1. Caddy version (caddy version):
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=
2. How I run Caddy:
download from github releases page and run binary from terminal
a. System environment:
Linux thingpad 5.4.0-65-generic #73-Ubuntu SMP Mon Jan 18 17:25:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
b. Command:
~/Desktop/programs/caddy/caddy reverse-proxy --from https://localhost:4443 --to http://localhost:8080
3. The problem I’m having:
The docs say “The first time a root key is used, Caddy will try to install it into the system’s local trust store(s). If it does not have permission to do so, it will prompt for a password. This behavior can be disabled in the configuration if it is not desired.” but the docs lack any link or example to back up this claim that it can be disabled.
I would like to point out this is a widespread, pervasive issue with the Caddy documentation and its the reason yall have to have people spending all day answering “stupid” questions on this forum. Almost all of the documentation pages don’t contain practical examples that show how to use the documented feature. More often than not the only way to learn how to use any given caddy feature is:
- look at the test code (this is the best and easiest but not every caddy feature has “integration” style test code that contains config files)
- find forum posts or other discussions where someone posted their config while working with the feature you are studying
- looking at the source code which implements the feature
4. Error messages and/or full log output:
forest@thingpad:~/Desktop/programs/caddy$ ~/Desktop/programs/caddy/caddy reverse-proxy --from https://localhost:4443 --to http://localhost:8080
2021/02/19 01:36:31.289 WARN admin admin endpoint disabled
2021/02/19 01:36:31.290 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "proxy"}
2021/02/19 01:36:31.290 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0003325b0"}
2021/02/19 01:36:31.300 INFO tls cleaned up storage units
2021/02/19 01:36:31.330 WARN pki.ca.local installing root certificate (you might be prompted for password) {"path": "storage:pki/authorities/local/root.crt"}
2021/02/18 19:36:31 Warning: "certutil" is not available, install "certutil" with "apt install libnss3-tools" or "yum install nss-tools" and try again
2021/02/18 19:36:31 define JAVA_HOME environment variable to use the Java trust
[sudo] password for forest:
5. What I already tried:
I spent about 10 minutes google searching and looking around on this forum for anyone who had figured out how to configure it so it will start without trying to mess with the trust store.
I ended up just running it inside docker container because that was the only thing I found while searching, and I simply wanted to run it to test performance of an app under HTTP/2 but didn’t want it to mess with my trust store.
forest@thingpad:~/Desktop/programs/caddy$ sudo docker run -v `pwd`:/caddy --net host --entrypoint /caddy/caddy ubuntu reverse-proxy --from https://localhost:4443 --to http://localhost:8080