Discourse with Caddy v2 on Docker

1. Caddy version (caddy version): 2 (migrating from abiosoft/caddy)

2. How I run Caddy:

a. System environment:

Docker on Ubuntu 20.04

b. Command:

docker-compose up

c. Service/unit/compose file:

Caddyfile for v1
version: '3.3'
services:
# Pull Caddy 1 (deprecated)
    caddy:
        volumes:
            - '/var/caddy/Caddyfile:/etc/Caddyfile'
            - '/var/caddy:/root/.caddy'
            - '/var/discourse/shared/web-only:/sock'
        ports:
            - '80:80'
            - '443:443'
            - '80:80/udp'
            - '443:443/udp'
        restart: always
        container_name: caddy
        entrypoint:
            - /usr/bin/caddy
        command: -quic --conf /etc/Caddyfile
        image: abiosoft/caddy
Caddyfile for v2
version: '3.3'
services:
# Build Caddy 2 
    caddy:
        volumes:
            - '/var/caddy/Caddyfile:/etc/Caddyfile'
            - '/var/caddy:/root/.caddy'
            - '/var/discourse/shared/web-only:/sock'
            - '/var/caddy/data:/data'
            - '/var/caddy/config:/config'
        ports:
            - '80:80'
            - '443:443'
            - '80:80/udp'
            - '443:443/udp'
        restart: always
        container_name: caddy
        build: ./
        restart: always

d. My complete Caddyfile or JSON config:

forum.xxxxxxxx.com

tls [email address]

proxy / unix:/sock/nginx.http.sock {
  transparent
}

# forum.xxxxxxxx.com

# tls {
#     dns cloudflare {$API-Key}
# }

# proxy / unix:/sock/nginx.http.sock {
#   transparent
# }
Dockerfile
FROM caddy:2.0.0-builder AS builder

RUN caddy-builder \
    github.com/caddy-dns/cloudflare

FROM caddy:2.0.0

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

3. The problem I’m having:

I’m trying to move my Discourse forum from Caddy v1 to v2. The files above are the exact files, and I’m commenting out the old/new config in docker-compose.yml and Caddyfile to go back and forth. Everything works fine with the v1 config and pulling from abiosoft/caddy. When I switch to the v2 config, I get the slanted page and ."server is listening only on the HTTP port" error.

The endgame is to enable Cloudflare (proxying) for the domain, and add the API key. But currently, the domain is not proxied, and I’m just trying to get the basic config working the same way it’s working on v1 before adding Cloudflare to the party.

4. Error messages and/or full log output:

root@dev:/var/caddy# docker-compose up
Creating network "caddy_default" with the default driver
Creating caddy ... done
Attaching to caddy
caddy    | {"level":"info","ts":1593135272.8524568,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
caddy    | {"level":"info","ts":1593135272.8594737,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
caddy    | {"level":"info","ts":1593135272.870425,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv0","http_port":80}
caddy    | {"level":"info","ts":1593135272.8706589,"logger":"tls","msg":"cleaned up storage units"}
caddy    | 2020/06/26 01:34:32 [INFO][cache:0xc0003efa90] Started certificate maintenance routine
caddy    | {"level":"info","ts":1593135272.872339,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
caddy    | {"level":"info","ts":1593135272.872394,"msg":"serving initial configuration"}

Error page in Firefox when attempting to load https://…

Secure Connection Failed

An error occurred during a connection to forum.xxxxxxxx.com. PR_CONNECT_RESET_ERROR

*  The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
*  Please contact the website owners to inform them of this problem.

5. What I already tried:

It seems that the v2 Docker image builds properly from the Dockerfile. It goes through the process with no error output.

I’ve fiddled around with formatting in Caddyfile and docker-compose.yml. I also tried setting tls to internal to see if perhaps it was an acme error. Partly what’s confusing me is the error about the server only listening on http/80, when it’s working on https in Caddy v1.

Going back and forth between the v1 and v2 configs (Caddyfile and docker-compose.yml) yields the same results each time: v1 works, and v2 slanted page.

6. Links to relevant resources:

My Caddyfile is basically my working v1 file with attempts to integrate these two other forum thread:

I can’t guarantee this is your issue but looking at your Caddyfile it seems you’re using the proxy directive for v1 in both cases. The upgrade docs for v2 states that reverse_proxy is the equivalent and that transparent is default now.

1 Like

Good eye! I rolled right past that a hundred times.

forum.xxxxxxxx.com

tls [email or internal]

reverse_proxy unix:/sock/nginx.http.sock

Alas, same errors with this Caddyfile.

Hmm, curious one!

Throw the debug global option up in your Caddyfile, try again, and post the output? Round trip info might tell us more.

https://caddyserver.com/docs/caddyfile/options

Actually, doing a quick Google of this error indicates that it might be something between your browser and Caddy forcibly closing the connection.

Further, I had a bit of a browse myself. Your server is not listening on port 443 right now, but the HTTP port is serving the default index file for the Caddy Docker container.

That led me to checking your Compose file;

And no command override to tell Caddy to load the config from this location instead of the default one. I note the default config location is indicated on the default page itself:

/etc/caddy/Caddyfile/etc/Caddyfile

So this looks to me just like you aren’t running Caddy with the config file you actually want. (This would also explain why you were running it with the v1 syntax proxy and it wasn’t spitting errors at you!)

You can either change the volume mount location to override the correct file or you could override the command to change the --conf flag, either way should get you up and running.

2 Likes

Okay, that fixed a thing. Changing the volume mapping to- '/var/caddy/Caddyfile:/etc/caddy/Caddyfile' gets a cert and loads http and https.

Then it was loading a blank page, with the following new error:

"http.log.error","msg":"making dial info: upstream unix:/sock/nginx.http.sock: invalid dial address unix:/sock/nginx.http.sock: address sock/nginx.http.sock: missing port in address"

Google lead me here: v2: reverse_proxy “missing port in address”, but it didn’t look like the same issue.

Another search of the docs lead me to Network Addresses, where I found:

Valid examples:

:8080
127.0.0.1:8080
localhost:8080
localhost:8080-8085
tcp/localhost:8080
tcp/localhost:8080-8085
udp/localhost:9005
unix//path/to/socket

And so, the other problem was that I needed to change the : from v1 to a / for v2. Boom:

v1

proxy / unix:/sock/nginx.http.sock {
   transparent
}

v2

reverse_proxy unix//sock/nginx.http.sock

Working! Thank you!

Bonus: Cloudflare is also working through the proxy after adding an API key.

2 Likes