1. The problem I’m having:
I am running caddy in a docker container via docker-compose
I can make everything work in http but if I try to enable https I get the below error.
I have included all the configs and relevant information below but basically I am trying to host a website with an app in it. The application does have a native TLS mode that ask for the SSL_CERT and SSL_KEY. I believe I found the correct cert files located at caddy_data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/myapp.backendlinux.com/
. If I use this information I get the error I mentioned about no PEM data in certificate input.
First I am not positive this is the correct cert files but from my research it appears they are.
There is much more information available I can supply but did not want to go overboard but I have tried multiple different ways of trying to resolve this briefly I will list them below a very brief reason for abandoning those routes.
- Serve site app as http this works but causes mixed content error in the browser ok for me not ok for random user/visitors.
- Serve site and app as http this works perfectly sadly how everything was tested I didn’t think there would be this much of an issue rolling it over to HTTPS. Main reason for doing so seo and most normal users get scared away when a browser says this site could steal your info.
POSSIBLE IMPORTANT
And finally.
- Serve app as http and proxy this would be my preferred way of doing this but it appears the application checks the origin and if it receives a request ie. served as http but receives an https request it errors out. My understanding was caddy when used as a
reverse_proxy
pass the requests upstream as http but that does not seem to be true or there is other header details causing the request be registered as https.
I tried multiple different combinations of header_up
and header
combinations change the https request to http but I don’t think this is the correct way to go about this but if I am wrong tell me and I will dig into making it work that way.
- Also has the same issues with mixed content errors.
2. Error messages and/or full log output:
fatal error: tls: failed to find any PEM data in certificate input
3. Caddy version:
Caddy v2.6.4
4. How I installed and ran Caddy:
docker-compose pull
docker-compose up -d
a. System environment:
Debian 6.1.37-1 (2023-07-03) x86_64 GNU/Linux
Linux v6.1.0-10-amd64
Docker version 20.10.24+dfsg1, build 297e128
b. Command:
docker-compose up -d
c. Service/unit/compose file:
version: '3.7'
services:
caddy:
image: caddy:latest
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- ./access.log:/var/log/access.log
- ./Caddyfile:/etc/caddy/Caddyfile
- ./html:/srv
- caddy_data:/data
- caddy_config:/config
myapp:
image: myapp
restart: unless-stopped
ports:
- "8080:8080"
environment:
ORIGIN: https://myapp.backendlinux.com
PORT: 8080
POSTGRES: postgres://postgres:postgres@db:5432/myapp?sslmode=disable
GITHUB_KEY: <redacted>
GITHUB_SECRET: <redacted>
ENABLE_LOGGING: 'true'
SSL: 'true'
SSL_CERT: caddy_data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/myapp.backendlinux.com
SSL_KEY: <same>
db:
image: postgres:12.5-alpine
restart: unless-stopped
environment:
POSTGRES_DB: 'myapp_db'
POSTGRES_USER: 'postgres'
POSTGRES_PASSWORD: 'postgres'
volumes:
- myapp_db:/var/lib/postgresql/data
volumes:
caddy_data:
external: true
caddy_config:
external: true
myapp_db:
external: true
d. My complete Caddy config:
Caddyfile
myapp.backendlinux.com {
reverse_proxy myapp:8080
}
backendlinux.com {
header X-Content-Type-Options "nosniff"
header Cache-Control max-age="31536000"
log {
format json
output file /var/log/access.log {
roll_disable
}
}
templates
file_server
}
5. Links to relevant resources:
6. Things I have tried:
If I am correct I and that cert files I noted earlier are the correct files which again I am not sure they are I have tried these things.
cat appmy.website.com.crt myapp.backendlinux.com.key > cert.pem
See stackoverflow lilnk
I have also tried multiple different version of this approach. I believe the certs and keys produced by caddy are of the ec type not the rsa atleast the key is ec.
I also tried using openssl to convert the crt and key.
openssl x509 -inform DER -in myapp.backendlinux.com.crt -out cert.pem -text
If I am correct about this being the correct approach the second stackoverflow link I posted about refrences so information about converting ec keys to PEM data but I didn’t really understand it and then came here.
Thank you
Any links or pointers or just telling I am wrong I should do this a different way would be greatly appreciated.