Help with (understanding) HTTPSing services

1. Caddy version (caddy version):

Caddy 2.2.1

2. How I run Caddy:

Attempting to run Caddy as a web server to replace Nginx

a. System environment:

Windows 10

b. Command:

.\caddy start 
   or
.\caddy run

c. Service/unit/compose file:

N/A?

d. My complete Caddyfile or JSON config:

localhost {
	encode gzip
	file_server
	root * C:/nginx/www/organizr/html
	php_fastcgi * 127.0.0.1:9000
	rewrite /api/v2/* /api/v2/index.php?{query}
}

3. The problem I’m having:

I’m attempting to replace Nginx with Caddy because of the simplicity and the HTTPS automation. I believe I don’t need to reverse proxy as these services (Organizr, Sonarr, Radarr) aren’t facing the public internet, they are only accessed locally and over VPN. I’m able to serve Organizr with Caddy and my issue comes from the services Organizr points to and attempting to connect from a different machine.

4. Error messages and/or full log output:

Error when using a laptop to connect to server: SSL_ERROR_INTERNAL_ERROR_ALERT

Error when loading https://localhost/ in a web browser: Blocked loading mixed active content “http://192.168.4.3:8096/”

From what I understand, the second error can easily be solved by getting all of my services on HTTPS. Can I do this with Caddy’s automatic HTTPS?

5. What I already tried:

I’ve attempted to create self-signed certs but I have discovered I have no idea what I’m doing.

6. Links to relevant resources:

Made a step forward, used my Caddy cert located int %appdata%\Caddy\localhost to add to my services. Now I can connect to them using HTTPS with their respective ports.

I continue to receive the SSL_ERROR_INTERNAL_ERROR_ALERT on Firefox. I’m not sure how to add an exception or trust the certificates. I believe that would be the solution?

I did install the certificates by simply double-clicking the .pfx and .crt files.

The self-signed certificate Caddy creates, installs, and uses on the server is for the localhost subject host name only. If you’re browsing the website on a browser on the server itself, you can navigate to https://localhost and it’ll render it just fine. If you’re browsing the site from another computer, then the host name being requested isn’t matching the name defined in the certificate, for which Firefox rightfully complains about.

If you’re developing or testing with TLS enabled and the server is on different machine than the client, then you will have to supply and configure Caddy with certificates having the correct subject common name.

1 Like