1. The problem I’m having:
I have some API with nestjs and store in ec2. I try to convert my IP host from ec2, from HTTP to HTTPS using a custom domain. The server is run with docker and use port 3000. When I try to use Caddy, I can’t access my custom domain with HTTPS
2. Error messages and/or full log output:
$ caddy run --config ./Caddyfile --watch
2024/01/09 17:10:52.296 INFO using provided configuration {"config_file": "./Caddyfile", "config_adapter": ""}
2024/01/09 17:10:52.298 WARN Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies {"adapter": "caddyfile", "file": "./Caddyfile", "line": 3}
2024/01/09 17:10:52.298 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//[::1]:2019", "//127.0.0.1:2019", "//localhost:2019"]}
2024/01/09 17:10:52.299 INFO http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2024/01/09 17:10:52.299 INFO http.auto_https enabling automatic HTTP->HTTPS redirects{"server_name": "srv0"}
2024/01/09 17:10:52.299 INFO http enabling HTTP/3 listener {"addr": ":443"}
2024/01/09 17:10:52.299 INFO failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details.
2024/01/09 17:10:52.300 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/01/09 17:10:52.300 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/01/09 17:10:52.300 INFO http enabling automatic TLS certificate management {"domains": ["coba2.tatos.co.id"]}
2024/01/09 17:10:52.301 INFO autosaved config (load with --resume flag) {"file": "/home/ec2-user/.config/caddy/autosave.json"}
2024/01/09 17:10:52.301 INFO serving initial configuration
2024/01/09 17:10:52.301 INFO watcher watching config file for changes {"config_file": "./Caddyfile"}
2024/01/09 17:10:52.301 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc00027bc80"}
2024/01/09 17:10:52.303 WARN tls storage cleaning happened too recently; skipping for now {"storage": "FileStorage:/home/ec2-user/.local/share/caddy", "instance": "08c52d78-0c92-40ef-b25f-ab9e4114de17", "try_again": "2024/01/10 17:10:52.303", "try_again_in": 86399.999999065}
2024/01/09 17:10:52.303 INFO tls finished cleaning storage units
^[[C2024/01/09 17:20:41.503 ERROR http looking up info for HTTP challenge {"host": "coba2.tatos.co.id", "remote_addr": "66.133.109.36:63873", "user_agent": "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)", "error": "no information found to solve challenge for identifier: coba2.tatos.co.id"}
2024/01/09 17:20:41.503 ERROR http looking up info for HTTP challenge {"host": "coba2.tatos.co.id", "remote_addr": "66.133.109.36:63873", "user_agent": "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)", "error": "no information found to solve challenge for identifier: coba2.tatos.co.id"}
2024/01/09 17:20:49.744 ERROR http looking up info for HTTP challenge {"host": "coba2.tatos.co.id", "remote_addr": "34.217.79.224:21224", "user_agent": "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)", "error": "no information found to solve challenge for identifier: coba2.tatos.co.id"}
2024/01/09 17:20:49.744 ERROR http looking up info for HTTP challenge {"host": "coba2.tatos.co.id", "remote_addr": "34.217.79.224:21224", "user_agent": "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)", "error": "no information found to solve challenge for identifier: coba2.tatos.co.id"}
2024/01/09 17:20:49.831 ERROR http looking up info for HTTP challenge {"host": "coba2.tatos.co.id", "remote_addr": "3.145.43.92:17658", "user_agent": "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)", "error": "no information found to solve challenge for identifier: coba2.tatos.co.id"}
2024/01/09 17:20:49.831 ERROR http looking up info for HTTP challenge {"host": "coba2.tatos.co.id", "remote_addr": "3.145.43.92:17658", "user_agent": "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)", "error": "no information found to solve challenge for identifier: coba2.tatos.co.id"}
this is the error from postman console
GET https://coba2.tatos.co.id:3000/
Error: write EPROTO 4615549288:error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:../../../../src/third_party/boringssl/src/ssl/tls_record.cc:242:
Request Headers
User-Agent: PostmanRuntime/7.36.0
Accept: */*
Postman-Token: 5b836051-17c3-41bd-97d5-53abee4de47d
Host: coba2.tatos.co.id:3000
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
3. Caddy version:
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
4. How I installed and ran Caddy:
im created a Caddyfile inside my root project, like this
coba2.tatos.co.id {
reverse_proxy 127.0.0.1:3000
}
after the docker is run
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
c750825ea945 amazon-nest-docker-postgres "docker-entrypoint.s…" 22 minutes ago Up 22 minutes 80/tcp, 0.0.0.0:3000->3000/tcp, :::3000->3000/tcp nest-docker-postgres
3307845c6041 postgis/postgis "docker-entrypoint.s…" 2 weeks ago Up 22 minutes 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp amazon-db_docker-1
0fc2eb47af86 redis:alpine "docker-entrypoint.s…" 3 weeks ago Up 22 minutes 0.0.0.0:6379->6379/tcp, :::6379->6379/tcp amazon-redis_docker-1
a. System environment:
- ec2 with ec2-user
- Docker
- nestjs
b. Command:
I start this command to run Caddy after Docker is run
caddy run --config ./Caddyfile --watch
c. Service/unit/compose file:
version: '3.5'
services:
db_docker:
image: postgis/postgis
restart: always
environment:
POSTGRES_PASSWORD: ${DATABASE_PASSWORD}
POSTGRES_USER: ${DATABASE_USERNAME}
DATABASE_DB: ${DATABASE_DB}
ports:
- 5432:5432
env_file:
- .env
redis_docker:
image: 'redis:alpine'
command: redis-server
ports:
- 6379:6379
nest-docker-postgres:
build:
context: .
dockerfile: Dockerfile
container_name: nest-docker-postgres
environment:
- PORT=${PORT}
ports:
- '3000:3000'
depends_on:
- db_docker
- redis_docker
volumes:
- ./src:/app/src
d. My complete Caddy config:
coba2.tatos.co.id {
reverse_proxy 127.0.0.1:3000
}
5. Links to relevant resources:
I already register the new record with my ec2 IP host
But I can’t access my https://coba2.tatos.co.id:3000/
# This site can’t provide a secure connection
**coba2.tatos.co.id** sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
Please, any idea how to solve this issue?
Thanks & have a good day