Custom SSL certificate

quarkyup · February 9, 2020, 1:53pm

Hello there !

I’m running caddy inside a docker network with other services which are API for most of them.
I have a custom ssl certificate et the corresponding private key from Cloudflare I would like to use.
I also use Cloudflare DNS.

Unfortunately, Caddy keeps using port 2015 which seems to indicate that the ssl certificate wasn’t used.

Here is my caddy file :

xyz.org {
tls /etc/ssl/certs/cloudfare/cert.pem /etc/ssl/certs/cloudflare/key.pem
}
api.xyz.org {
tls /etc/ssl/certs/cloudfare/cert.pem /etc/ssl/certs/cloudflare/key.pem
proxy / log-api:8080
}

And here is the caddy part from my compose file :

server:
image: abiosoft/caddy
container_name: caddy
restart: always
ports:
- ‘80:80’
- ‘443:443’
networks:
- logger-network
volumes:
- caddy-data:/root/.caddy
- ./caddy/Caddyfile:/etc/Caddyfile
- ./caddy/certs/:/etc/ssl/certs/cloudflare/

Am i missing something ?
Thanks by advance !

matt · February 9, 2020, 3:49pm

Edit: A lot of people are finding this in search results, but be aware that this is about Caddy 1, which is discontinued. Caddy 2 does not have any default ports, per-se.

Caddy’s default port is 2015. When automatic HTTPS is activated, it changes any qualifying, unspecified ports to 443 for you (and 80 for the redirects to HTTPS).

Automatic HTTPS is not activated when you provide your own certificates, hence why Caddy is still binding to port 2015 in your case. If you provide your own certificates, then HTTPS is not managed/automatic, so you will have to set up redirects: Caddy doesn’t want to step on your configuration.

quarkyup · February 10, 2020, 10:50am

Thanks for your answer !

After binding port 2015 to 80 in my compose file, my browser still warns me that the SSL certificate is not trusted.

Is there anything else to add to my configuration ?

Whitestrake · February 11, 2020, 12:58am

You might consider, instead of using this method, configuring Caddy specifically to listen on HTTP and HTTPS default ports by specifying the scheme for each site.

e.g.:

# HTTP->S redirects
http://xyz.example, http://api.xyz.example {
  redir https://{host}{uri}
}

https://xyz.example {
  tls /etc/ssl/certs/cloudfare/cert.pem /etc/ssl/certs/cloudflare/key.pem
}

https://api.xyz.example {
  tls /etc/ssl/certs/cloudfare/cert.pem /etc/ssl/certs/cloudflare/key.pem
  proxy / log-api:8080
}

system · May 11, 2020, 12:58am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.