I was trying to set-up caddy as a reverse proxy for my local nextcloud instance. I am only accessing this over my LAN. However, when I run my podman container and go to my servers IP (in this case https://192.168.1.251:4443/) I get the error message in the next section.
I tried running the same container on my workstation and I can access the webpage (via https://localhost:4443), so I am wondering if I am misunderstanding local https. I.e. does local only refer to the machine caddy is running on?
The problem is that you specified localhost in the Caddyfile. This tells Caddy to only manage a certificate for localhost. If you need to access it from elsewhere on your network, you’ll need to configure Caddy to issue certificates for more than just that.
One approach is to use On-Demand TLS, a feature that tells Caddy to issue a cert during the TLS handshake if it doesn’t have one already for that given request. Looks like this:
You wrote you are on LAN, do not use automatic HTTPs and domain names.
May I ask why you want Caddy in front of Nextcloud?
Don’t take me wrong. I love Caddy and use it on productive environments with nextcloud.
But I miss the reason why you want to tunnel everything through a reverse proxy (single point of failure) when the source can be directly reached. Nextcloud also could do self signed SSL.
That and some people may want more services accesable from the internet via the official port (443). In that case you have to put a Caddy in front. Within the LAN you can choose to have http only or have Caddy issue certificates for your local hosts.
Thanks! So I’ve added /data/pki/authorities/local/root.crt to my iPhone and enabled it, however if I go to the address in safari it still throws a warning about the cert. Then on my linux machine I’ve imported it to firefox as an authority and it says SEC_ERROR_BAD_SIGNATURE if I visit the address.