How to enable https for a non-standard port?

linsui · June 5, 2022, 11:17am

1. Caddy version (`caddy version`):

2.5.1

2. How I run Caddy:

a. System environment:

NixOS

b. Command:

caddy run

c. Service/unit/compose file:

d. My complete Caddyfile or JSON config:

:1111 {
    root * /home/user
    file_server browse
    tls {
        issuer internal
        on_demand
    }
}

3. The problem I’m having:

curl https://127.0.0.1:1111
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

4. Error messages and/or full log output:

2022/06/05 11:11:45.426 INFO    using adjacent Caddyfile
2022/06/05 11:11:45.426 WARN    Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies {"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2022/06/05 11:11:45.428 INFO    admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2022/06/05 11:11:45.428 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00015d260"}
2022/06/05 11:11:45.435 INFO    pki.ca.ROOT     root certificate trust store installation disabled; unconfigured clients may show warnings   {"path": "/etc/ssl/ca/ca.crt"}
2022/06/05 11:11:45.447 WARN    pki.ca.local    installing root certificate (you might be prompted for password)     {"path": "storage:pki/authorities/local/root.crt"}
2022/06/05 11:11:45.447 INFO    Warning: "certutil" is not available, install "certutil" with "apt install libnss3-tools" or "yum install nss-tools" and try again
2022/06/05 11:11:45.447 INFO    define JAVA_HOME environment variable to use the Java trust
2022/06/05 11:11:45.447 ERROR   pki.ca.local    failed to install root certificate      {"error": "install is not supported on this system", "certificate_file": "storage:pki/authorities/local/root.crt"}
2022/06/05 11:11:45.447 WARN    tls     YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place    {"docs": "https://caddyserver.com/docs/automatic-https#on-demand-tls"}
2022/06/05 11:11:45.448 INFO    tls     cleaning storage unit   {"description": "FileStorage:.local/share/caddy"}
2022/06/05 11:11:45.448 INFO    autosaved config (load with --resume flag)      {"file": ".config/caddy/autosave.json"}
2022/06/05 11:11:45.448 INFO    serving initial configuration
2022/06/05 11:11:45.448 INFO    tls     finished cleaning storage units

5. What I already tried:

I can define the https_port in the global config or use the 443 port. But what if I want to listen on multiple ports?

6. Links to relevant resources:

francislavoie · June 5, 2022, 2:12pm

Try https://:1111 as your site address.

Be careful when using on_demand. You’re opening yourself up to abuse (DDoS via infinitely issuing certificates, filling storage up with cert/key pairs).

linsui · June 6, 2022, 3:07am

It works, thanks!

system · July 5, 2022, 11:17am

This topic was automatically closed after 30 days. New replies are no longer allowed.