HTTPS timing out after switching internet providers

dankinah · September 18, 2023, 8:31pm

1. The problem I’m having:

I am timing out trying to use reverse proxy with my website when using https. Everything is working correctly reverse proxying the http version so I assume it has something to do with my old certs maybe? Any troubleshooting suggestions are appreciated. What I’ve tried so far:

Website is up and accessible on localhost
Port forwarding setup and verified using external source
DNS A record is setup and verified with nslookup
Domain resolves correctly when launched using reverse-proxy --from http://domain.ca --to :3000 --debug

2. Error messages and/or full log output:

Caddy output doesn’t show connections being made

$ sudo caddy reverse-proxy --from https://domain.ca --to :3000 --debug
2023/09/18 20:18:53.019 WARN    admin   admin endpoint disabled
2023/09/18 20:18:53.020 INFO    http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "proxy", "https_port": 443}
2023/09/18 20:18:53.020 INFO    http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "proxy"}
2023/09/18 20:18:53.020 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc0003fd980"}
2023/09/18 20:18:53.020 DEBUG   http.auto_https adjusted config {"tls": {"automation":{"policies":[{}]}}, "http": {"servers":{"proxy":{"listen":[":443"],"routes":[{"handle":[{"handler":"reverse_proxy","transport":{"protocol":"http"},"upstreams":[{"dial":":3000"}]}]}],"tls_connection_policies":[{}],"automatic_https":{}},"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]}}}}
2023/09/18 20:18:53.020 INFO    tls     cleaning storage unit   {"description": "FileStorage:/root/.local/share/caddy"}
2023/09/18 20:18:53.020 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2023/09/18 20:18:53.021 DEBUG   http    starting server loop    {"address": "[::]:443", "tls": true, "http3": true}
2023/09/18 20:18:53.021 INFO    http.log        server running  {"name": "proxy", "protocols": ["h1", "h2", "h3"]}
2023/09/18 20:18:53.022 DEBUG   http    starting server loop    {"address": "[::]:80", "tls": false, "http3": false}
2023/09/18 20:18:53.022 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/09/18 20:18:53.023 INFO    http    enabling automatic TLS certificate management   {"domains": ["domain.ca"]}
2023/09/18 20:18:53.023 INFO    tls     finished cleaning storage units
2023/09/18 20:18:53.023 DEBUG   tls     loading managed certificate     {"domain": "domain.ca", "expiration": "2023/11/07 03:18:32.000", "issuer_key": "acme-v02.api.letsencrypt.org-directory", "storage": "FileStorage:/root/.local/share/caddy"}
2023/09/18 20:18:53.024 DEBUG   tls.cache       added certificate to cache      {"subjects": ["domain.ca"], "expiration": "2023/11/07 03:18:32.000", "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "5a376e3f98efaa4a51751d4cd488a2a4f3aa890e5618e7f2f8bd3b09d7fc6309", "cache_size": 1, "cache_capacity": 10000}
2023/09/18 20:18:53.024 DEBUG   events  event   {"name": "cached_managed_cert", "id": "3d91ccb8-c611-4060-9d67-f65159cf0cc1", "origin": "tls", "data": {"sans":["domain.ca"]}}
Caddy proxying https://domain.ca -> :3000

Output of curl from another computer

$ curl -s -o /dev/null -vvv https://domain.ca
*   Trying 24.0.0.0:443...
* connect to 24.0.0.0 port 443 failed: Connection timed out
* Failed to connect to domain.ca port 443 after 130788 ms: Connection timed out
* Closing connection 0

3. Caddy version:

$ caddy version
v2.7.4 h1:J8nisjdOxnYHXlorUKXY75Gr6iBfudfoGhrJ8t7/flI=

4. How I installed and ran Caddy:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/gpg.key’ | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf ‘https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt’ | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

a. System environment:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux trixie/sid
Release:        n/a
Codename:       trixie
$ cat /etc/issue
Debian GNU/Linux trixie/sid \n \l

$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux trixie/sid"
NAME="Debian GNU/Linux"
VERSION_CODENAME=trixie
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

$ hostnamectl
 Static hostname: debian-server
       Icon name: computer-desktop
         Chassis: desktop 🖥️
      Machine ID: 3fa94cfc5ae54277ad33e054b317de1a
         Boot ID: ae0ae9f70ead468a92a9f0cb99d2633c
Operating System: Debian GNU/Linux trixie/sid
          Kernel: Linux 6.4.0-4-amd64
    Architecture: x86-64
 Hardware Vendor: Lenovo
  Hardware Model: ThinkCentre M93p
Firmware Version: FBKT53AUS
   Firmware Date: Fri 2013-09-27
    Firmware Age: 9y 11month 3w

b. Command:

sudo caddy reverse-proxy --from https://domain.ca --to :3000 --debug

francislavoie · September 18, 2023, 10:57pm

Try connecting from outside of your network (instead of from inside your network), with your phone on your cell plan or w/e. Does it work then? If so then the problem is that your router doesn’t support NAT hairpinning, i.e. doesn’t know how to route packets destined to your WAN IP back into your network.

dankinah · September 18, 2023, 11:13pm

Yep that’s it! Thank you!