1. My Caddy version (caddy version
):
v2.0.0-rc.1 h1:DxUlg4kMisXwXVnWND7KEPl1f+vjFpIOzYpKpfmwyj8=
2. How I run Caddy:
a. System environment:
Raspberry Pi 3+, Raspbian GNU/Linux 10 (buster), manual install of Caddy2 from the GitHub releases and systems service.
c. Service/unit/compose file:
[Unit]
Description=Caddy Web Server
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/local/bin/caddy run --config /etc/caddy/Caddyfile --resume --environ
ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
{
email nicolinux@gmail.com
}
(logs) {
log {
output file /var/log/caddy/access.log
}
}
raspberry.local:80 {
root * /var/www/recettes/_site
file_server
import logs
}
3. The problem I’m having:
I’m a using a Raspberry Pi to host a local website, with no access from outside the local network. The config above works perfectly, but only on the port 80 and so on HTTP.
Since I think it should be possible, I’m trying to activate the local HTTPS mode of Caddy2. I’m not sure how it should work though, or if I have to do something about it.
5. What I already tried:
I tried the obvious one :
{
email nicolinux@gmail.com
}
(logs) {
log {
output file /var/log/caddy/access.log
}
}
raspberry.local {
root * /var/www/recettes/_site
file_server
import logs
}
At restart, here are the relevant logs :
Apr 7 13:57:27 raspberry caddy[3999]: {"level":"info","ts":1586260647.534609,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["raspberry.local"]}
Apr 7 13:57:27 raspberry caddy[3999]: {"level":"info","ts":1586260647.5353696,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Apr 7 13:57:27 raspberry caddy[3999]: {"level":"info","ts":1586260647.5354424,"msg":"serving initial configuration"}
Apr 7 13:57:27 raspberry caddy[3999]: 2020/04/07 13:57:27 [INFO][raspberry.local] Obtain certificate; acquiring lock...
Apr 7 13:57:27 raspberry caddy[3999]: 2020/04/07 13:57:27 [INFO][raspberry.local] Obtain: Lock acquired; proceeding...
Apr 7 13:57:27 raspberry caddy[3999]: 2020/04/07 13:57:27 [INFO][raspberry.local] Certificate obtained successfully
Apr 7 13:57:27 raspberry caddy[3999]: 2020/04/07 13:57:27 [INFO][raspberry.local] Obtain: Releasing lock
Apr 7 13:57:27 raspberry caddy[3999]: 2020/04/07 13:57:27 [WARNING] Stapling OCSP: no OCSP stapling for [raspberry.local]: no OCSP server specified in certificate
Using localhost as in the documentation generates certificates, but I can’t access the website using localhost, since I’m using a different device, for instance my phone. I (think I) have to use the raspberry.local
domain, and then, as one could predict :
Apr 7 13:58:57 raspberry caddy[4159]: 2020/04/07 13:58:57 http: TLS handshake error from [fe80::c:4403:769e:ba96%eth0]:59507: no certificate available for 'raspberry.local'
Apr 7 13:58:57 raspberry caddy[4159]: 2020/04/07 13:58:57 http: TLS handshake error from [fe80::c:4403:769e:ba96%eth0]:59508: no certificate available for 'raspberry.local'
Apr 7 13:58:57 raspberry caddy[4159]: 2020/04/07 13:58:57 http: TLS handshake error from [fe80::c:4403:769e:ba96%eth0]:59509: tls: client offered only unsupported versions: [301]
Is there a solution for this setup ? Or should I just keep using http, which is fine in this context obviously but…
Bonus question
Is there an easy way to create a second fake local domain ? I also have homebridge running on this Raspberry Pi and I’m using a web interface on port 8080. I could do a proxy with Caddy, but could I have, for example, a homebridge.local
domain name ?
Thanks for your help on this really niche subject !