Connection refused: https on Port 443

Hi,

today i went to replace nginx with caddy and I read through several documentation to finally got a proper configuration for caddy. However, when I try to start it, browsers say: Connection refused.

I built Caddy from the Download site of caddyserver.com and use Debian 9.

Golang is installed: go1.7.4 linux/amd64.

My configuration is:

http://henrock.net {

	redir https://henrock.net

}

http://www.henrock.net {

	redir https://www.henrock.net

}

http://blog.henrock.net {

	redir https://blog.henrock.net

}

http://ssl.henrock.net {

	redir https://ssl.henrock.net

}

https://henrock.net {

	tls ssl/my.crt ssl/my.key {

		protocols	tls1.0 tls1.2
		ciphers		ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA
		curves		p521 p384 p256

	}

	gzip {

		ext *
		level 4

	}

	fastcgi html unix:/var/run/php5-fpm.sock {

		root		html/henrock.net
		connect_timeout	20s
		read_timeout	30s
		send_timeout	120s	

	}

	header html {
    
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"

	}

	errors {

		log log/error.log
		404 errdoc/404.html # Not Found
		500 errdoc/500.html # Internal Server Error

	}

	    root html/henrock.net
        ext .html .htm .php
        minify html/henrock.net/js html/henrock.net/css
	    log log/access.log

}

https://www.henrock.net {

	tls ssl/my.crt ssl/my.key {

		protocols	tls1.0 tls1.2
		ciphers		ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA
		curves		p521 p384 p256

	}

	gzip {

		ext *
		level 4

	}

	fastcgi html unix:/var/run/php5-fpm.sock {

		root		html/henrock.net
		connect_timeout	20s
		read_timeout	30s
		send_timeout	120s	

	}

	header html {
    
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"

	}

	errors {

		log log/error.log
		404 errdoc/404.html # Not Found
		500 errdoc/500.html # Internal Server Error

	}

	    root html/henrock.net
        ext .html .htm .php
        minify html/henrock.net/js html/henrock.net/css
	    log log/access.log

}

https://blog.henrock.net {

	tls ssl/my.crt ssl/my.key {

		protocols	tls1.0 tls1.2
		ciphers		ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA
		curves		p521 p384 p256

	}

	gzip {

		ext *
		level 4

	}

	fastcgi html unix:/var/run/php5-fpm.sock {

		root		html/blog.henrock.net
		connect_timeout	20s
		read_timeout	30s
		send_timeout	120s	

	}

	header html {
    
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"

	}

	errors {

		log log/error.log
		404 errdoc/404.html # Not Found
		500 errdoc/500.html # Internal Server Error

	}

	    root html/blog.henrock.net
        ext .html .htm .php
        minify html/blog.henrock.net/js html/blog.henrock.net/css
	    log log/access.log

}

https://ssl.henrock.net {

	tls ssl/my.crt ssl/my.key {

		protocols	tls1.0 tls1.2
		ciphers		ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-CBC-SHA ECDHE-ECDSA-AES128-CBC-SHA
		curves		p521 p384 p256

	}

	gzip {

		ext *
		level 4

	}

	fastcgi html unix:/var/run/php5-fpm.sock {

		root		html/ssl.henrock.net
		connect_timeout	20s
		read_timeout	30s
		send_timeout	120s	

	}

	header html {
    
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"

	}

	errors {

		log log/error.log
		404 errdoc/404.html # Not Found
		500 errdoc/500.html # Internal Server Error

	}

		root html/ssl.henrock.net
		log log/access.log
		browse html/ssl.henrock.net
		
}

Folders and files, mentioned in the config (errdoc, log, html, ssl), do exist and I run caddy as root because of flexibility purposes (and because I like pain ;-)).

My start command for Caddy is: ./caddy -quic -conf="caddy.cf" -port 443 -agree

Additionally, both my access.log and my error.log files remain empty for some reason…

Thanks,
Henrik

Could it be that some network configuration between your Caddy instance and your client blocks UDP on port 443?

Try without QUIC.

It’s obvious, if the logs are empty, that the request isn’t even reaching Caddy.

Also you can simplify your config a lot if you just use the automatic HTTPS.

2 Likes

Following on from the config simplification point, doesn’t Caddy handle HTTP → HTTPS redirection even if you specify your own certificate? Making stuff like:

http://ssl.henrock.net {
    redir https://ssl.henrock.net
}

redundant, just by removing https:// from the other vhost?

2 Likes

Hi,

got it to work when i saw that I had to remove the ciphers option to not get the warning that http2 requires an RSA ciphersuite, although i own an ECC certificate.

I also managed to shorten the config by deleting every redir section, because redirection goes automatically (Thanks to Whitestrake).

Basically, these errors got drown everytime I tried to start caddy, because it immediately crashed after I started it everytime, that was why my website was not reachable.

Thank you,
Henrik

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.