1. Caddy version (caddy version):
V2, latest
2. How I run Caddy:
I’m running Caddy from a docker container on AWS lightsail, using a startup script since AWS lightsail containers don’t seem to permit persistence or modifying of container files. I cannot for the life of me get docker to run on multiple windows 10 machines that otherwise have no issues running VM’s, so have given up trying to make a custom image.
I’m mainly using lightsail containers because I both have access to them, and because they are provisioned with an SSL certificate and come with a system-generated URL/URI, as seen in the second example below (anonymised).
My current, url is here: I’ll change this if anyone can offer some support and I get the issue resolved:
https://caddy-container-service-1.i98v102us0j8a.ap-southeast-2.cs.amazonlightsail.com/
I’m currenlty experimenting with versions of the following:
start.sh
caddy reverse-proxy --from \:80 --to http\://3.4.2.1\:1880
caddy reverse-proxy --from \:80 --to http\://3.4.2.1\:1880 rewrite https://caddy-container-service-1.i98v102us0j8a.ap-southeast-2.cs.amazonlightsail.com/ 3.4.2.1\:1880
a. System environment:
Docker container, caddy:latest, per the above.
b. Command:
Per the above examples
d. My complete Caddyfile or JSON config:
Not using a custom Caddfile as I’m not building a custom image. Please see the above comments.
3. The problem I’m having:
The issue that I’m having is that the reverse-proxy is causing a phiahing warning in Chrome. I can only assume that there’s some SSL interference happening here.
Does Caddy strip and replace SSL when operating as a reverse proxy? If so, this seems to be flowing through to the client browser, though it’s not clear to me what is going wrong.
4. Error messages and/or full log output:
Tripping up Chrome / Googles safe browsing extension.
Also fails in Firefox due to Safe Browsing
Seems to be getting triggered by mishandling of this:
https://caddy-container-service-1.i98v102us0j8a.ap-southeast-2.cs.amazonlightsail.com/plugins/messages?lng=en-US&_=1620779345275
5. What I already tried:
I’ve tried modifying the open ports and public endpoint port for the docker image. Variations of 80 and 443, or both.
80 for the public endpoint and 80 for the Caddy internal port works but fails with a security warning, meaning that the lightsail container access looks like URI:443 → Caddy:80 → Reverse Proxy Function → IP address of server
443 for the public endpoint seems to fail routinely under all scenarios. No route.
80 for the public endpoint, 443 for the Caddy internal port seems to fail. No route.
6. Links to relevant resources:
https://caddy-container-service-1.i98v102us0j8a.ap-southeast-2.cs.amazonlightsail.com/
vs Google safe browsing:
https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fcaddy-container-service-1.i98v102us0j8a.ap-southeast-2.cs.amazonlightsail.com%2F