Help getting basic website online via docker

nuentes · April 11, 2020, 12:39pm

1. My Caddy version (`caddy version`):

GitHub - caddyserver/caddy-docker: Source for the official Caddy v2 Docker Image (v2.0.0-rc.2)

2. How I run Caddy:

Docker

a. System environment:

Docker

b. Command:

docker run -d -p 32080:80 -p 32443:443 \
    --name caddy2 \
    -e "CADDYPATH=/etc/caddycerts" \
    -v $(pwd)/docker_data/caddy/Caddyfile:/etc/caddy/Caddyfile \
    -v $HOME/docker_data/caddy/mySite/:/etc/caddy/mySite/ \
    -v $HOME/docker_data/caddy/data/:/data \
    -v $HOME/docker_data/caddy/config/:/config \
    -v $HOME/docker_data/caddy/.caddy:/etc/caddycerts \
    caddy/caddy caddy file-server

c. Service/unit/compose file:

I don't even know what this is

d. My complete Caddyfile or JSON config:

localhost:443

root * /etc/caddy/mySite
try_files {path} /index.html
file_server

3. The problem I’m having:

Caddy simply does not appear to be serving my site. When I start the container and navigate to localhost:32080 and/or localhost:32443, I cannot load the site. I am simply looking for a working caddyfile and docker install command to get me up and running with a very basic website. The website is a simple index.html file and 4 javascript files in a folder. This is a site that is currently available publicly (hosted on another server). I want to test this locally first, and then serve it publicly.

4. Error messages and/or full log output:

Docker logs after installing using above info:

{“level”:“warn”,“ts”:1586608004.591889,“logger”:“admin”,“msg”:“admin endpoint disabled”}
{“level”:“info”,“ts”:1586608004.5956352,“logger”:“http”,“msg”:“server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server”,“server_name”:“static”,“http_port”:80}
{“level”:“info”,“ts”:1586608004.5980573,“logger”:“tls”,“msg”:“cleaned up storage units”}
{“level”:“info”,“ts”:1586608004.600832,“msg”:“autosaved config”,“file”:"/config/caddy/autosave.json"}
2020/04/11 12:26:44 Caddy 2 serving static files on :80
2020/04/11 12:26:44 [INFO][cache:0xc00046e730] Started certificate maintenance routine

5. What I already tried:

I’ve tried a few different ports, and a few different install scripts. I honestly wish I could remember. This is not a failure of the software - I simply cannot find an idiot-proof guide for docker installation for my scenario.

6. Links to relevant resources:

francislavoie · April 11, 2020, 2:57pm

What do you mean by this? What kind of error are you seeing? We’ll need clarification.

nuentes:

docker run -d -p 32080:80 -p 32443:443 \
    --name caddy2 \
    -e "CADDYPATH=/etc/caddycerts" \
    -v $(pwd)/docker_data/caddy/Caddyfile:/etc/caddy/Caddyfile \
    -v $HOME/docker_data/caddy/mySite/:/etc/caddy/mySite/ \
    -v $HOME/docker_data/caddy/data/:/data \
    -v $HOME/docker_data/caddy/config/:/config \
    -v $HOME/docker_data/caddy/.caddy:/etc/caddycerts \
    caddy/caddy caddy file-server

I don’t remember exactly how docker behaves, but I see you’re leaving a trailing / at the end of the volume paths. I don’t think those are necessary and may or may not be the issue.

In that section we typically mean the systemd service file or docker-compose.yml file if you use that, i.e. the exact commands/environment used to run Caddy. In your case, the docker run command covers this.

Ah - I just realized the issue. The problem is that you’re listening to requests for localhost, which is 127.0.0.1. When running in Docker, listening to localhost will only let Caddy accept requests from other programs inside the container (which there are none). Instead, just use :443 to listen for any IP or domain.

Edit: Finally, @Mohammed90 pointed out to me out-of-band that you’re using caddy file-server as your docker command. This is in conflict with running with a Caddyfile. Just remove caddy file-server from the end of your docker run command, and it’ll use the default command defined in the Dockerfile instead, i.e. caddy run --config /etc/caddy/Caddyfile

nuentes · April 11, 2020, 7:06pm

Thanks for helping!

I don’t remember exactly how docker behaves, but I see you’re leaving a trailing / at the end of the volume paths. I don’t think those are necessary and may or may not be the issue.

The docker container appears to be correctly mapping these. When I check the folders in the host system, they are populated with caddy data files. The Caddyfile is also correctly mapped, as I’ve pulled it up via console within the container.

I changed the Caddyfile to remove localhost (and left the :443 in line 1). I removed the container completely and recreated with the same run comman, excluding the caddy file-server portion. When I start the container, it immediately stops with exit code 1. The log from docker is:

{"level":"info","ts":1586631102.917477,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"},
run: loading initial config: loading new config: starting caddy administration endpoint: listen tcp {public IP address redacted}:2019: bind: cannot assign requested address,

I’ve gotten this error in the past. I recall trying to add port 2019 into my port mapping, but not having any luck. Sorry, I did all my testing on this last week, so it’s all just a distant memory right now.

francislavoie · April 11, 2020, 8:49pm

Could you post your full Caddyfile, docker run command and logs? And please do not redact anything, every part is important to ensuring we’re on the same page with what’s going on.

nuentes · April 12, 2020, 2:05pm

I only redacted my public IP address. You won’t really be able to talk me into not redacting that. Everything else has been included.

Caddyfile:

:443

root * /etc/caddy/mySite
try_files {path} /index.html

Docker Run command:

docker run -d -p 32080:80 -p 32443:443 \
    --name caddy2 \
    -e "CADDYPATH=/etc/caddycerts" \
    -v $(pwd)/docker_data/caddy/Caddyfile:/etc/caddy/Caddyfile \
    -v $HOME/docker_data/caddy/mySite/:/etc/caddy/mySite/ \
    -v $HOME/docker_data/caddy/data/:/data \
    -v $HOME/docker_data/caddy/config/:/config \
    -v $HOME/docker_data/caddy/.caddy:/etc/caddycerts \
    caddy/caddy

Error Log from Docker upon running:

{"level":"info","ts":1586699733.6090105,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"},
run: loading initial config: loading new config: starting caddy administration endpoint: listen tcp {my public IP}:2019: bind: cannot assign requested address,

Not sure if this might be related, but I hadn’t ever purged the data that was auto-populated into the data and config folders. I deleted the container, purged that data, and tried the Docker Run command again. Still got the exact same error, and the image obviously never got far enough to re-populate that data, as those folders are still blank.

francislavoie · April 12, 2020, 2:26pm

That’s very strange. Caddy should be attempting to listen to localhost:2019 by default, not your public IP address. That should never be a problem. You must have some strange network settings going on in your environment.

I just tried replicating:

Caddyfile:

:443

root * /etc/caddy/mySite
try_files {path} /index.html
file_server

Command:

docker run -d -p 32080:80 -p 32443:443 \
    --name caddy2 \
    -v $(pwd)/Caddyfile-f7515:/etc/caddy/Caddyfile \
    -v caddy_data:/data \
    -v caddy_config:/config \
    caddy/caddy

Logs:

{"level":"info","ts":1586701675.0019665,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1586701675.0057886,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["localhost:2019"]}
{"level":"info","ts":1586701675.005957,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
2020/04/12 14:27:55 [INFO][cache:0xc0006bc5a0] Started certificate maintenance routine
{"level":"info","ts":1586701675.0065432,"logger":"tls","msg":"cleaned up storage units"}
{"level":"info","ts":1586701675.0067077,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1586701675.0067358,"msg":"serving initial configuration"}

nuentes · April 12, 2020, 3:03pm

I’m running Docker inside of a pretty clean install of Ubuntu Server VM. I only created the VM a few weeks ago, and all that’s been installed within it is a desktop GUI, docker, and SSH. And I’ve only created a few containers, and none of them are networking related. I haven’t done any strange networking within this VM (or anywhere, really).

But yeah, you’re right, this does look network related. I really haven’t done anything here. I removed the bridge network from the container, and it booted right up. Here’s what the log is with the container disconnected from the network:

{"level":"info","ts":1586703424.6241252,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"},
{"level":"info","ts":1586703424.6272933,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["localhost:2019"]},
{"level":"info","ts":1586703424.6275194,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443},
{"level":"info","ts":1586703424.6276824,"logger":"tls","msg":"cleaned up storage units"},
{"level":"info","ts":1586703424.6293712,"msg":"autosaved config","file":"/config/caddy/autosave.json"},
{"level":"info","ts":1586703424.6294305,"msg":"serving initial configuration"},
2020/04/12 14:57:04 [INFO][cache:0xc000463e50] Started certificate maintenance routine,
{"level":"info","ts":1586703521.0252728,"msg":"shutting down apps then terminating","signal":"SIGTERM"},
2020/04/12 14:58:41 [INFO][cache:0xc000463e50] Stopped certificate maintenance routine,

I then shut it down and re-enable the bridge network adapter, and get the same error as before.

Also, I noticed that it doesn’t appear to be my public IP address that I’ve been redacting. I’m not sure what IP address it is, but it’s 92.242.140.21

francislavoie · April 12, 2020, 3:13pm

Interesting info about that IP address:

I’m still very confused. So it seems to work just fine as long as you don’t have the bridge network adapter?

francislavoie · April 12, 2020, 3:35pm

I think you might have some funky stuff going on making localhost resolve to 92.242.140.21.

Could you try adding the following at the top of your Caddyfile?

{
    admin 127.0.0.1:2019
}

This should make it avoid using localhost as DNS and instead just use a loopback IP address.

nuentes · April 17, 2020, 6:49pm

Sorry, was busy with work all week.

Ok, so sounds like I don’t need to be too concerned with that IP specifically. I can’t think of anything I would have done to result in funny Docker networking.

I added those lines to my caddyfile, and the container boots now. Here are the logs:

{"level":"info","ts":1587149038.3133385,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"},
{"level":"info","ts":1587149038.3152158,"logger":"admin","msg":"admin endpoint started","address":"tcp/127.0.0.1:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]},
{"level":"info","ts":1587149038.3154354,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443},
{"level":"info","ts":1587149038.3155925,"logger":"tls","msg":"cleaned up storage units"},
{"level":"info","ts":1587149038.3166912,"msg":"autosaved config","file":"/config/caddy/autosave.json"},
{"level":"info","ts":1587149038.3167841,"msg":"serving initial configuration"},
2020/04/17 18:43:58 [INFO][cache:0xc000451ae0] Started certificate maintenance routine,

I don’t have a web browser installed on that server. So I am trying to access via my laptop. I am able to remotely connect to web portals for other docker containers on this server. Having issues pulling up the page.

Navigate to 192.168.1.24:32443 - Error message “Client sent an HTTP request to an HTTPS server.”
Navigate to 192.168.1.24:32080 - Standard “ERR_CONNECTION_REFUSED” This site can’t be reached error message

Also, I really don’t understand how port 2019 ties into all of this. Do I need to map this port in the container as well? Is this the actual port I should be testing on?

francislavoie · April 17, 2020, 7:59pm

The admin API is how Caddy configures itself. When you’re running Caddy with a Caddyfile for example, essentially what happens is Caddy turn your Caddyfile into a JSON config, and sends that to the API to load the server.

The admin API is only something you should need to think about if you plan to write your config in JSON and manually make API requests to change the config on the fly, which isn’t the case if you mean to run Caddy via a Caddyfile as config. Otherwise, it should just be an internal implementation detail.

The problem here was that because of some misconfiguration on your server, whatever DNS is configured is resolving localhost to some non-loopback IP address. localhost:2019 is the default listen address for the admin API, and the expectation is that that’ll be correct.

Please give a full example URL you’re trying. Considering your Caddyfile, Caddy is only listening on port 443, which you’ve mapped to 32443, so connecting to 32080 won’t work because Caddy isn’t listening on port 80.

You’ll need to connect with something like https://192.168.1.24:32443/some/path. The clue is Client sent an HTTP request to an HTTPS server., you need to specify https://.

system · May 17, 2020, 7:59pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.