1. My Caddy version (caddy -version
):
docker image caddy/caddy:alpine. I don’t know what version of 2 that is and also don’t know how to find out.
2. How I run Caddy:
in docker using docker-compose
a. System environment:
OS, relevant versions, systemd? docker? etc.
digital ocean marketplace docker droplet running Ubuntu Docker 5:19.03.1~3 on 18.04
b. Command:
docker-compose up -d --force-recreate
c. Service/unit/compose file:
version: '3.7'
services:
db:
# specify container name to make it easier to run commands.
# for example, you could run docker exec -i postgres psql -U postgres postgres < schema.sql to run an SQL file against the Postgres database
container_name: ae_db
restart: always
image: db
build:
context: ./db
env_file:
- ./.env
networks:
- network
expose:
- '5432'
ports:
# make the Postgres database accessible from outside the Docker container on port 5432
- '5432:5432'
volumes:
- db_data:/var/lib/postgresql/data
- sik_data:/sik_data
graphql:
container_name: ae_graphql
restart: unless-stopped
build:
context: ./graphql
networks:
- network
expose:
- '5000'
ports:
- '5000:5000'
depends_on:
- db
env_file:
- ./.env
command:
[
'--connection',
'${DATABASE_URL}',
'--schema',
'ae',
'--append-plugins',
'postgraphile-plugin-connection-filter,@graphile-contrib/pg-order-by-related',
'--jwt-token-identifier',
'auth.jwt_token',
'--default-role',
'anon',
'--jwt-secret',
'${JWT_SECRET}',
'--cors',
'--disable-query-log',
'--enable-query-batching',
'--retry-on-init-fail',
]
json:
container_name: ae_json
restart: always
build:
context: ./json
networks:
- network
expose:
- '4000'
ports:
- '4000:4000'
depends_on:
- db
env_file:
- ./.env
caddy:
# https://hub.docker.com/r/caddy/caddy/dockerfile
image: caddy/caddy:alpine
container_name: ae_caddy
networks:
- network
depends_on:
- graphql
- json
restart: always
# image downgrades user but that seems not to work, see: https://caddy.community/t/basic-docker-compose-setup-failing/6892/7?u=alexander_gabriel
user: root
ports:
- '80:80'
- '443:443'
env_file:
- ./.env
volumes:
- ./caddy/Caddyfile:/etc/caddy/Caddyfile
- caddy_certs:/root/.caddy
volumes:
db_data:
sik_data:
caddy_certs:
networks:
network:
d. My complete Caddyfile:
{
email alex.barbalex@gmail.com
}
api.art-eigenschaften.ch {
reverse_proxy /graphql/* localhost:5000
reverse_proxy /graphiql/* localhost:5000
reverse_proxy /artendb/* localhost:4000
reverse_proxy /evab/* localhost:4000
reverse_proxy /alt/* localhost:4000
}
3. The problem I’m having:
When I start up docker-compose there is an error in the caddy log saying that no solver could be found for tls-alpn-01.
Later when I try to connect to the services, for instance typing https://api.art-eigenschaften.ch/alt
in the browser, the server responds with a 200 status but without any response (page remains blank). Looking at the caddy log there seems to be a handshake error.
4. Error messages and/or full log output:
Recreating the services:
root@artdaten-docker:~/ae# docker-compose up -d --force-recreate
Recreating ae_db ... done
Recreating ae_json ... done
Recreating ae_graphql ... done
Recreating ae_caddy ... done
Checking the logs after recreating and trying to connect:
root@artdaten-docker:~/ae# docker logs ae_caddy
2020/02/03 13:10:36.162 INFO using provided configuration {"config_file": "/etc/caddy/Caddyfile", "config_adapter": "caddyfile"}
2020/02/03 13:10:36.327 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["localhost:2019"]}
2020/02/03 13:10:36.327 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2020/02/03 13:10:36.327 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2020/02/03 13:10:36.328 INFO http enabling automatic TLS certificate management {"domains": ["api.art-eigenschaften.ch"]}
2020/02/03 13:10:36.330 INFO tls cleaned up storage units
2020/02/03 13:10:36.330 INFO autosaved config {"file": "/root/.config/caddy/autosave.json"}
2020/02/03 13:10:36.330 INFO serving initial configuration
2020/02/03 13:10:36 [INFO][cache:0xc000190910] Started certificate maintenance routine
2020/02/03 13:10:37 [INFO] acme: Registering account for alex.barbalex@gmail.com
2020/02/03 13:10:37 [INFO][api.art-eigenschaften.ch] Obtain certificate
2020/02/03 13:10:37 [INFO][api.art-eigenschaften.ch] Obtain: Waiting on rate limiter...
2020/02/03 13:10:37 [INFO][api.art-eigenschaften.ch] Obtain: Done waiting
2020/02/03 13:10:37 [INFO] [api.art-eigenschaften.ch] acme: Obtaining bundled SAN certificate
2020/02/03 13:10:38 [INFO] [api.art-eigenschaften.ch] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2621774933
2020/02/03 13:10:38 [INFO] [api.art-eigenschaften.ch] acme: Could not find solver for: tls-alpn-01
2020/02/03 13:10:38 [INFO] [api.art-eigenschaften.ch] acme: use http-01 solver
2020/02/03 13:10:38 [INFO] [api.art-eigenschaften.ch] acme: Trying to solve HTTP-01
2020/02/03 13:10:38 [INFO][api.art-eigenschaften.ch] Served key authentication (distributed)
2020/02/03 13:10:38 [INFO][api.art-eigenschaften.ch] Served key authentication (distributed)
2020/02/03 13:10:38 [INFO][api.art-eigenschaften.ch] Served key authentication (distributed)
2020/02/03 13:10:38 [INFO][api.art-eigenschaften.ch] Served key authentication (distributed)
2020/02/03 13:10:41 [INFO] [api.art-eigenschaften.ch] The server validated our request
2020/02/03 13:10:41 [INFO] [api.art-eigenschaften.ch] acme: Validations succeeded; requesting certificates
2020/02/03 13:10:42 [INFO] [api.art-eigenschaften.ch] Server responded with a certificate.
2020/02/03 13:15:21 http: TLS handshake error from 34.211.60.134:55128: no certificate to complete TLS-ALPN challenge for SNI name: api.art-eigenschaften.ch
2020/02/03 13:15:21 http: TLS handshake error from 18.224.20.83:15354: no certificate to complete TLS-ALPN challenge for SNI name: api.art-eigenschaften.ch
5. What I already tried:
Scratched my head. Did not help
6. Links to relevant resources:
Here is the complete code: ae2/backend at master · FNSKtZH/ae2 · GitHub