Hello,
I’m a newbie with Caddy (start with this server yesterday).
I’m working into an issue since yesterday, despite lot of tests, research, etc…
You could find below all explanation for my problem :
1. The problem I’m having:
I have installed Caddy, then set this CaddyFile :
{
acme_ca https://acme-v02.api.letsencrypt.org/directory
}
galadrielgestin.com {
reverse_proxy wordpress:9292
}
docker.dalt0.fr {
reverse_proxy portainer:9000
}
dalt0.fr {
reverse_proxy dalt0.fr:8120
}
Before Caddy, i used nginx (http) and all these websites worked well.
Now :
dalt0.fr is working with HTTPS
The others site don’t work with HTTPS
2. Error messages and/or full log output:
On Chrome :
Ce site ne peut pas fournir de connexion sécuriséewww.galadrielgestin.com a envoyé une réponse incorrecte.
ERR_SSL_PROTOCOL_ERROR
With journalctl --no-pager -u caddy -f :
Aug 03 17:23:57 vps-dea3a066 caddy[2339]: {"level":"info","ts":1691083437.3150465,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Aug 03 17:23:57 vps-dea3a066 caddy[2339]: {"level":"info","ts":1691083437.3150995,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["docker.dalt0.fr","dalt0.fr","galadrielgestin.com","phpmyadmin.dalt0.fr"]}
Aug 03 17:23:57 vps-dea3a066 caddy[2339]: {"level":"info","ts":1691083437.3231375,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Aug 03 17:23:57 vps-dea3a066 caddy[2339]: {"level":"info","ts":1691083437.3231988,"msg":"serving initial configuration"}
Aug 03 17:23:57 vps-dea3a066 systemd[1]: Started Caddy.
Aug 03 17:23:57 vps-dea3a066 caddy[2339]: {"level":"info","ts":1691083437.3288028,"logger":"tls","msg":"finished cleaning storage units"}
Aug 03 17:26:04 vps-dea3a066 caddy[2339]: {"level":"error","ts":1691083564.9400682,"logger":"http.log.error","msg":"dial tcp: lookup wordpress on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"51.254.49.109","remote_port":"59197","client_ip":"51.254.49.109","proto":"HTTP/1.1","method":"GET","host":"galadrielgestin.com","uri":"/","headers":{"Accept-Language":["en-US,en;q=0.5"],"Connection":["close"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"galadrielgestin.com"}},"duration":0.027920761,"status":502,"err_id":"8ayw1r4up","err_trace":"reverseproxy.statusError (reverseproxy.go:1246)"}
Aug 03 17:27:43 vps-dea3a066 caddy[2339]: {"level":"error","ts":1691083663.9168544,"logger":"http.log.error","msg":"dial tcp: lookup portainer on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"171.67.70.229","remote_port":"46194","client_ip":"171.67.70.229","proto":"HTTP/1.1","method":"GET","host":"docker.dalt0.fr","uri":"/","headers":{"Accept":["*/*"],"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 zgrab/0.x"]},"tls":{"resumed":false,"version":771,"cipher_suite":49195,"proto":"","server_name":"docker.dalt0.fr"}},"duration":0.021495246,"status":502,"err_id":"fjji89nq0","err_trace":"reverseproxy.statusError (reverseproxy.go:1246)"}
Aug 03 17:27:43 vps-dea3a066 caddy[2339]: {"level":"error","ts":1691083663.9357233,"logger":"http.log.error","msg":"dial tcp: lookup phpmyadmin on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"171.67.70.229","remote_port":"46198","client_ip":"171.67.70.229","proto":"HTTP/1.1","method":"GET","host":"phpmyadmin.dalt0.fr","uri":"/","headers":{"User-Agent":["Mozilla/5.0 zgrab/0.x"],"Accept":["*/*"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":771,"cipher_suite":49195,"proto":"","server_name":"phpmyadmin.dalt0.fr"}},"duration":0.021114119,"status":502,"err_id":"g4ewthrju","err_trace":"reverseproxy.statusError (reverseproxy.go:1246)"}
Aug 03 17:27:44 vps-dea3a066 caddy[2339]: {"level":"error","ts":1691083664.546234,"logger":"http.log.error","msg":"dial tcp: lookup wordpress on 127.0.0.53:53: server misbehaving","request":{"remote_ip":"171.67.70.229","remote_port":"46210","client_ip":"171.67.70.229","proto":"HTTP/1.1","method":"GET","host":"galadrielgestin.com","uri":"/","headers":{"User-Agent":["Mozilla/5.0 zgrab/0.x"],"Accept":["*/*"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":771,"cipher_suite":49195,"proto":"","server_name":"galadrielgestin.com"}},"duration":0.020925314,"status":502,"err_id":"meze6ts6f","err_trace":"reverseproxy.statusError (reverseproxy.go:1246)"}
3. Caddy version:
v2.7.2
4. How I installed and ran Caddy:
directly into my ubuntu, i followed these steps :
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
a. System environment:
OS : Ubuntu 22.04.2 LTS
Server : OVH VPS
Docker : v20.10.25
3 websites :
- portainer (1 container)
- a wordpress (4 containers)
- a “homepage” for my server (1 container)
b. Command:
I have checked :
- my resolv.conf
- in my file /etc/netplan/50-cloud-init.yaml, i added google dns
- tried to delete certificates folder, then restart Caddy
- tried several changes on my Caddyfile
- tried several caddy reload after Caddyfile changes + service caddy restart
- tried several changes on my Docker Container Networks
→ dalt0.fr => default bridge OK
→ wordpress => dedicated bridge KO / default bridge KO / dedicated bridge + default bridge KO
→ portainer => default bridge KO
c. Service/unit/compose file:
No thing to report
d. My complete Caddy config:
Default config except my Caddyfile
5. Links to relevant resources:
No thing to report
Do you have any idea ?
Thank you for your help.
Dalto.