Unfortunately I can’t seem to have caddy serve https contect locally.
This site can’t provide a secure connection192.168.100.100 sent an invalid response.
ERR_SSL_PROTOCOL_ERROR
is what Chrome keeps telling me.
when I try curl I get
* Expire in 0 ms for 6 (transfer 0x2d48a0)
* Trying 192.168.100.100...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x2d48a0)
* Connected to 192.168.100.100 (192.168.100.100) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
However if I run the caddy binary directly:
* Expire in 0 ms for 6 (transfer 0xc0b8a0)
* Trying 192.168.100.100...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0xc0b8a0)
* Connected to 192.168.100.100 (192.168.100.100) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: [NONE]
* start date: Jan 15 12:58:04 2021 GMT
* expire date: Jan 16 00:58:04 2021 GMT
* subjectAltName: host "192.168.100.100" matched cert's IP address!
* issuer: CN=Caddy Local Authority - ECC Intermediate
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xc0b8a0)
> GET / HTTP/2
> Host: 192.168.100.100
> User-Agent: curl/7.64.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 200
< accept-ranges: bytes
< content-type: text/html; charset=utf-8
< etag: "qmtrq67x"
< last-modified: Tue, 12 Jan 2021 14:18:06 GMT
< server: Caddy
< content-length: 285
< date: Fri, 15 Jan 2021 12:59:52 GMT
<
<!doctype html>
<html>
<head>
<title>This is the title of the webpage!</title>
</head>
<body>
<p>This is an example paragraph. Anything in the <strong>body</strong> tag will appear on the page, just like this <strong>p</strong> tag and its contents.</p>
</body>
* Connection #0 to host 192.168.100.100 left intact
</html>
When I go there with Chrome I see
NET::ERR_CERT_AUTHORITY_INVALID
But I can click on advanced and proceed to the website anyway.
Which is what I want.
I found the following thread:
That is the same thing that I am experiencing.
So it seems I am connecting to docker’s own ip-space for which no certificate is available.
But of course over http it does work.
The fix you gave here:
is what you suggested me to try, which I did.
I copied the the root and intermediate crt files to /etc/ssl/certs/
and I copied the key fiels to /etc/ssl/private on the host machine.
Then I ran update-ca-certificates.
This doesn’t seem to work.
The only think I can think of is to not have docker run in it’s own network.
But let it connect directly to the host with the option network_mode: host (This works 
)
As discussed here:
But I wish to understand how to make it work with your suggestion.