1. Caddy version (caddy version
):
2.5.1
2. How I run Caddy:
a. System environment:
NixOS
b. Command:
caddy run
c. Service/unit/compose file:
d. My complete Caddyfile or JSON config:
:1111 {
root * /home/user
file_server browse
tls {
issuer internal
on_demand
}
}
3. The problem I’m having:
curl https://127.0.0.1:1111
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
4. Error messages and/or full log output:
2022/06/05 11:11:45.426 INFO using adjacent Caddyfile
2022/06/05 11:11:45.426 WARN Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies {"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2022/06/05 11:11:45.428 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2022/06/05 11:11:45.428 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc00015d260"}
2022/06/05 11:11:45.435 INFO pki.ca.ROOT root certificate trust store installation disabled; unconfigured clients may show warnings {"path": "/etc/ssl/ca/ca.crt"}
2022/06/05 11:11:45.447 WARN pki.ca.local installing root certificate (you might be prompted for password) {"path": "storage:pki/authorities/local/root.crt"}
2022/06/05 11:11:45.447 INFO Warning: "certutil" is not available, install "certutil" with "apt install libnss3-tools" or "yum install nss-tools" and try again
2022/06/05 11:11:45.447 INFO define JAVA_HOME environment variable to use the Java trust
2022/06/05 11:11:45.447 ERROR pki.ca.local failed to install root certificate {"error": "install is not supported on this system", "certificate_file": "storage:pki/authorities/local/root.crt"}
2022/06/05 11:11:45.447 WARN tls YOUR SERVER MAY BE VULNERABLE TO ABUSE: on-demand TLS is enabled, but no protections are in place {"docs": "https://caddyserver.com/docs/automatic-https#on-demand-tls"}
2022/06/05 11:11:45.448 INFO tls cleaning storage unit {"description": "FileStorage:.local/share/caddy"}
2022/06/05 11:11:45.448 INFO autosaved config (load with --resume flag) {"file": ".config/caddy/autosave.json"}
2022/06/05 11:11:45.448 INFO serving initial configuration
2022/06/05 11:11:45.448 INFO tls finished cleaning storage units
5. What I already tried:
I can define the https_port in the global config or use the 443 port. But what if I want to listen on multiple ports?