1. Caddy version (caddy version
):
2.3.0 (caddy:latest dockerhub image)
2. How I run Caddy:
Caddy runs on a docker container (with ports 80 and 443 open) at local IP address 172.17.0.5
domain (just serving a testpage): https://warcraft-gym.com.
subdomains: “mongo." "backend.” “portainer.*” - which are all serving exactly the services they describe (backend is a node express app).
a. System environment:
Azure VM, 18.04 Ubuntu, caddy:latest image on docker, ports 80 and 443 open. Domain is provided by GoDaddy.
b. Command:
It runs via the default docker image, no modifications except to set the volumes, as per this guide, which I followed:
c. Service/unit/compose file:
caddy:latest with no modifications.
d. My complete Caddyfile or JSON config:
warcraft-gym.com {
root * /usr/share/caddy
file_server
}
mongo.warcraft-gym.com {
reverse_proxy 172.17.0.6:27017
}
portainer.warcraft-gym.com {
reverse_proxy 172.17.0.2:9000
}
backend.warcraft-gym.com {
reverse_proxy 172.17.0.4:3000
}
3. The problem I’m having:
My main domain seems to work fine, however my subdomains appear to be connecting directly and not as expected.
portainer.warcraft-gym.com
→ warcraft-gym.com:9000
What I expect is for caddy to serve the process running in its own docker @ local IP 172.17.0.2:9000 via port 443 to the outside world. This doesn’t seem to be happening?
I’ve seen other setups running portainer or other webui interfaces via local processes running on something other than 80 or 443 with SSL, so I’m not sure what I’m missing here.
4. Error messages and/or full log output:
There aren’t really any errors that I can find, just for some reason I think I have my setup wrong.
Looking at the caddy containers logs, it looks like the certificates are being received for my subdomains (I copied every line referencing the portainer subdomain, its the same for mongo/backend subdomains:)
{"level":"info","ts":1617878134.3051085,"logger":"tls.obtain","msg":"acquiring lock","identifier":"portainer.warcraft-gym.com"},
{"level":"info","ts":1617878134.305324,"logger":"tls.obtain","msg":"lock acquired","identifier":"portainer.warcraft-gym.com"},
{"level":"info","ts":1617878134.3060715,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["portainer.warcraft-gym.com"]},
{"level":"info","ts":1617878134.3061519,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["portainer.warcraft-gym.com"]},
{"level":"info","ts":1617878135.324884,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"portainer.warcraft-gym.com","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"},
{"level":"info","ts":1617878135.5791478,"logger":"tls","msg":"served key authentication certificate","server_name":"portainer.warcraft-gym.com","challenge":"tls-alpn-01","remote":"18.196.96.172:34702","distributed":false},
{"level":"info","ts":1617878135.7058127,"logger":"tls","msg":"served key authentication certificate","server_name":"portainer.warcraft-gym.com","challenge":"tls-alpn-01","remote":"3.22.70.135:41306","distributed":false},
{"level":"info","ts":1617878135.78391,"logger":"tls","msg":"served key authentication certificate","server_name":"portainer.warcraft-gym.com","challenge":"tls-alpn-01","remote":"34.211.6.84:64358","distributed":false},
{"level":"info","ts":1617878135.8473635,"logger":"tls","msg":"served key authentication certificate","server_name":"portainer.warcraft-gym.com","challenge":"tls-alpn-01","remote":"64.78.149.164:65410","distributed":false},
{"level":"info","ts":1617878137.0114253,"logger":"tls.obtain","msg":"certificate obtained successfully","identifier":"portainer.warcraft-gym.com"},
{"level":"info","ts":1617878137.0115216,"logger":"tls.obtain","msg":"releasing lock","identifier":"portainer.warcraft-gym.com"},
{"level":"info","ts":1617878611.5199544,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["*.warcraft-gym.com","portainer.warcraft-gym.com","backend.warcraft-gym.com","mongo.warcraft-gym.com"]},
{"level":"info","ts":1617878470.268824,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["portainer.warcraft-gym.com","backend.warcraft-gym.com","mongo.warcraft-gym.com","warcraft-gym.com"]},
{"level":"info","ts":1617878134.2905104,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["teamspeak.warcraft-gym.com","portainer.warcraft-gym.com","backend.warcraft-gym.com","mongo.warcraft-gym.com","warcraft-gym.com"]}
5. What I already tried:
Tried various trial-and-error solutions from this forum, looking at anything with reverse proxys. I read the docs and a few medium articles. Honestly though, I tried caddy because I don’t know much about webservers, so I was just hoping for a nudge in the right direction, as I suspect my config is not correct somehow.
6. Links to relevant resources:
I followed this guide for setup: