How to use caddy with ec2 - docker - nestjs

pisangGoreng · January 9, 2024, 5:41pm

1. The problem I’m having:

I have some API with nestjs and store in ec2. I try to convert my IP host from ec2, from HTTP to HTTPS using a custom domain. The server is run with docker and use port 3000. When I try to use Caddy, I can’t access my custom domain with HTTPS

2. Error messages and/or full log output:

$ caddy run --config ./Caddyfile --watch
2024/01/09 17:10:52.296	INFO	using provided configuration	{"config_file": "./Caddyfile", "config_adapter": ""}
2024/01/09 17:10:52.298	WARN	Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies	{"adapter": "caddyfile", "file": "./Caddyfile", "line": 3}
2024/01/09 17:10:52.298	INFO	admin	admin endpoint started	{"address": "localhost:2019", "enforce_origin": false, "origins": ["//[::1]:2019", "//127.0.0.1:2019", "//localhost:2019"]}
2024/01/09 17:10:52.299	INFO	http.auto_https	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2024/01/09 17:10:52.299	INFO	http.auto_https	enabling automatic HTTP->HTTPS redirects{"server_name": "srv0"}
2024/01/09 17:10:52.299	INFO	http	enabling HTTP/3 listener	{"addr": ":443"}
2024/01/09 17:10:52.299	INFO	failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details.
2024/01/09 17:10:52.300	INFO	http.log	server running	{"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/01/09 17:10:52.300	INFO	http.log	server running	{"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/01/09 17:10:52.300	INFO	http	enabling automatic TLS certificate management	{"domains": ["coba2.tatos.co.id"]}
2024/01/09 17:10:52.301	INFO	autosaved config (load with --resume flag)	{"file": "/home/ec2-user/.config/caddy/autosave.json"}
2024/01/09 17:10:52.301	INFO	serving initial configuration
2024/01/09 17:10:52.301	INFO	watcher	watching config file for changes	{"config_file": "./Caddyfile"}
2024/01/09 17:10:52.301	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0xc00027bc80"}
2024/01/09 17:10:52.303	WARN	tls	storage cleaning happened too recently; skipping for now	{"storage": "FileStorage:/home/ec2-user/.local/share/caddy", "instance": "08c52d78-0c92-40ef-b25f-ab9e4114de17", "try_again": "2024/01/10 17:10:52.303", "try_again_in": 86399.999999065}
2024/01/09 17:10:52.303	INFO	tls	finished cleaning storage units
^[[C2024/01/09 17:20:41.503	ERROR	http	looking up info for HTTP challenge	{"host": "coba2.tatos.co.id", "remote_addr": "66.133.109.36:63873", "user_agent": "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)", "error": "no information found to solve challenge for identifier: coba2.tatos.co.id"}
2024/01/09 17:20:41.503	ERROR	http	looking up info for HTTP challenge	{"host": "coba2.tatos.co.id", "remote_addr": "66.133.109.36:63873", "user_agent": "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)", "error": "no information found to solve challenge for identifier: coba2.tatos.co.id"}
2024/01/09 17:20:49.744	ERROR	http	looking up info for HTTP challenge	{"host": "coba2.tatos.co.id", "remote_addr": "34.217.79.224:21224", "user_agent": "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)", "error": "no information found to solve challenge for identifier: coba2.tatos.co.id"}
2024/01/09 17:20:49.744	ERROR	http	looking up info for HTTP challenge	{"host": "coba2.tatos.co.id", "remote_addr": "34.217.79.224:21224", "user_agent": "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)", "error": "no information found to solve challenge for identifier: coba2.tatos.co.id"}
2024/01/09 17:20:49.831	ERROR	http	looking up info for HTTP challenge	{"host": "coba2.tatos.co.id", "remote_addr": "3.145.43.92:17658", "user_agent": "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)", "error": "no information found to solve challenge for identifier: coba2.tatos.co.id"}
2024/01/09 17:20:49.831	ERROR	http	looking up info for HTTP challenge	{"host": "coba2.tatos.co.id", "remote_addr": "3.145.43.92:17658", "user_agent": "Mozilla/5.0 (compatible; Let's Encrypt validation server; +https://www.letsencrypt.org)", "error": "no information found to solve challenge for identifier: coba2.tatos.co.id"}

this is the error from postman console

GET https://coba2.tatos.co.id:3000/
Error: write EPROTO 4615549288:error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:../../../../src/third_party/boringssl/src/ssl/tls_record.cc:242:
Request Headers
User-Agent: PostmanRuntime/7.36.0
Accept: */*
Postman-Token: 5b836051-17c3-41bd-97d5-53abee4de47d
Host: coba2.tatos.co.id:3000
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

im created a Caddyfile inside my root project, like this

coba2.tatos.co.id {
	reverse_proxy 127.0.0.1:3000
}

after the docker is run

CONTAINER ID   IMAGE                         COMMAND                  CREATED          STATUS          PORTS                                               NAMES
c750825ea945   amazon-nest-docker-postgres   "docker-entrypoint.s…"   22 minutes ago   Up 22 minutes   80/tcp, 0.0.0.0:3000->3000/tcp, :::3000->3000/tcp   nest-docker-postgres
3307845c6041   postgis/postgis               "docker-entrypoint.s…"   2 weeks ago      Up 22 minutes   0.0.0.0:5432->5432/tcp, :::5432->5432/tcp           amazon-db_docker-1
0fc2eb47af86   redis:alpine                  "docker-entrypoint.s…"   3 weeks ago      Up 22 minutes   0.0.0.0:6379->6379/tcp, :::6379->6379/tcp           amazon-redis_docker-1

a. System environment:

ec2 with ec2-user
Docker
nestjs

b. Command:

I start this command to run Caddy after Docker is run

caddy run --config ./Caddyfile --watch

c. Service/unit/compose file:

version: '3.5'

services:
  db_docker:
    image: postgis/postgis
    restart: always
    environment:
      POSTGRES_PASSWORD: ${DATABASE_PASSWORD}
      POSTGRES_USER: ${DATABASE_USERNAME}
      DATABASE_DB: ${DATABASE_DB}
    ports:
      - 5432:5432
    env_file:
      - .env

  redis_docker:
    image: 'redis:alpine'
    command: redis-server
    ports:
      - 6379:6379

  nest-docker-postgres:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: nest-docker-postgres
    environment:
      - PORT=${PORT}
    ports:
      - '3000:3000'
    depends_on:
      - db_docker
      - redis_docker
      
    volumes:
      - ./src:/app/src

d. My complete Caddy config:

coba2.tatos.co.id {
	reverse_proxy 127.0.0.1:3000
}

5. Links to relevant resources:

I already register the new record with my ec2 IP host

But I can’t access my https://coba2.tatos.co.id:3000/

# This site can’t provide a secure connection

**coba2.tatos.co.id** sent an invalid response.

ERR_SSL_PROTOCOL_ERROR

Please, any idea how to solve this issue?
Thanks & have a good day

francislavoie · January 9, 2024, 5:59pm

Caddy is listening on port 443, not port 3000. Your app is on port 3000.

Make sure to open ports 80 and 443 in your firewall for Caddy to serve HTTP and HTTPS.

pisangGoreng · January 15, 2024, 4:05am

thank you @francislavoie . im open the port 443 in ec2 configuration. its work now.

system · February 14, 2024, 4:05am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.