Can't use caddy reverse proxy with tailscale

1. The problem I’m having:

i have installed guacamole through docker, tailscale through the instructions on the website and then i installed caddy, using reverse proxy to enable SSL however i cannot access the website through the domain provided by tailscale

2. Error messages and/or full log output:

Mar 14 22:14:41 debian caddy[6330]: {"level":"debug","ts":1678846481.2737677,"logger":"events","msg":"event","name":"tls_get_certificate","id":"95e628d6-104c-420a-a778-74c3bb3827ba","origin":"tls","data":{"clie>
Mar 14 22:14:41 debian caddy[6330]: {"level":"debug","ts":1678846481.2738683,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"debian.hamster-ide.ts.net"}
Mar 14 22:14:41 debian caddy[6330]: {"level":"debug","ts":1678846481.2738783,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.hamster-ide.ts.net"}
Mar 14 22:14:41 debian caddy[6330]: {"level":"debug","ts":1678846481.2738845,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.ts.net"}
Mar 14 22:14:41 debian caddy[6330]: {"level":"debug","ts":1678846481.2738898,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.net"}
Mar 14 22:14:41 debian caddy[6330]: {"level":"debug","ts":1678846481.2739096,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*.*.*.*"}
Mar 14 22:14:41 debian caddy[6330]: {"level":"error","ts":1678846481.2752786,"logger":"tls.handshake","msg":"getting certificate from external certificate manager","remote_ip":"100.88.96.25","remote_port":"5420>
Mar 14 22:14:41 debian caddy[6330]: {"level":"debug","ts":1678846481.275295,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"100.88.96.25","r>
Mar 14 22:14:41 debian caddy[6330]: {"level":"debug","ts":1678846481.2753036,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","remote_ip":"100.88.96.25","remote_port":"54202","server_nam>
Mar 14 22:14:41 debian caddy[6330]: {"level":"debug","ts":1678846481.275354,"logger":"http.stdlib","msg":"http: TLS handshake error from 100.88.96.25:54202: no certificate available for 'debian.hamster-ide.ts.n>
~

3. Caddy version:

v2.6.4

4. How I installed and ran Caddy:

Edited config file from /etc/caddy/Caddyfile
do a $ sudo systemctl restart caddy

a. System environment:

debian 11.6.0

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

debian@debian:/etc/caddy$ caddy fmt
{
        debug
}

debian.hamster-ide.ts.net {
        redir / /guacamole/ 308
        reverse_proxy 192.168.11.128:8080 {
                flush_interval -1
        }
}

5. Links to relevant resources:

Solved it by edit /etc/default/tailscaled file to give the user that runs the caddy process access to the Tailscale socket, for example: TS_PERMIT_CERT_UID=caddy

thank you

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.