1. Output of caddy version
:
v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=
2. How I run Caddy:
I start Caddy in docker
a. System environment:
Docker caddy:2.5.1-alpine image
b. Command:
caddy run --config /etc/caddy/caddy.yaml --adapter yaml
c. Service/unit/compose file:
version: '3.5'
services:
proxy:
build:
context: .
restart: always
environment:
UPSTREAM: "my_upstream:8080"
ZEROSSL_API_KEY: ""
LETSENCRYPT_EMAIL: ""
REDIS_STORAGE_ADDRESS: ""
volumes:
- ./caddy.yaml:/etc/caddy/caddy.yaml
ports:
- 80:80
- 443:443
- 2019:2019 # Admin
d. My complete Caddy config:
apps:
http:
servers:
srv_main:
listen:
- :443
automatic_https:
disable_redirects: true
read_timeout: 15s
write_timeout: 15s
idle_timeout: 10s
max_header_bytes: 16384 # 16kb
routes:
- match: # matches anything
handle:
- handler: encode
encodings:
gzip: {}
zstd: {}
prefer:
- zstd
- gzip
- handler: reverse_proxy
upstreams:
- dial: "#{$UPSTREAM}"
headers:
request:
set:
X-Forwarded-Host:
- "{http.request.host}"
X-Real-IP:
- "{http.request.remote.host}"
Connection:
- ""
transport:
protocol: http
response_header_timeout: 30s
logs:
default_logger_name: log0
tls:
automation:
policies:
- on_demand: true
issuers:
- module: zerossl
api_key: "#{$ZEROSSL_API_KEY}"
- module: acme
email: "#{$LETSENCRYPT_EMAIL}"
on_demand:
rate_limit:
interval: 1m
burst: 600
ask: "#{$DOMAIN_VALIDATION_ENDPOINT}"
storage_clean_interval: 24h
cache:
capacity: 40000
session_tickets:
disabled: true
storage:
module: redis
address: "#{$REDIS_STORAGE_ADDRESS}"
key_prefix: caddytls
password: ""
timeout: 5
tls_enabled: false
tls_insecure: true
value_prefix: caddy-storage-redis
admin:
listen: 0.0.0.0:2019
3. The problem I’m having:
I have an ask
endpoint in TLS on_demand configuration to check if domain is valid before issuing the certificate. If domain is not valid or any other cert issunig error there, user just sees the ugly “This site can’t provide a secure connection ERR_SSL_PROTOCOL_ERROR” in his browser. Is ti possible to respond with redirect to some fallback page? To the port 80 maybe.
Thanks.
4. Error messages and/or full log output: