1. Caddy version (caddy version
):
v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=
2. How I run Caddy:
From the docker respository caddy:alpine
docker run -d --name='CaddyV2' --net='bridge' -e TZ="America/New_York" -e HOST_OS="Unraid" -p '1880:80/tcp' -p '18443:443/tcp' -p '8880:8880/tcp' -v '/mnt/user/appdata/caddy/data':'/data':'rw' -v '/mnt/user/appdata/caddy':'/config':'rw' -v '/mnt/user/appdata/caddy/caddyfile.cfg':'/etc/caddy/Caddyfile':'rw' -v '/mnt/user/appdata/caddy/www/':'/www':'ro' 'caddy:alpine'
a. System environment:
Docker
b. Command:
It’s internal to the official Docker. Not sure.
c. Service/unit/compose file:
It’s internal to the official Docker. Not sure.
d. My complete Caddyfile or JSON config:
{
admin :2019 {
#enforce_origin
#origins 192.168.0.0/24
}
auto_https off
}
#http://192.168.0.100:8880 {
#https://192.168.0.100:8880 {
192.168.0.100:8880 {
file_server
root * /www
#rewrite * /index.html
encode gzip
log {
output file 8880.log
format single_field common_log
}
tls internal {
}
}
3. The problem I’m having:
Things just work when you don’t specify a port, but with a port only http will work. I can’t find any combination that enables TLS with a HTTPS request.
4. Error messages and/or full log output:
curl -v https://192.168.0.100:8880
* Rebuilt URL to: https://192.168.0.100:8880/
* Trying 192.168.0.100...
* TCP_NODELAY set
* Connected to 192.168.0.100 (192.168.0.100) port 8880 (#0)
* schannel: SSL/TLS connection with 192.168.0.100 port 8880 (step 1/3)
* schannel: checking server certificate revocation
* schannel: using IP address, SNI is not supported by OS.
* schannel: sending initial handshake data: sending 162 bytes...
* schannel: sent initial handshake data: sent 162 bytes
* schannel: SSL/TLS connection with 192.168.0.100 port 8880 (step 2/3)
* schannel: encrypted data got 7
* schannel: encrypted data buffer: offset 7 length 4096
* schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with 192.168.0.100 port 8880
* schannel: clear security context handle
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
5. What I already tried:
I had great early success with Caddy, everything just worked amazingly well, but now I’ve somehow spent 6 hours on getting https to work on a port.
I’ve tried including the protocol in the caddy file configuration of the domain. This works to enable http, but https is just ignored it would seem. With just http, I’ve validated all the networking, but once I try and use https it falls apart. I’ve checked that the certificate as created. It was. I’ve tried turning off the auto_https but it didn’t help in anyway. I’ve stripped the config down to just this server. Only other option I can think of is whatever options moving to JSON would offer but having turned “auto_https off” completely I don’t see those extra “automatic_https” options being relevant.