1. The problem I’m having:
I am timing out trying to use reverse proxy with my website when using https. Everything is working correctly reverse proxying the http version so I assume it has something to do with my old certs maybe? Any troubleshooting suggestions are appreciated. What I’ve tried so far:
- Website is up and accessible on localhost
- Port forwarding setup and verified using external source
- DNS A record is setup and verified with nslookup
- Domain resolves correctly when launched using
reverse-proxy --from http://domain.ca --to :3000 --debug
2. Error messages and/or full log output:
Caddy output doesn’t show connections being made
$ sudo caddy reverse-proxy --from https://domain.ca --to :3000 --debug
2023/09/18 20:18:53.019 WARN admin admin endpoint disabled
2023/09/18 20:18:53.020 INFO http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "proxy", "https_port": 443}
2023/09/18 20:18:53.020 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {"server_name": "proxy"}
2023/09/18 20:18:53.020 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0003fd980"}
2023/09/18 20:18:53.020 DEBUG http.auto_https adjusted config {"tls": {"automation":{"policies":[{}]}}, "http": {"servers":{"proxy":{"listen":[":443"],"routes":[{"handle":[{"handler":"reverse_proxy","transport":{"protocol":"http"},"upstreams":[{"dial":":3000"}]}]}],"tls_connection_policies":[{}],"automatic_https":{}},"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]}}}}
2023/09/18 20:18:53.020 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2023/09/18 20:18:53.020 INFO http enabling HTTP/3 listener {"addr": ":443"}
2023/09/18 20:18:53.021 DEBUG http starting server loop {"address": "[::]:443", "tls": true, "http3": true}
2023/09/18 20:18:53.021 INFO http.log server running {"name": "proxy", "protocols": ["h1", "h2", "h3"]}
2023/09/18 20:18:53.022 DEBUG http starting server loop {"address": "[::]:80", "tls": false, "http3": false}
2023/09/18 20:18:53.022 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/09/18 20:18:53.023 INFO http enabling automatic TLS certificate management {"domains": ["domain.ca"]}
2023/09/18 20:18:53.023 INFO tls finished cleaning storage units
2023/09/18 20:18:53.023 DEBUG tls loading managed certificate {"domain": "domain.ca", "expiration": "2023/11/07 03:18:32.000", "issuer_key": "acme-v02.api.letsencrypt.org-directory", "storage": "FileStorage:/root/.local/share/caddy"}
2023/09/18 20:18:53.024 DEBUG tls.cache added certificate to cache {"subjects": ["domain.ca"], "expiration": "2023/11/07 03:18:32.000", "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "5a376e3f98efaa4a51751d4cd488a2a4f3aa890e5618e7f2f8bd3b09d7fc6309", "cache_size": 1, "cache_capacity": 10000}
2023/09/18 20:18:53.024 DEBUG events event {"name": "cached_managed_cert", "id": "3d91ccb8-c611-4060-9d67-f65159cf0cc1", "origin": "tls", "data": {"sans":["domain.ca"]}}
Caddy proxying https://domain.ca -> :3000
Output of curl from another computer
$ curl -s -o /dev/null -vvv https://domain.ca
* Trying 24.0.0.0:443...
* connect to 24.0.0.0 port 443 failed: Connection timed out
* Failed to connect to domain.ca port 443 after 130788 ms: Connection timed out
* Closing connection 0
3. Caddy version:
$ caddy version
v2.7.4 h1:J8nisjdOxnYHXlorUKXY75Gr6iBfudfoGhrJ8t7/flI=
4. How I installed and ran Caddy:
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/gpg.key’ | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt’ | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
a. System environment:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux trixie/sid
Release: n/a
Codename: trixie
$ cat /etc/issue
Debian GNU/Linux trixie/sid \n \l
$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux trixie/sid"
NAME="Debian GNU/Linux"
VERSION_CODENAME=trixie
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
$ hostnamectl
Static hostname: debian-server
Icon name: computer-desktop
Chassis: desktop 🖥️
Machine ID: 3fa94cfc5ae54277ad33e054b317de1a
Boot ID: ae0ae9f70ead468a92a9f0cb99d2633c
Operating System: Debian GNU/Linux trixie/sid
Kernel: Linux 6.4.0-4-amd64
Architecture: x86-64
Hardware Vendor: Lenovo
Hardware Model: ThinkCentre M93p
Firmware Version: FBKT53AUS
Firmware Date: Fri 2013-09-27
Firmware Age: 9y 11month 3w
b. Command:
sudo caddy reverse-proxy --from https://domain.ca --to :3000 --debug