Convert command line to caddyfile

Help
1

1. The problem I’m having:

hello, thanks, first time poster.

in the past, this worked for me
caddy reverse-proxy --from 100.115.202.129:5001 --to localhost:9096 --debug
but now i get
Error: loading new config: http app module: start: listening on :80: listen tcp :80: bind: address already in use

yes, i know this is a common error but i cannot figure out the correct command line to work around that?

is the only to create a caddyfile? i know that is possible but i cannot figure out how to convert
caddy reverse-proxy --from 100.115.202.129:5001 --to localhost:9096 --debug
to a caddyfile.
and disable Auto HTTPS rules

perhaps you can help me?

thanks, david

2. Error messages and/or full log output:

caddy reverse-proxy --from 100.115.202.129:5001 --to localhost:9096 --debug
2024/01/10 00:06:05.949 WARN    admin   admin endpoint disabled
2024/01/10 00:06:05.949 INFO    http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "proxy"}
2024/01/10 00:06:05.950 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000250200"}
2024/01/10 00:06:05.951 DEBUG   http.auto_https adjusted config {"tls": {"automation":{"policies":[{"subjects":["100.115.202.129"]},{}]}}, "http": {"servers":{"proxy":{"listen":[":5001"],"routes":[{"handle":[{"handler":"reverse_proxy","transport":{"protocol":"http"},"upstreams":[{"dial":"localhost:9096"}]}]}],"tls_connection_policies":[{}],"automatic_https":{}},"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]}}}}
2024/01/10 00:06:05.956 WARN    tls     storage cleaning happened too recently; skipping for now        {"storage": "FileStorage:/root/.local/share/caddy", "instance": "6d900ba6-2b2d-4553-95c7-811e8143afbc", "try_again": "2024/01/11 00:06:05.956", "try_again_in": 86399.999998917}
2024/01/10 00:06:05.956 INFO    tls     finished cleaning storage units
2024/01/10 00:06:05.974 INFO    pki.ca.local    root certificate is already trusted by system   {"path": "storage:pki/authorities/local/root.crt"}
2024/01/10 00:06:05.975 INFO    http    enabling HTTP/3 listener        {"addr": ":5001"}
2024/01/10 00:06:05.977 DEBUG   http    starting server loop    {"address": "[::]:5001", "tls": true, "http3": true}
2024/01/10 00:06:05.977 INFO    http.log        server running  {"name": "proxy", "protocols": ["h1", "h2", "h3"]}
2024/01/10 00:06:05.978 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": "0xc000250200"}
Error: loading new config: http app module: start: listening on :80: listen tcp :80: bind: address already in use

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

sorry, not understanding what is required?
i installed caddy as per the caddy website instructions.

a. System environment:

uname -a
Linux hetz05 5.15.0-91-generic #101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.3 LTS
Release:        22.04
Codename:       jammy

b. Command:

caddy reverse-proxy --from 100.115.202.129:5001 --to localhost:9096 --debug

d. My complete Caddy config:

not using caddy file yet, as that is what i need help with

5. Links to relevant resources:

just want to convert that command line into a caddyfile and disable Auto HTTPS rules
thanks much, david

2

I think this is your whole caddyfile.

{
        auto_https off
}

100.115.202.129:5001 {
        reverse_proxy localhost:9096
}

Documentation:

1 Like
3

The problem you’re having is that you’re specifying a hostname, which tells Caddy you probably want TLS for that hostname. (This in turn tries to set up a listener on port 80 for HTTP->HTTPS redirects). If you simply use the port number as your from address, then Caddy won’t try to set up TLS. Or specify http:// as the scheme.

I suggest writing a Caddyfile like this instead:

:5001 {
        reverse_proxy localhost:9096
}
1 Like
4

thanks much.

i copied/paste your config into a file but i get this error?

cat caddyfile01
{
        auto_https off
}

100.115.202.129:5001 {
        reverse_proxy localhost:9096
}

caddy run --config=/root/caddy/caddyfile01
2024/01/10 15:49:55.867 INFO    using provided configuration    {"config_file": "/root/caddy/caddyfile01", "config_adapter": ""}
Error: loading initial config: decoding request body: invalid character 'a' looking for beginning of object key string
5

Sorry I am unsure about this (kinda new too). Better follow the direction of @francislavoie :slight_smile:

1 Like
7

thank for the help

8

The problem is your Caddyfile is not named literally Caddyfile (uppercase C is important) therefore Caddy assumes your config is JSON (the default). Notice config_adapter is empty.

We’ll improve this error message in the next version (if I get around to it) but you can either rename your config file (recommended) or use the --adapter caddyfile CLI flag.

9

thanks,

sorry about that. after i posted, i re-searched the forum and found that answer.
that is why i deleted my last post to you.

so with either Caddyfile, i get the same basic error as before

using your config

caddy fmt Caddyfile
:5001 {
        reverse_proxy localhost:9096
}

caddy run
2024/01/10 16:17:09.827 INFO    using adjacent Caddyfile
Error: loading initial config: loading new config: starting caddy administration endpoint: listen tcp 127.0.0.1:2019: bind: address already in use

and when using @Monviech config, i get

root@hetz05:~/caddy/01# caddy fmt
{
        auto_https off
}

100.115.202.129:5001 {
        reverse_proxy localhost:9096
}
root@hetz05:~/caddy/01# caddy run
2024/01/10 16:18:13.413 INFO    using adjacent Caddyfile
Error: loading initial config: loading new config: starting caddy administration endpoint: listen tcp 127.0.0.1:2019: bind: address already in use
10

This means you probably already have Caddy running on your system. If you installed Caddy using the apt package (I’m assuming, you didn’t specify, please specify) then Caddy is already running as a systemd service.

Follow these docs (don’t run caddy run directly, use the systemd service):

1 Like
11

again, you are correct, caddy was running as systemd service
to be honest, not 100% sure how i installed caddy.

also, i am not ready for systemd just yet, now, i did systemctl disable caddy

and now, my original command line is working again.
caddy reverse-proxy --from 100.115.202.129:5001 --to localhost:9096 --debug

at this point, caddy is working as i want via command line.
i am ok with that for now

but, at some point, i would like to understand why the Caddyfile is not working?

root@hetz05:~/caddy/02# caddy fmt
:5001 {
        reverse_proxy localhost:9096
}

root@hetz05:~/caddy/02# caddy run --config=/root/caddy/02/Caddyfile
2024/01/10 16:37:48.113 INFO    using provided configuration    {"config_file": "/root/caddy/02/Caddyfile", "config_adapter": ""}
2024/01/10 16:37:48.116 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//127.0.0.1:2019", "//localhost:2019", "//[::1]:2019"]}
2024/01/10 16:37:48.117 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/01/10 16:37:48.117 INFO    autosaved config (load with --resume flag)      {"file": "/root/.config/caddy/autosave.json"}
2024/01/10 16:37:48.117 INFO    serving initial configuration
2024/01/10 16:37:48.118 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000344a80"}
2024/01/10 16:37:48.120 WARN    tls     storage cleaning happened too recently; skipping for now        {"storage": "FileStorage:/root/.local/share/caddy", "instance": "6d900ba6-2b2d-4553-95c7-811e8143afbc", "try_again": "2024/01/11 16:37:48.120", "try_again_in": 86399.999999352}
2024/01/10 16:37:48.120 INFO    tls     finished cleaning storage units

however, both Caddyfile run without error but i cannot reach localhost:9096 

root@hetz05:~/caddy/02# caddy run --config=/root/caddy/02/Caddyfile
2024/01/10 16:35:40.898 INFO    using provided configuration    {"config_file": "/root/caddy/02/Caddyfile", "config_adapter": ""}
2024/01/10 16:35:40.905 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/01/10 16:35:40.907 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/01/10 16:35:40.908 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000210100"}
2024/01/10 16:35:40.908 INFO    autosaved config (load with --resume flag)      {"file": "/root/.config/caddy/autosave.json"}
2024/01/10 16:35:40.909 INFO    serving initial configuration
2024/01/10 16:35:40.910 WARN    tls     storage cleaning happened too recently; skipping for now        {"storage": "FileStorage:/root/.local/share/caddy", "instance": "6d900ba6-2b2d-4553-95c7-811e8143afbc", "try_again": "2024/01/11 16:35:40.910", "try_again_in": 86399.999999489}
2024/01/10 16:35:40.910 INFO    tls     finished cleaning storage units
12

Caddy is listening for requests on port 5001, not on port 9096.

Both those logs look correct, there’s no errors. What are you trying exactly?

Show an example request with curl -v.

1 Like
13

yes, that is correct.

i have a emby server running in hetzner vm that i access over tailscale
all of these work fine
http://100.115.202.129:9096
http://localhost:9096

running caddy via my command line, now, i am able access the emby server using
https://100.115.202.129:5001/web/index.html

root@wsl01:~# curl -v https://100.115.202.129:5001
*   Trying 100.115.202.129:5001...
* Connected to 100.115.202.129 (100.115.202.129) port 5001 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* (5454) (IN), , Unknown (72):
* error:0A00010B:SSL routines::wrong version number
* Closing connection 0
curl: (35) error:0A00010B:SSL routines::wrong version number

using microsoft edge, works

image
image925×559 19.1 KB

using firefox, does not work

image
image1219×609 24.6 KB

14

Oh, so you are trying to use HTTPS, that was not clear from your original post, it seemed like you were trying to disable HTTPS.

Using :5001 does not enable HTTPS because no valid hostname was given for which Caddy could create a certificate.

If you use an IP address as your site address, Caddy automatically enables its internal TLS issuer, i.e. generates its own CA and signs certificates with that CA.

Browsers will complain when you use Caddy’s internal issuer, because they don’t trust Caddy’s root CA cert. You can add Caddy’s root CA cert to your system & browser trust stores (on each machine that will be making requests to your server).

1 Like
15

ok i get that. but still firefox should work in the same way, same as edge

i often connect to routers that have self-signed cert, firefox complains, but i can click continue

but here, with caddy, edge complains but works, whereas, firefox does not work at all.

for now, if i could get firefox to work, then i could learn more about caddy, systemd, etc…

root@hetz05:~/caddy/01# caddy trust
2024/01/10 17:13:37.861 INFO    root certificate is already trusted by system   {"path": "localhost:2019/pki/ca/local"}

yet, on the vm, running caddy and emby, firefox fails with hard error.
and on my laptop, edge complains but works, but firefox fails with hard error.

image
image758×278 33.7 KB

16

Caddy’s debug logs should show somekind of error in that case. What’s in your logs?

17

thanks

root@hetz05:~/caddy# caddy reverse-proxy --from 100.115.202.129:5001 --to localhost:9096 --debug
2024/01/10 18:37:05.961 WARN    admin   admin endpoint disabled
2024/01/10 18:37:05.963 INFO    http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "proxy"}
2024/01/10 18:37:05.965 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000170980"}
2024/01/10 18:37:05.965 DEBUG   http.auto_https adjusted config {"tls": {"automation":{"policies":[{"subjects":["100.115.202.129"]},{}]}}, "http": {"servers":{"proxy":{"listen":[":5001"],"routes":[{"handle":[{"handler":"reverse_proxy","transport":{"protocol":"http"},"upstreams":[{"dial":"localhost:9096"}]}]}],"tls_connection_policies":[{}],"automatic_https":{}},"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]}}}}
2024/01/10 18:37:05.970 WARN    tls     storage cleaning happened too recently; skipping for now        {"storage": "FileStorage:/root/.local/share/caddy", "instance": "6d900ba6-2b2d-4553-95c7-811e8143afbc", "try_again": "2024/01/11 18:37:05.970", "try_again_in": 86399.999998544}
2024/01/10 18:37:05.971 INFO    tls     finished cleaning storage units
2024/01/10 18:37:06.001 INFO    pki.ca.local    root certificate is already trusted by system   {"path": "storage:pki/authorities/local/root.crt"}
2024/01/10 18:37:06.002 INFO    http    enabling HTTP/3 listener        {"addr": ":5001"}
2024/01/10 18:37:06.002 DEBUG   http    starting server loop    {"address": "[::]:5001", "tls": true, "http3": true}
2024/01/10 18:37:06.003 INFO    http.log        server running  {"name": "proxy", "protocols": ["h1", "h2", "h3"]}
2024/01/10 18:37:06.004 DEBUG   http    starting server loop    {"address": "[::]:80", "tls": false, "http3": false}
2024/01/10 18:37:06.004 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/01/10 18:37:06.004 INFO    http    enabling automatic TLS certificate management   {"domains": ["100.115.202.129"]}
2024/01/10 18:37:06.005 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [100.115.202.129]: no OCSP server specified in certificate", "identifiers": ["100.115.202.129"]}
2024/01/10 18:37:06.005 DEBUG   tls.cache       added certificate to cache      {"subjects": ["100.115.202.129"], "expiration": "2024/01/11 04:31:53.000", "managed": true, "issuer_key": "local", "hash": "c223c3a91342191453dc23cfe0f29388ffe077a619777398d9f0766a3e926d79", "cache_size": 1, "cache_capacity": 10000}2024/01/10 18:37:06.005 DEBUG   events  event   {"name": "cached_managed_cert", "id": "c2e84509-5eee-45db-9e4f-68a50195ee5f", "origin": "tls", "data": {"sans":["100.115.202.129"]}}
Caddy proxying https://100.115.202.129:5001 -> localhost:9096
2024/01/10 18:37:09.143 DEBUG   events  event   {"name": "tls_get_certificate", "id": "0d05bd13-64be-411a-bd01-661c44594a71", "origin": "tls", "data": {"client_hello":{"CipherSuites":[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53,10],"ServerName":"","SupportedCurves":[29,23,24,25,256,257],"SupportedPoints":"AA==","SignatureSchemes":[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771,770,769],"RemoteAddr":{"IP":"100.109.123.23","Port":57389,"Zone":""},"LocalAddr":{"IP":"100.115.202.129","Port":5001,"Zone":""}}}}
2024/01/10 18:37:09.143 DEBUG   tls.handshake   choosing certificate    {"identifier": "100.115.202.129", "num_choices": 1}
2024/01/10 18:37:09.143 DEBUG   tls.handshake   default certificate selection results   {"identifier": "100.115.202.129", "subjects": ["100.115.202.129"], "managed": true, "issuer_key": "local", "hash": "c223c3a91342191453dc23cfe0f29388ffe077a619777398d9f0766a3e926d79"}
2024/01/10 18:37:09.143 DEBUG   tls.handshake   matched certificate in cache    {"remote_ip": "100.109.123.23", "remote_port": "57389", "subjects": ["100.115.202.129"], "managed": true, "expiration": "2024/01/11 04:31:53.000", "hash": "c223c3a91342191453dc23cfe0f29388ffe077a619777398d9f0766a3e926d79"}
2024/01/10 18:37:09.260 DEBUG   http.stdlib     http: TLS handshake error from 100.109.123.23:57389: remote error: tls: bad certificate
18

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.