1. Output of caddy version
:
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I run Caddy:
I want to run https://git.haipa.xyz
which redirects client to Gitea on port 3000.
Since Caddy can automatically configure HTTPS, I didn’t installed any certbot
or any other related packages. Caddy will act as ‘TLS termination proxy’, so HTTPS will be only available until Caddy, not Gitea.
Client <–(HTTPS)–> Caddy <–(HTTP)–> Gitea
a. System environment:
Result of lsb_release -a
:
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
Caddy is directly installed to system. No Docker presents.
Caddy is running as systemd service.
● caddy.service - Caddy
Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2022-10-23 20:46:06 KST; 1 day 2h ago
Docs: https://caddyserver.com/docs/
Main PID: 759 (caddy)
Tasks: 9 (limit: 1076)
Memory: 35.7M
CPU: 6.720s
CGroup: /system.slice/caddy.service
└─759 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7293391,"logger":"http.log","msg":"server running","name":"sr>
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7296584,"logger":"http.log","msg":"server running","name":"re>
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7298453,"logger":"http","msg":"enabling automatic TLS certifi>
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7335446,"logger":"tls.cache.maintenance","msg":"stopped backg>
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.733737,"msg":"autosaved config (load with --resume flag)","fi>
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7340877,"logger":"admin.api","msg":"load complete"}
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7408834,"logger":"admin","msg":"stopped previous server","add>
Oct 24 22:41:15 oracle2 caddy[759]: {"level":"info","ts":1666618875.6785727,"logger":"admin.api","msg":"received request","method>
Oct 24 22:41:15 oracle2 caddy[759]: {"level":"info","ts":1666618875.6788871,"msg":"config is unchanged"}
Oct 24 22:41:15 oracle2 caddy[759]: {"level":"info","ts":1666618875.6789656,"logger":"admin.api","msg":"load complete"}
b. Command:
Caddy is automatically starts when system start, and I didn’t called any Caddy command except for caddy reload --config /etc/caddy/Caddyfile
.
d. My complete Caddy config:
https://git.haipa.xyz {
reverse_proxy :3000
}
3. The problem I’m having:
When I try to connect to https://git.haipa.xyz
, I get ERR_NAME_NOT_RESOLVED
error code from my Chrome.
Here is a result of attemting to connect to https://git.haipa.xyz
:
$ curl -v https://git.haipa.xyz
* Could not resolve host: git.haipa.xyz
* Closing connection 0
curl: (6) Could not resolve host: git.haipa.xyz
I should be able to see Gitea configuration screen, but since I can’t access to my site, I can’t configure it neither.
4. Error messages and/or full log output:
Result of journalctl -u caddy --no-pager | less +G
:
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.692325,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7276363,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000524e00"}
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.72839,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7285645,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7290304,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7293391,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7296584,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7298453,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["git.haipa.xyz"]}
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7335446,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc0005bb2d0"}
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.733737,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7340877,"logger":"admin.api","msg":"load complete"}
Oct 24 22:39:02 oracle2 caddy[759]: {"level":"info","ts":1666618742.7408834,"logger":"admin","msg":"stopped previous server","address":"localhost:2019"}
Oct 24 22:41:15 oracle2 caddy[759]: {"level":"info","ts":1666618875.6785727,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_ip":"127.0.0.1","remote_port":"44058","headers":{"Accept-Encoding":["gzip"],"Content-Length":["241"],"Content-Type":["application/json"],"Origin":["http://localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Oct 24 22:41:15 oracle2 caddy[759]: {"level":"info","ts":1666618875.6788871,"msg":"config is unchanged"}
Oct 24 22:41:15 oracle2 caddy[759]: {"level":"info","ts":1666618875.6789656,"logger":"admin.api","msg":"load complete"}
5. What I already tried:
I tried to follow this CloudFlare’s article since I use CloudFlare as ‘DNS server’.
-
Mistyped domain or subdomain
: No, I typed url(https://git.haipa.xyz
) correctly. -
Missing DNS records
: No, I double-checked thatgit
entry is pointing to IP of my instance. -
DNSSEC wasn't disabled before the domain was added to Cloudflare
: I can’t check because scan result is saying ‘Invalid domain name’. But if I remember correctly, there wasn’t any DNSSEC records before moving to CF, and after CF. -
Nameservers no longer point to Cloudflare
: I’m using CF’s nameserver. -
Unresolved IP address
: Both my main PC’s router and instance uses1.1.1.1
as DNS resolver.
DNS propagation check result seems to be nice, because it is pointing to CF because I enabled proxy in CF dashboard.
It was pointing to actual IP address of my instance before I enabled proxy, so DNS propagation shouldn’t be the reason of this problem.
6. Links to relevant resources:
I don’t know what should I do next about this problem, so this section is empty.