1. Caddy version (caddy version
):
caddy:2.2.0-alpine
a. System environment:
Linux 5.4.0-48-generic #52-Ubuntu SMP Thu Sep 10 10:58:49 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
b. Command:
docker-compose up
c. Service/unit/compose file:
version: "3.3"
services:
proxy:
image: caddy:2.2.0-alpine
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./caddy/Caddyfile:/etc/caddy/Caddyfile
- ./caddy-data:/data
- ./caddy/caddy_config:/config
- ./caddy/self_signed_certs:/etc/caddy/self_signed_certs
d. My complete Caddyfile or JSON config:
{
auto_https disable_redirects
}
127.0.0.1:80 {
respond "Hello, world!"
}
127.0.0.1:443 {
tls /etc/caddy/self_signed_certs/cert.crt /etc/caddy/self_signed_certs/cert.key
respond "Hello, world!"
}
3. The problem I’m having:
When running locally (from the host running docker)
curl -v --insecure https://127.0.0.1
The request fails with
* Trying 127.0.0.1:443...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error
If I use http curl -v http://127.0.0.1
it works as expected.
Also If I jump into the container and run the same curl curl -v --insecure https://127.0.0.1
it works as expected (answers Hello World
)
Let me know if there is anymore information I can provide. Really I am unsure why the https fails via the docker host and works inside.