Does Caddy support HTTPS in Localhost

luisalvarado · May 6, 2023, 2:38pm

1. The problem I’m having:

After installing Caddy on Ubuntu 23.04, which is version 2.6.4, I am trying to start a localhost to test a project. The computer is not directly accessible from the internet so I read I needed to use tls internal but Firefox and Chrome give me SSL warnings or too many redirects.

2. Error messages and/or full log output:

-- Boot da88d683dc504e18812b53fa07201b47 --
May 06 08:02:42 xtreme systemd[1]: Starting caddy.service - Caddy...
May 06 08:02:43 xtreme caddy[4505]: caddy.HomeDir=/var/lib/caddy
May 06 08:02:43 xtreme caddy[4505]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
May 06 08:02:43 xtreme caddy[4505]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
May 06 08:02:43 xtreme caddy[4505]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
May 06 08:02:43 xtreme caddy[4505]: caddy.Version=v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
May 06 08:02:43 xtreme caddy[4505]: runtime.GOOS=linux
May 06 08:02:43 xtreme caddy[4505]: runtime.GOARCH=amd64
May 06 08:02:43 xtreme caddy[4505]: runtime.Compiler=gc
May 06 08:02:43 xtreme caddy[4505]: runtime.NumCPU=32
May 06 08:02:43 xtreme caddy[4505]: runtime.GOMAXPROCS=32
May 06 08:02:43 xtreme caddy[4505]: runtime.Version=go1.20
May 06 08:02:43 xtreme caddy[4505]: os.Getwd=/
May 06 08:02:43 xtreme caddy[4505]: LANG=en_US.UTF-8
May 06 08:02:43 xtreme caddy[4505]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
May 06 08:02:43 xtreme caddy[4505]: XDG_DATA_DIRS=/var/lib/flatpak/exports/share:/usr/local/share/:/usr/share/
May 06 08:02:43 xtreme caddy[4505]: NOTIFY_SOCKET=/run/systemd/notify
May 06 08:02:43 xtreme caddy[4505]: HOME=/var/lib/caddy
May 06 08:02:43 xtreme caddy[4505]: LOGNAME=caddy
May 06 08:02:43 xtreme caddy[4505]: USER=caddy
May 06 08:02:43 xtreme caddy[4505]: INVOCATION_ID=5d4bc5e75a194218b16b31aba1027fe0
May 06 08:02:43 xtreme caddy[4505]: JOURNAL_STREAM=8:66647
May 06 08:02:43 xtreme caddy[4505]: SYSTEMD_EXEC_PID=4505
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0150912,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0169973,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0173857,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0004d53b0"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0190842,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0190961,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"warn","ts":1683381763.035513,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0355961,"msg":"define JAVA_HOME environment variable to use the Java trust"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0356076,"msg":"not NSS security databases found"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"error","ts":1683381763.03737,"logger":"pki.ca.local","msg":"failed to install root certificate","error":"failed to execute sudo: exit status 1","certificate_file":"storage:pki/authorities/local/root.crt"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.037627,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.037648,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.037661,"logger":"tls","msg":"finished cleaning storage units"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0378513,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.038162,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.038201,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0382051,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["xtreme"]}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0384305,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0384586,"msg":"serving initial configuration"}
May 06 08:02:43 xtreme systemd[1]: Started caddy.service - Caddy.
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0385547,"logger":"tls.obtain","msg":"acquiring lock","identifier":"xtreme"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0393064,"logger":"tls.obtain","msg":"lock acquired","identifier":"xtreme"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0393612,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"xtreme"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0410275,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"xtreme"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"info","ts":1683381763.0410502,"logger":"tls.obtain","msg":"releasing lock","identifier":"xtreme"}
May 06 08:02:43 xtreme caddy[4505]: {"level":"warn","ts":1683381763.041337,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [xtreme]: no OCSP server specified in certificate","identifiers":["xtreme"]}
May 06 08:03:55 xtreme caddy[4505]: {"level":"info","ts":1683381835.1754875,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/stop","remote_ip":"127.0.0.1","remote_port":"35428","headers":{"Accept-Encoding":["gzip"],"Content-Length":["0"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
May 06 08:03:55 xtreme caddy[4505]: {"level":"warn","ts":1683381835.1755307,"logger":"admin.api","msg":"exiting; byeee!! 👋"}
May 06 08:03:55 xtreme caddy[4505]: {"level":"info","ts":1683381835.1756246,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc0004d53b0"}
May 06 08:03:55 xtreme caddy[4505]: {"level":"info","ts":1683381835.1757212,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
May 06 08:03:55 xtreme caddy[4505]: {"level":"info","ts":1683381835.1757276,"logger":"admin.api","msg":"shutdown complete","exit_code":0}
May 06 08:03:55 xtreme systemd[1]: caddy.service: Deactivated successfully.

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version:

Version is 2.6.4

4. How I installed and ran Caddy:

I installed via the PPA for Ubuntu. It works perfectly all the time on live domain sites. I then change the Caddyfile (Still with capital C) and then I do caddy start or caddy stop depending if I change stuff inside of it.

a. System environment:

Ubutnu 23.04 directly. No Docker or VM.

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

I tried xtreme.locahot and simply localhost as shown below.

localhost {
          tls internal
          file_server
}


PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

5. Links to relevant resources:

matt · May 6, 2023, 3:21pm

Use curl -v for testing your web server (not web browsers, they do too many weird things like caching and hiding actual behavior).

Caddy isn’t able to install into all root stores automatically; you may have to add Caddy’s root cert to your browser manually.

luisalvarado · May 6, 2023, 4:31pm

Oh my, thank you. Okay then how to not use TLS, basically a localhost without https?

matt · May 6, 2023, 5:02pm

http://localhost instead of localhost (and remove tls internal -which is the default for localhost anyway)

luisalvarado · May 6, 2023, 6:40pm

Thank you Matt. As an odd sidenote, maybe related to me and localhost, I had to do this for the socket:

sudo chmod 777 /run/php/php8.1-fpm.sock

Because Caddy had permission issues while trying to read it. The final Caddyfile ended up looking like the following but if you have any suggestions, let me learn from you:

http://localhost {
        root * /var/www
        file_server
        header Access-Control-Allow-Origin "*"
        header Access-Control-Allow-Methods "POST, GET, OPTIONS, PUT, DELETE"
        header Access-Control-Allow-Headers "*"
        header Server "LOCALHOST 1.0"
        encode gzip zstd
        try_files {path} {path}/index.php
        php_fastcgi unix//run/php/php8.1-fpm.sock
        @cachedFiles {
          path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.webp *.svg *.woff *.woff2
        }
        header @cachedFiles Cache-Control max-age=31536000
}

UPDATE: Well subfolders on it do not show. Like if I visit http://localhost/somefolder it will not work, it will only work on the root. What I mean with this, is that I can go to a specific file, for example http://localhost/somefolder/phpinfo.php will work, but for some reason, it does not read automatically the index.php inside the somefolder. I am getting the feeling this is not caddy but composer.

matt · May 6, 2023, 9:30pm

Try not to use 777. You need only assign ownership of the socket to the user or group running caddy and give it user/group permissions. There’s definitely no need to set the execute bit at all.

argami · May 11, 2023, 12:50pm

in case this helps i wrote a small article of how to use https in local in 1 only step with caddy:

NOTE: the link says 2 steps because at the beginning were 2 and became in 1

luisalvarado · May 11, 2023, 1:05pm

Anything and everything caddy related always helps, so I much appreciate this my friend. Thank you.

system · June 10, 2023, 1:06pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.