Error: adapting config using caddyfile: ambiguous site definition

RemiZOffAlex · March 29, 2023, 2:13pm

{
    http_port 6080
    https_port 6443
}

site1:6080 {
    reverse_proxy 10.0.0.10:80
}

site1:6443 {
    reverse_proxy 10.0.0.10:80
    tls internal {
        client_auth {
            mode request
        }
    }
}

site2, :6080, :6443 {
    reverse_proxy 10.0.0.20:80
}

site3, :6080, :6443 {
    reverse_proxy 10.0.0.30:80
}

caddy validate --config Caddyfile.example 
2023/03/29 14:11:11.719 INFO    using provided configuration    {"config_file": "Caddyfile.example", "config_adapter": ""}
Error: adapting config using caddyfile: ambiguous site definition: :6080

matt · March 29, 2023, 2:15pm

The site “:6080” appears twice – should Caddy reverse proxy to *.20 or *.30? It’s ambiguous. Remove it from one of the site blocks. Same for :6443.

RemiZOffAlex · March 29, 2023, 2:25pm

6080 is not site. 6080 is port for multisite.
logic

I’m not understand logic caddy. Official structure site blocks https://caddyserver.com/resources/images/caddyfile-visual.png

RemiZOffAlex · March 29, 2023, 2:33pm

{
  "apps": {
    "http": {
      "http_port": 6080,
      "https_port": 6443,
      "servers": {
        "srv0": {
          "listen": [
            ":6080"
          ],
          "routes": [
            {
              "match": [
                {
                  "host": [
                    "site1"
                  ]
                }
              ],
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "handler": "reverse_proxy",
                          "upstreams": [
                            {
                              "dial": "10.0.0.10:80"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              ],
              "terminal": true
            },
            {
              "match": [
                {
                  "host": [
                    "site2"
                  ]
                }
              ],
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "handler": "reverse_proxy",
                          "upstreams": [
                            {
                              "dial": "10.0.0.20:80"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              ],
              "terminal": true
            },
            {
              "match": [
                {
                  "host": [
                    "site3"
                  ]
                }
              ],
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "handler": "reverse_proxy",
                          "upstreams": [
                            {
                              "dial": "10.0.0.30:80"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              ],
              "terminal": true
            }
          ]
        },
        "srv1": {
          "listen": [
            ":6443"
          ],
          "routes": [
            {
              "match": [
                {
                  "host": [
                    "site1"
                  ]
                }
              ],
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "handler": "reverse_proxy",
                          "upstreams": [
                            {
                              "dial": "10.0.0.10:80"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              ],
              "terminal": true
            },
            {
              "match": [
                {
                  "host": [
                    "site2"
                  ]
                }
              ],
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "handler": "reverse_proxy",
                          "upstreams": [
                            {
                              "dial": "10.0.0.20:80"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              ],
              "terminal": true
            },
            {
              "match": [
                {
                  "host": [
                    "site3"
                  ]
                }
              ],
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "handler": "reverse_proxy",
                          "upstreams": [
                            {
                              "dial": "10.0.0.30:80"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              ],
              "terminal": true
            }
          ],
          "tls_connection_policies": [
            {
              "match": {
                "sni": [
                  "site1"
                ]
              },
              "client_authentication": {
                "mode": "request"
              }
            },
            {}
          ]
        }
      }
    },
    "tls": {
      "automation": {
        "policies": [
          {
            "subjects": [
              "site1"
            ],
            "issuers": [
              {
                "module": "internal"
              }
            ]
          },
          {
            "subjects": [
              "site2"
            ],
            "issuers": [
              {
                "module": "internal"
              }
            ]
          },
          {
            "subjects": [
              "site3"
            ],
            "issuers": [
              {
                "module": "internal"
              }
            ]
          }
        ]
      }
    }
  }
}

bash-5.2$ caddy validate --config caddy.json 
2023/03/29 14:30:05.033 INFO    using provided configuration    {"config_file": "caddy.json", "config_adapter": ""}
2023/03/29 14:30:05.033 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000200bd0"}
2023/03/29 14:30:05.118 WARN    http    server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srv0", "http_port": 6080}
2023/03/29 14:30:05.118 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv1"}
2023/03/29 14:30:05.119 WARN    http    enabling strict SNI-Host enforcement because TLS client auth is configured      {"server_id": "srv1"}
2023/03/29 14:30:05.119 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": "0xc000200bd0"}
Valid configuration
bash-5.2$ caddy validate --config caddy.json 
2023/03/29 14:30:27.927 INFO    using provided configuration    {"config_file": "caddy.json", "config_adapter": ""}
2023/03/29 14:30:27.927 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000388e00"}
2023/03/29 14:30:27.928 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv1"}
2023/03/29 14:30:27.928 WARN    http    server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srv0", "http_port": 6080}
2023/03/29 14:30:27.928 WARN    http    enabling strict SNI-Host enforcement because TLS client auth is configured      {"server_id": "srv1"}
2023/03/29 14:30:27.928 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": "0xc000388e00"}
Valid configuration
bash-5.2$ caddy validate --config caddy.json 
2023/03/29 14:31:02.214 INFO    using provided configuration    {"config_file": "caddy.json", "config_adapter": ""}
2023/03/29 14:31:02.215 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000314e00"}
2023/03/29 14:31:02.215 WARN    http    server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srv0", "http_port": 6080}
2023/03/29 14:31:02.215 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv1"}
2023/03/29 14:31:02.215 WARN    http    enabling strict SNI-Host enforcement because TLS client auth is configured      {"server_id": "srv1"}
2023/03/29 14:31:02.215 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": "0xc000314e00"}
Valid configuration
bash-5.2$ caddy validate --config caddy.json 
2023/03/29 14:31:15.951 INFO    using provided configuration    {"config_file": "caddy.json", "config_adapter": ""}
2023/03/29 14:31:15.952 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000342d90"}
2023/03/29 14:31:15.952 WARN    http    server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srv0", "http_port": 6080}
2023/03/29 14:31:15.952 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv1"}
2023/03/29 14:31:15.953 WARN    http    enabling strict SNI-Host enforcement because TLS client auth is configured      {"server_id": "srv1"}
2023/03/29 14:31:15.953 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": "0xc000342d90"}
Valid configuration
bash-5.2$ caddy validate --config caddy.json 
2023/03/29 14:31:31.566 INFO    using provided configuration    {"config_file": "caddy.json", "config_adapter": ""}
2023/03/29 14:31:31.567 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000218770"}
2023/03/29 14:31:31.568 WARN    http    server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srv0", "http_port": 6080}
2023/03/29 14:31:31.568 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv1"}
2023/03/29 14:31:31.568 WARN    http    enabling strict SNI-Host enforcement because TLS client auth is configured      {"server_id": "srv1"}
2023/03/29 14:31:31.568 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": "0xc000218770"}
Valid configuration
bash-5.2$ caddy run --watch config caddy.json 
2023/03/29 14:31:46.554 INFO    using adjacent Caddyfile
Error: adapting config using caddyfile: ambiguous site definition: :6080

francislavoie · March 29, 2023, 7:13pm

Are you trying to load balance? In that case you need to pass multiple upstream addresses to reverse_proxy:

:6080, :6443 {
	reverse_proxy 10.0.0.20:80 10.0.0.30:80
}

A request can only be handled by one site. Having two sites that target the same route doesn’t make sense, because only one can handle it.

system · May 28, 2023, 2:14pm

This topic was automatically closed after 60 days. New replies are no longer allowed.