HTTPS works for only one docker container

Hello,

I’m a newbie with Caddy (start with this server yesterday).
I’m working into an issue since yesterday, despite lot of tests, research, etc…

You could find below all explanation for my problem :

1. The problem I’m having:

I have installed Caddy, then set this CaddyFile :

{
        acme_ca https://acme-v02.api.letsencrypt.org/directory
}

galadrielgestin.com {
        reverse_proxy wordpress:9292
}

docker.dalt0.fr {
        reverse_proxy portainer:9000
}

dalt0.fr {
        reverse_proxy dalt0.fr:8120
}

Before Caddy, i used nginx (http) and all these websites worked well.

Now :
dalt0.fr is working with HTTPS
The others site don’t work with HTTPS

2. Error messages and/or full log output:

On Chrome :

Ce site ne peut pas fournir de connexion sécuriséewww.galadrielgestin.com a envoyé une réponse incorrecte.
ERR_SSL_PROTOCOL_ERROR

With journalctl --no-pager -u caddy -f :

Aug 03 17:23:57 vps-dea3a066 caddy[2339]: {"level":"info","ts":1691083437.3150465,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Aug 03 17:23:57 vps-dea3a066 caddy[2339]: {"level":"info","ts":1691083437.3150995,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["docker.dalt0.fr","dalt0.fr","galadrielgestin.com","phpmyadmin.dalt0.fr"]}
Aug 03 17:23:57 vps-dea3a066 caddy[2339]: {"level":"info","ts":1691083437.3231375,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Aug 03 17:23:57 vps-dea3a066 caddy[2339]: {"level":"info","ts":1691083437.3231988,"msg":"serving initial configuration"}
Aug 03 17:23:57 vps-dea3a066 systemd[1]: Started Caddy.
Aug 03 17:23:57 vps-dea3a066 caddy[2339]: {"level":"info","ts":1691083437.3288028,"logger":"tls","msg":"finished cleaning storage units"}
Aug 03 17:26:04 vps-dea3a066 caddy[2339]: {"level":"error","ts":1691083564.9400682,"logger":"http.log.error","msg":"dial tcp: lookup wordpress on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"51.254.49.109","remote_port":"59197","client_ip":"51.254.49.109","proto":"HTTP/1.1","method":"GET","host":"galadrielgestin.com","uri":"/","headers":{"Accept-Language":["en-US,en;q=0.5"],"Connection":["close"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"galadrielgestin.com"}},"duration":0.027920761,"status":502,"err_id":"8ayw1r4up","err_trace":"reverseproxy.statusError (reverseproxy.go:1246)"}
Aug 03 17:27:43 vps-dea3a066 caddy[2339]: {"level":"error","ts":1691083663.9168544,"logger":"http.log.error","msg":"dial tcp: lookup portainer on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"171.67.70.229","remote_port":"46194","client_ip":"171.67.70.229","proto":"HTTP/1.1","method":"GET","host":"docker.dalt0.fr","uri":"/","headers":{"Accept":["*/*"],"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 zgrab/0.x"]},"tls":{"resumed":false,"version":771,"cipher_suite":49195,"proto":"","server_name":"docker.dalt0.fr"}},"duration":0.021495246,"status":502,"err_id":"fjji89nq0","err_trace":"reverseproxy.statusError (reverseproxy.go:1246)"}
Aug 03 17:27:43 vps-dea3a066 caddy[2339]: {"level":"error","ts":1691083663.9357233,"logger":"http.log.error","msg":"dial tcp: lookup phpmyadmin on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"171.67.70.229","remote_port":"46198","client_ip":"171.67.70.229","proto":"HTTP/1.1","method":"GET","host":"phpmyadmin.dalt0.fr","uri":"/","headers":{"User-Agent":["Mozilla/5.0 zgrab/0.x"],"Accept":["*/*"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":771,"cipher_suite":49195,"proto":"","server_name":"phpmyadmin.dalt0.fr"}},"duration":0.021114119,"status":502,"err_id":"g4ewthrju","err_trace":"reverseproxy.statusError (reverseproxy.go:1246)"}
Aug 03 17:27:44 vps-dea3a066 caddy[2339]: {"level":"error","ts":1691083664.546234,"logger":"http.log.error","msg":"dial tcp: lookup wordpress on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"171.67.70.229","remote_port":"46210","client_ip":"171.67.70.229","proto":"HTTP/1.1","method":"GET","host":"galadrielgestin.com","uri":"/","headers":{"User-Agent":["Mozilla/5.0 zgrab/0.x"],"Accept":["*/*"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":771,"cipher_suite":49195,"proto":"","server_name":"galadrielgestin.com"}},"duration":0.020925314,"status":502,"err_id":"meze6ts6f","err_trace":"reverseproxy.statusError (reverseproxy.go:1246)"}

3. Caddy version:

v2.7.2

4. How I installed and ran Caddy:

directly into my ubuntu, i followed these steps :

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

a. System environment:

OS : Ubuntu 22.04.2 LTS
Server : OVH VPS

Docker : v20.10.25
3 websites :

• portainer (1 container)
• a wordpress (4 containers)
• a “homepage” for my server (1 container)

b. Command:

I have checked :

• my resolv.conf
• in my file /etc/netplan/50-cloud-init.yaml, i added google dns
• tried to delete certificates folder, then restart Caddy
• tried several changes on my Caddyfile
• tried several caddy reload after Caddyfile changes + service caddy restart
• tried several changes on my Docker Container Networks
  → dalt0.fr => default bridge OK
  → wordpress => dedicated bridge KO / default bridge KO / dedicated bridge + default bridge KO
  → portainer => default bridge KO

c. Service/unit/compose file:

No thing to report

d. My complete Caddy config:

Default config except my Caddyfile

5. Links to relevant resources:

No thing to report

Do you have any idea ?

Thank you for your help.

Dalto.

If you’re running Caddy on Linux (not inside Docker) then there’s nothing that can resolve wordpress to your container.

If you run Caddy in Docker, then it would use Docker’s DNS resolver to resolve wordpress to your container’s IP address.

Your other option is to publish the ports for each container and then use localhost:9292 or whatever instead.

Hello,

Thank you for your update.

I have tested also on my Caddyfile (i forgot to mentioned it) :

www.galadrielgestin.com {
        reverse_proxy localhost:9292
}

I’m trying to use Caddy into a docker container.

I will give you an update soon.

Dalto

Ok so i have done these actions :

• stop caddy in ubuntu

• create this docker-compose file :

version: "3.7"

networks:
        web:
                external: true
        internal:
                external: false
                driver: bridge

services:
        caddy:
                image: caddy:latest
                restart: unless-stopped
                ports:
                        - "80:80"
                        - "443:443"
                volumes:
                        - /home/ubuntu/caddy/Caddyfile:/etc/caddy/Caddyfile
                        - /home/ubuntu/site:/srv
                networks:
                        - web
                        - internal

=> The Caddy container is running

• Edit the file /home/ubuntu/caddy/Caddyfile with :

galadrielgestin.com {
        reverse_proxy wordpress:9292
}

www.galadrielgestin.com {
        reverse_proxy wordpress:9292
}

docker.dalt0.fr {
        reverse_proxy portainer:9000
}

phpmyadmin.dalt0.fr {
        reverse_proxy phpmyadmin:8080
}


www.dalt0.fr {
        reverse_proxy dalt0.fr:8120
}

dalt0.fr {
        reverse_proxy dalt0.fr:8120
}

• restart Caddy container to be sure
• I have the same behaviour : dalt0.fr is working and not the other one (wordpress and portainer)

{"level":"warn","ts":1691096202.7675536,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
{"level":"info","ts":1691096202.8027103,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc0007922a0"}
{"level":"info","ts":1691096202.8028436,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
{"level":"info","ts":1691096202.8028626,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
{"level":"info","ts":1691096203.6261563,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1691096203.6279485,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1691096203.6293607,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1691096203.6301596,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1691096203.6301908,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1691096203.6312695,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1691096203.6314015,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
{"level":"info","ts":1691096203.6314778,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1691096203.6315627,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1691096203.6316307,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["galadrielgestin.com","phpmyadmin.dalt0.fr","docker.dalt0.fr","www.dalt0.fr","dalt0.fr","www.galadrielgestin.com"]}
{"level":"info","ts":1691096203.6324098,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1691096203.634186,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1691096203.6345263,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0003baee0"}
{"level":"info","ts":1691096203.6372812,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1691096203.6374772,"msg":"serving initial configuration"}
{"level":"error","ts":1691096258.1033533,"logger":"http.log.error","msg":"dial tcp: lookup wordpress on 127.0.0.11:53: server misbehaving","request":{"remote_ip":"52.167.144.27","remote_port":"23605","proto":"HTTP/2.0","method":"GET","host":"www.galadrielgestin.com","uri":"/en/contact-oeuvre/?oeuvre=4194","headers":{"From":["bingbot(at)microsoft.com"],"User-Agent":["Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/103.0.5060.134 Safari/537.36"],"Cache-Control":["no-cache"],"Pragma":["no-cache"],"Accept":["*/*"],"Accept-Encoding":["gzip, deflate"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"www.galadrielgestin.com"}},"duration":0.036155868,"status":502,"err_id":"7gjc598ey","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}
{"level":"error","ts":1691096260.9200866,"logger":"http.log.error","msg":"dial tcp: lookup wordpress on 127.0.0.11:53: server misbehaving","request":{"remote_ip":"91.170.179.240","remote_port":"16615","proto":"HTTP/2.0","method":"GET","host":"galadrielgestin.com","uri":"/","headers":{"Sec-Ch-Ua-Mobile":["?0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"],"Sec-Fetch-Dest":["document"],"Accept-Language":["fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,la;q=0.6"],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"115\", \"Chromium\";v=\"115\""]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"galadrielgestin.com"}},"duration":0.022627191,"status":502,"err_id":"kibgjusds","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}

I don’t understand.

Best regards,

Dalto

Are you sure your web network has the wordpress container in it?

Please see Keep Caddy Running — Caddy Documentation for our recommended Docker Compose config. Make sure to persist /data.

Ok so :

• My portainer container is working with HTTPS
• My wordpress still in the same state :
  In Chrome :

HTTP ERROR 502

In Caddy logs :

{"level":"error","ts":1691157059.3621168,"logger":"http.log.error","msg":"dialing backend: dial tcp 172.19.0.4:9292: connect: connection refused","request":{"remote_ip":"91.170.179.240","remote_port":"30971","proto":"HTTP/2.0","method":"GET","host":"www.galadrielgestin.com","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua-Mobile":["?0"],"Cookie":[],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"115\", \"Chromium\";v=\"115\""],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"],"Sec-Fetch-Site":["none"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,la;q=0.6"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"www.galadrielgestin.com"}},"duration":0.001752658,"status":502,"err_id":"fus3z9z6z","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"},
{"level":"error","ts":1691157130.9165661,"logger":"http.log.error","msg":"dial tcp 172.19.0.4:9292: connect: connection refused","request":{"remote_ip":"91.170.179.240","remote_port":"22967","proto":"HTTP/2.0","method":"GET","host":"www.galadrielgestin.com","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Cookie":[],"Cache-Control":["max-age=0"],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"115\", \"Chromium\";v=\"115\""],"Sec-Ch-Ua-Platform":["\"macOS\""],"Sec-Fetch-Mode":["navigate"],"Accept-Language":["fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,la;q=0.6"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"www.galadrielgestin.com"}},"duration":0.001652495,"status":502,"err_id":"1v68bn12v","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}

• My phpmyadmin container is on the same state :
  In Chrome :

HTTP ERROR 502

In Caddy logs :

{"level":"error","ts":1691157222.6466777,"logger":"http.log.error","msg":"dial tcp 172.19.0.5:9393: connect: connection refused","request":{"remote_ip":"91.170.179.240","remote_port":"19757","proto":"HTTP/2.0","method":"GET","host":"phpmyadmin.dalt0.fr","uri":"/","headers":{"Cookie":[],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Sec-Ch-Ua":["\"Not/A)Brand\";v=\"99\", \"Google Chrome\";v=\"115\", \"Chromium\";v=\"115\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7,la;q=0.6"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"phpmyadmin.dalt0.fr"}},"duration":0.002463082,"status":502,"err_id":"utsrwgaha","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}

I have tried with a new Wordpress docker container and it’s the same.

I don’t know why i have this message : connect: connection refused

On Docker i have a global network for all the containers :

image1188×445 51 KB

So all these containers should be able to communicate.

Any idea ?

Best regards,

Dalto

I just fixed my phpmyadmin issue by reading this comment on Stack overflow :

image754×313 22.7 KB

So i tried to change my Caddyfile :
FROM :

phpmyadmin.dalt0.fr {
        reverse_proxy phpmyadmin:9393
}

TO :

phpmyadmin.dalt0.fr {
        reverse_proxy phpmyadmin:80
}

And it works !

So i tried the same fix for my wordpress :
FROM :

galadrielgestin.com {
        reverse_proxy wordpress:9292
}

TO :

galadrielgestin.com {
        reverse_proxy wordpress:80
}

But i have this message :
In chrome ;

ERR_TOO_MANY_REDIRECTS

Nothing in Caddy logs.

It’s me again !

With this comment, i understood my issue :

image763×248 29.8 KB

Now all my website work with Caddy with https !

It take a little time to understand Caddy (with a Docker usage), but it really a good server !

Thank you for your help.

Best regards,

Dalto

Yep! Glad you were able to find answers from existing questions

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.