I am hosting two websites on an ec2 instance. Each website is running on apache server inside a docker container. I have nginx running on a separate container as a reverse proxy.
I wanted to migrate to Caddy because I wanted to add SSL and I read tons of tweets saying that it is pretty straightforward to set up.
I setup a new ec2 instance and have a new subdomain pointing there. I’m running the website on apache in a container, exposing port 3000 and I can access it through curl localhost:3000
just fine. But when I run caddy server and try to access my subdomain, I get connection refused.
I really appreciate the help.
1. Caddy version (caddy version
):
caddy:2.4.5
2. How I run Caddy:
Docker image
docker-compose up
a. System environment:
Linux version 4.14.246-187.474.amzn2.x86_64 (mockbuild@ip-10-0-1-132) (gcc version 7.3.1 20180712
(Red Hat 7.3.1-13) (GCC)) #1 SMP Tue Sep 7 21:48:11 UTC 2021
Docker version 20.10.7, build f0df350
b. Command:
docker-compose up
c. Service/unit/compose file:
This is the docker-compose.yml for my Caddy server
version: "3.7"
services:
caddy:
image: caddy:2.4.5
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- $PWD/Caddyfile:/etc/caddy/Caddyfile
- $PWD/caddy_data:/data
- $PWD/caddy_config:/config
volumes:
caddy_data:
external: true
caddy_config:
Here’s the docker-compose.yml for my website:
version: '3.7'
services:
prueba-jardinesecologicos:
image: roloum/apache_ssl:0.1
container_name: prueba-jardinesecologicos
volumes:
- ./src/:/var/www/html/
- ./conf.d/:/etc/apache2/sites-enabled/
ports:
- 3000:80
expose:
- 80
env_file:
- .env
This is the apache config file for my website:
# <VirtualHost *:443>
<VirtualHost *:80>
ServerAlias prueba.jardinesecologicos.com
DocumentRoot /var/www/html
</VirtualHost>
d. My complete Caddyfile or JSON config:
prueba.jardinesecologicos.com {
reverse_proxy localhost:3000
}
3. The problem I’m having:
Connection refused to the website running in the container. This is an error I see in the logs.
Curl doesn’t show anything
$ curl https://prueba.jardinesecologicos.com
$
4. Error messages and/or full log output:
This is the full output of docker-compose up
for the caddy container and running curl https://prueba.jardinesecologicos.com
$ docker-compose up
Creating network "caddy_default" with the default driver
Creating caddy_caddy_1 ... done
Attaching to caddy_caddy_1
caddy_1 | {"level":"info","ts":1636084571.0160828,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
caddy_1 | {"level":"warn","ts":1636084571.017693,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
caddy_1 | {"level":"info","ts":1636084571.0198941,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
caddy_1 | {"level":"info","ts":1636084571.0210536,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy_1 | {"level":"info","ts":1636084571.021483,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy_1 | {"level":"info","ts":1636084571.0327163,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0000d90a0"}
caddy_1 | {"level":"info","ts":1636084571.0331597,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
caddy_1 | {"level":"info","ts":1636084571.0446072,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["prueba.jardinesecologicos.com"]}
caddy_1 | {"level":"info","ts":1636084571.0505126,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy_1 | {"level":"info","ts":1636084571.050929,"msg":"serving initial configuration"}
caddy_1 | {"level":"info","ts":1636084571.05159,"logger":"tls","msg":"finished cleaning storage units"}
caddy_1 | {"level":"error","ts":1636084581.192345,"logger":"http.log.error","msg":"dial tcp 127.0.0.1:3000: connect: connection refused","request":{"remote_addr":"54.187.2.218:38158","proto":"HTTP/2.0","method":"GET","host":"prueba.jardinesecologicos.com","uri":"/","headers":{"User-Agent":["curl/7.76.1"],"Accept":["*/*"]},"tls":{"resumed":false,"version":771,"cipher_suite":49195,"proto":"h2","proto_mutual":true,"server_name":"prueba.jardinesecologicos.com"}},"duration":0.003791853,"status":502,"err_id":"vp8s2ints","err_trace":"reverseproxy.statusError (reverseproxy.go:858)"}
5. What I already tried:
I’ve tried Reverse Proxy Multiple Domains Using Caddy 2 · JDHeyburn
and every link in the first google results page:
https://www.google.com/search?q=caddyfile+reverse+proxy+docker&rlz=1C5CHFA_enUS897US897&oq=caddyfile+&aqs=chrome.1.69i57j0i20i263i512j0i512l5j69i60.4245j0j7&sourceid=chrome&ie=UTF-8
I also tried running everything, Caddy and website, from the caddy’s docker-compose.yml but the result was the same.