Windows 10 Enterprise though the same happens on my Ubuntu 20 LTS server
b. Command:
sudo run caddy
./caddy.exe run
c. Service/unit/compose file:
Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.
d. My complete Caddyfile or JSON config:
localhost:9876 {
file_server {
browse
}
}
3. The problem I’m having:
I can’t access it on my localhost, when I run caddy it doesn’t seem to have any problems but when I try to access it in my browser it doesn’t load anything. I’m new to this so I don’t understand most things.
If do:
:9876 {
#same code as above
}
It works but that exposes that port to the internet and I don’t want that. I just want the file server locally so I can reverse proxy it to my subdomain. Is this the wrong way to do it?
4. Error messages and/or full log output:
2021/11/10 04:08:42.512 INFO using adjacent Caddyfile
2021/11/10 04:08:42.512 WARN input is not formatted with ‘caddy fmt’ {“adapter”: “caddyfile”, “file”: “Caddyfile”, “line”: 6}
2021/11/10 04:08:42.516 INFO admin admin endpoint started {“address”: “tcp/localhost:2019”, “enforce_origin”: false, “origins”: [“localhost:2019”, “[:
:1]:2019”, “127.0.0.1:2019”]}
2021/11/10 04:08:42.517 INFO http enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2021/11/10 04:08:42.517 INFO tls.cache.maintenance started background certificate maintenance {“cache”: “0xc000371e30”}
2021/11/10 04:08:42.545 INFO pki.ca.local root certificate is already trusted by system {“path”: “storage:pki/authorities/local/root.crt”}
2021/11/10 04:08:42.547 INFO http enabling automatic TLS certificate management {“domains”: [“localhost”]}
2021/11/10 04:08:42.547 WARN tls stapling OCSP {“error”: “no OCSP stapling for [localhost]: no OCSP server specified in certificate”}
2021/11/10 04:08:42.548 INFO tls cleaning storage unit {“description”: “FileStorage:C:\Users\User\AppData\Roaming\Caddy”}
2021/11/10 04:08:42.548 INFO autosaved config (load with --resume flag) {“file”: “C:\Users\User\AppData\Roaming\Caddy\autosave.json”}
2021/11/10 04:08:42.548 INFO serving initial configuration
2021/11/10 04:08:42.551 INFO tls finished cleaning storage units
5. What I already tried:
I tried using bind:
localhost:9876 {
bind 127.0.0.1 #same code
}
Also tried:
127.0.0.1:9876 { #same code
}
There’s two things going on here that might be causing you issues.
When you use a hostname that looks like it’s local/internal, Caddy will set up Automatic HTTPS for that domain. localhost does qualify for that, so Caddy will set up its local CA from which it’ll issue certificates.
Also, that hostname will be used as a host matcher for requests, so Caddy will look at either the Host header or TLS SNI to match the request. So if you made the request with 127.0.0.1 but you configured localhost, it won’t work.
Can you be more specific? What do you mean “doesn’t load anything”? What’s the error?
Can you try with curl -v to make the request? Browsers are often unreliable for debugging, and sometimes don’t handle local CA certs with short lifetimes properly (Chrome is particular egregious here).
Well, it shouldn’t just be “exposed to the internet” with just that. Is the machine not behind a router or firewall that would block requests on that port? If this is in your home network, just don’t port forward 9876 to your machine!
Tried with a different port (9999). When I try to access it from Chrome I get
This site can’t be reachedThe connection was reset.
Try:
Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_CONNECTION_RESET
This is CURL’s output:
* Trying 127.0.0.1:9999...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 9999 (#0)
> GET / HTTP/1.1
> Host: localhost:9999
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
* HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad Request
<
Client sent an HTTP request to an HTTPS server.
* Closing connection 0
Well, it shouldn’t just be “exposed to the internet” with just that. Is the machine not behind a router or firewall that would block requests on that port?
I have ufw but not configured on my server. What should I do? Block all incoming requests?
* Trying 127.0.0.1:9999...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 9999 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
That means it’s still trying to do a TLS handshake.
Please post your current config and the full command and output. Don’t just copy bits and pieces, it’s really hard to keep track of your current state.