1. The problem I’m having:
I’m trying to configure my Caddy server inside a Docker container to work as a reverse proxy for N8N, my domain is on Netlify, I have an SSL certificate on my website and I’ve never had any problems with the certificate. But I can’t use Caddy to generate a certificate for my subdomain or manage the certificate I already have.
2. Error messages and/or full log output:
2024-12-09 12:05:09 {"level":"info","ts":1733756709.8090196,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
2024-12-09 12:05:09 {"level":"warn","ts":1733756709.809091,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
2024-12-09 12:05:09 {"level":"info","ts":1733756709.8092082,"logger":"http","msg":"servers shutting down with eternal grace period"}
2024-12-09 12:05:09 {"level":"info","ts":1733756709.810839,"logger":"tls.obtain","msg":"releasing lock","identifier":"flow.technervs.com"}
2024-12-09 12:05:09 {"level":"info","ts":1733756709.813849,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
2024-12-09 12:05:09 {"level":"info","ts":1733756709.8139217,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.760374,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.761943,"msg":"adapted config to JSON","adapter":"caddyfile"}
2024-12-09 12:05:10 {"level":"warn","ts":1733756710.7619739,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.7635064,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.7637384,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.763767,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.763825,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000697d00"}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.764178,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.764269,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.76442,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.7645817,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.7646046,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["flow.technervs.com"]}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.7677777,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.767843,"msg":"serving initial configuration"}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.7715065,"logger":"tls.obtain","msg":"acquiring lock","identifier":"flow.technervs.com"}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.775764,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"a2bbb34a-f079-4380-bc95-c0bc939c8fd7","try_again":1733843110.7757616,"try_again_in":86399.999999637}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.7759268,"logger":"tls.obtain","msg":"lock acquired","identifier":"flow.technervs.com"}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.7762156,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"flow.technervs.com"}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.7769787,"logger":"tls","msg":"finished cleaning storage units"}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.7934666,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["flow.technervs.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.7935102,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["flow.technervs.com"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
2024-12-09 12:05:10 {"level":"info","ts":1733756710.7935202,"logger":"http","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/2103233187","account_contact":[]}
2024-12-09 12:05:11 {"level":"info","ts":1733756711.9478254,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"flow.technervs.com","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
2024-12-09 12:05:12 {"level":"error","ts":1733756712.5702384,"logger":"http.acme_client","msg":"challenge failed","identifier":"flow.technervs.com","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"189.111.248.216: Fetching https://flow.technervs.com:10443/.well-known/acme-challenge/FeC4T21Nhc47a7GU2ghgNg3xnDpow377-nZk5B-yQYs: Invalid port in redirect target. Only ports 80 and 443 are supported, not 10443","instance":"","subproblems":[]}}
2024-12-09 12:05:12 {"level":"error","ts":1733756712.5703006,"logger":"http.acme_client","msg":"validating authorization","identifier":"flow.technervs.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"189.111.248.216: Fetching https://flow.technervs.com:10443/.well-known/acme-challenge/FeC4T21Nhc47a7GU2ghgNg3xnDpow377-nZk5B-yQYs: Invalid port in redirect target. Only ports 80 and 443 are supported, not 10443","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/2103233187/331490823367","attempt":1,"max_attempts":3}
2024-12-09 12:05:14 {"level":"info","ts":1733756714.0264037,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"flow.technervs.com","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
3. Caddy version:
v2
4. How I installed and ran Caddy:
a. System environment:
- OS: Docker Desktop (MacOS)
- Architecture: x86_64
- Docker version: 24.0.1
- Caddy version: 2.6.4
- Systemd: No
b. Command:
I am using Docker Compose to run Caddy. Below is the command I use to start the services:
docker compose up -d --build
c. Service/unit/compose file:
Here is the docker-compose.yml file configuration:
version: '3.8'
volumes:
db_storage:
n8n_storage:
redis_storage:
caddy_data:
x-shared: &shared
restart: always
image: docker.n8n.io/n8nio/n8n
environment:
- DB_TYPE=postgresdb
- DB_POSTGRESDB_HOST=postgres
- DB_POSTGRESDB_DATABASE=$POSTGRES_DB
- DB_POSTGRESDB_PORT=5432
- DB_POSTGRESDB_USER=${POSTGRES_NON_ROOT_USER}
- DB_POSTGRESDB_PASSWORD=${POSTGRES_NON_ROOT_PASSWORD}
- N8N_ENCRYPTION_KEY=$encryption_key
- N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true
- N8N_SECURE_COOKIE=true
- N8N_HOST=$url_editorn8n
- N8N_EDITOR_BASE_URL=https://$url_editorn8n/
- WEBHOOK_URL=https://$url_webhookn8n/
- N8N_PROTOCOL=https
- NODE_ENV=production
- EXECUTIONS_MODE=queue
- N8N_REINSTALL_MISSING_PACKAGES=true
- N8N_COMMUNITY_PACKAGES_ENABLED=true
- N8N_NODE_PATH=/home/node/.n8n/nodes
- QUEUE_BULL_REDIS_HOST=redis
- QUEUE_BULL_REDIS_PORT=6379
- QUEUE_BULL_REDIS_DB=2
- NODE_FUNCTION_ALLOW_EXTERNAL=moment,lodash,moment-with-locales
- EXECUTIONS_DATA_PRUNE=true
- EXECUTIONS_DATA_MAX_AGE=336
- GENERIC_TIMEZONE=America/Sao_Paulo
- TZ=America/Sao_Paulo
links:
- postgres
- redis
volumes:
- n8n_storage:/home/node/.n8n
- ./local_files:/files
- n8n_storage:/home/node/.n8n
- n8n_storage:/ca-certificate.crt:/certs/db.crt
depends_on:
redis:
condition: service_healthy
postgres:
condition: service_healthy
services:
postgres:
image: postgres:16
restart: always
environment:
- POSTGRES_USER
- POSTGRES_PASSWORD
- POSTGRES_DB
- POSTGRES_NON_ROOT_USER
- POSTGRES_NON_ROOT_PASSWORD
volumes:
- db_storage:/var/lib/postgresql/data
- ./init-data.sh:/docker-entrypoint-initdb.d/init-data.sh
healthcheck:
test: ['CMD-SHELL', 'pg_isready -h localhost -U ${POSTGRES_USER} -d ${POSTGRES_DB}']
interval: 5s
timeout: 5s
retries: 10
redis:
image: redis:6-alpine
restart: always
volumes:
- redis_storage:/data
healthcheck:
test: ['CMD', 'redis-cli', 'ping']
interval: 5s
timeout: 5s
retries: 10
caddy:
image: caddy:latest
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./caddy_config:/data
- ./caddy_config:/config
- ./caddy_config/Caddyfile:/etc/caddy/Caddyfile
n8n:
<<: *shared
ports:
- 5678:5678
n8n-worker:
<<: *shared
command: worker
depends_on:
- n8n
d. My complete Caddy config:
Here is the Caddyfile I am using:
flow.technervs.com {
reverse_proxy n8n-1:5678 {
flush_interval -1
}
}
