1. Output of caddy version
:
v2.6.1 h1:EDqo59TyYWhXQnfde93Mmv4FJfYe00dO60zMiEt+pzo=
2. How I run Caddy:
a. System environment:
Virtualization: lxc
Operating System: Ubuntu 20.04.5 LTS
Kernel: Linux 5.4.162-1-pve
Architecture: x86-64
b. Command:
I’ve downloaded caddy using
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
and then added cloudflare package using
caddy add-package
I’m starting caddy by:
caddy start
keycloak docker container
docker run -d -p 2709:8080 --name keycloak-dev -e KEYCLOAK_ADMIN=example -e KEYCLOAK_ADMIN_PASSWORD=example -e KC_PROXY=edge -e PROXY_ADDRESS_FORWARDING=true quay.io/keycloak/keycloak:19.0.2 start-dev
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
(cloudflare) {
tls example@example.com {
dns cloudflare {env.CLOUDFLARE_AUTH_TOKEN}
}
}
keycloak.iliadril.xyz {
import cloudflare
respond "Hello! I am finally working!"
}
iliadril.xyz {
import cloudflare
reverse_proxy :2709
}
3. The problem I’m having:
I intend to run a docker keycloak container under separate subdomain, but I’m getting SSL handshake failed Error code 525
on both domains. Keycloak ran successfully on main domain (iliadril.xyz) but after sudo systemctl restart caddy
it doesn’t work on both main and subdomain.
My VPS provider isn’t handing out IPv4 addresses so I have to proxy my IPv6 through cloudflare which gives me some trouble.
4. Error messages and/or full log output:
curl -kIL iliadril.xyz --resolve iliadril.xyz:[IPv6] --resolve iliadril.xyz:[IPv6]
HTTP/1.1 308 Permanent Redirect
Connection: close
Location: https://iliadril.xyz/
Server: Caddy
Date: Wed, 28 Sep 2022 12:51:56 GMT
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
sudo journalctl -u caddy
wrz 28 12:52:05 j242 caddy[954]: {"level":"error","ts":1664369525.2136521,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":>
wrz 28 12:52:05 j242 caddy[954]: {"level":"error","ts":1664369525.2139134,"logger":"tls.obtain","msg":"will retry","error":"[iliadril.xyz] Obtain: [iliadri>
wrz 28 12:52:05 j242 caddy[954]: {"level":"error","ts":1664369525.7783217,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"iliadril.del>
wrz 28 12:52:07 j242 caddy[954]: {"level":"error","ts":1664369527.8812165,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":>
wrz 28 12:52:07 j242 caddy[954]: {"level":"error","ts":1664369527.8817258,"logger":"tls.obtain","msg":"will retry","error":"[keycloak.iliadril.xyz] Obtain:>
wrz 28 12:52:09 j242 caddy[954]: {"level":"error","ts":1664369529.0813124,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":>
wrz 28 12:52:09 j242 caddy[954]: {"level":"error","ts":1664369529.0818322,"logger":"tls.obtain","msg":"will retry","error":"[keycloak.deloitte.cyou] Obtain>
5. What I already tried:
- I tried to follow Error 525 ssl handshake failed - #14 by francislavoie
- made sure I use correct cloudflare API token
- tried several Caddyfiles that I’ve found on this forum
- set SSL/TLS full (strict) on cloudflare
- tried to disable proxy status (unchecked the cloudflare cloud)