFO using adjacent Caddyfile
2024/05/03 19:30:25.606 WARN Caddyfile input is not formatted; run ‘caddy fmt --overwrite’ to fix inconsistencies{“adapter”: “caddyfile”, “file”: “Caddyfile”, “line”: 2}
2024/05/03 19:30:25.607 INFO admin admin endpoint started {“address”: “localhost:2019”, “enforce_origin”: false, “origins”: [“//localhost:2019”, “//[::1]:2019”, “//127.0.0.1:2019”]}
2024/05/03 19:30:25.608 INFO tls.cache.maintenance started background certificate maintenance {“cache”: “0xc0003b2500”}
2024/05/03 19:30:25.608 INFO http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {“server_name”: “srv0”, “https_port”: 443}
2024/05/03 19:30:25.608 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2024/05/03 19:30:25.608 INFO http enabling HTTP/3 listener {“addr”: “:443”}
2024/05/03 19:30:25.609 INFO http.log server running {“name”: “srv0”, “protocols”: [“h1”, “h2”, “h3”]}
2024/05/03 19:30:25.609 INFO http.log server running {“name”: “remaining_auto_https_redirects”, “protocols”: [“h1”, “h2”, “h3”]}
2024/05/03 19:30:25.609 INFO http enabling automatic TLS certificate management {“domains”: [“fl000sbwd001.network.root”]}
2024/05/03 19:30:25.609 WARN tls stapling OCSP {“error”: “no OCSP stapling for [fl000sbwd001.network.root]: no OCSP server specified in certificate”, “identifiers”: [“fl000sbwd001.network.root”]}
2024/05/03 19:30:25.611 WARN tls storage cleaning happened too recently; skipping for now {“storage”: “FileStorage:/root/.local/share/caddy”, “instance”: “099a3dc3-49b0-4e88-9d6f-2da38c9bb8bb”, “try_again”: “2024/05/04 19:30:25.611”, “try_again_in”: 86399.999999258}
2024/05/03 19:30:25.612 INFO tls finished cleaning storage units
2024/05/03 19:30:25.629 INFO pki.ca.local root certificate is already trusted by system {“path”: “storage:pki/authorities/local/root.crt”}
2024/05/03 19:30:25.630 INFO autosaved config (load with --resume flag) {“file”: “/root/.config/caddy/autosave.json”}
2024/05/0
a. System environment:
b. Command:
[root@FL000SBWD001 caddy]# ls
Caddyfile caddy.json
[root@FL000SBWD001 caddy]# caddy run
c. Service/unit/compose file:
d. My complete Caddy config:
caddy fmt
fl000sbwd001.network.root {
tls internal
reverse_proxy localhost:9000
}
I have also tried
:80
reverse_proxy localhost:9000
As well as
:80
reverse_proxy localhost:9000
tls internal
There are other things I have tried but I have been troubleshooting for several hours and forget them all.