1. Caddy version (caddy version
):
v.2.3.0
2. How I run Caddy:
Running Caddy as a systemd service
a. System environment:
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"
NAME="Raspbian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=raspbian
ID_LIKE=debian
b. Command:
Managing Caddy using standard systemctl commands
sudo systemctl {start|stop} caddy
c. Service/unit/compose file:
None (at least not that I’m aware of)
d. My complete Caddyfile or JSON config:
# This replaces the existing content in /etc/caddy/Caddyfile
# A CONFIG SECTION FOR YOUR HOSTNAME
lordstrahdsfoundry.ddns.net {
# PROXY ALL REQUEST TO PORT 30000
reverse_proxy localhost:30000
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
3. The problem I’m having:
I am running an application server (specifically Foundry VTT) on a Rasberry Pi. External users to the application currently connect via a browser pointed at http://lordstrahdsfoundry(dot)ddns(dot)net:30000. However, the Foundry community suggests configuring a reverse proxy to handle signed SSL certificates and to obfuscate port numbers.
I’ve attempted to get this working with Caddy, but the logs appear to show that Caddy is having some problems with an invalid character (at least, I believe this to be the root problem) and as such is not issuing SSL certificates.
4. Error messages and/or full log output:
Taken from syslog on start of Caddy service
Apr 27 16:54:42 rpi-foundryserver systemd[1]: Started Caddy.
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: caddy.HomeDir=/var/lib/caddy
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: caddy.Version=v2.3.0
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: runtime.GOOS=linux
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: runtime.GOARCH=arm
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: runtime.Compiler=gc
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: runtime.NumCPU=4
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: runtime.GOMAXPROCS=4
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: runtime.Version=go1.15.6
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: os.Getwd=/
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: LANG=en_GB.UTF-8
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: HOME=/var/lib/caddy
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: LOGNAME=caddy
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: USER=caddy
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: INVOCATION_ID=7e90d9b3d802434f8576dac64ec29964
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: JOURNAL_STREAM=8:45138
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: {"level":"info","ts":1619538882.8338163,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: {"level":"info","ts":1619538882.8406475,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: {"level":"info","ts":1619538882.8412714,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x414b680"}
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: {"level":"info","ts":1619538882.8416348,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: {"level":"info","ts":1619538882.8416839,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: {"level":"info","ts":1619538882.842737,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["lordstrahdsfoundry.ddns.net"]}
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: {"level":"info","ts":1619538882.8434865,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: {"level":"info","ts":1619538882.8435326,"msg":"serving initial configuration"}
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: {"level":"info","ts":1619538882.8439078,"logger":"tls","msg":"cleaned up storage units"}
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: {"level":"info","ts":1619538882.8443065,"logger":"tls.obtain","msg":"acquiring lock","identifier":"lordstrahdsfoundry.ddns.net"}
Apr 27 16:54:42 rpi-foundryserver caddy[11830]: {"level":"error","ts":1619538882.8445034,"logger":"tls","msg":"job failed","error":"lordstrahdsfoundry.ddns.net: obtaining certificate: decoding lockfile contents: invalid character '\\x00' looking for beginning of value"}
5. What I already tried:
I followed recommended installation instructions for Caddy here.
I followed Caddyfile creation instructions here.
I’ve deleted and recreated the caddyfile, both copy/paste and manually.
I’ve tried grepping for the specific character \x00 using
grep --color='auto' -P -n "[\x00]" /etc/caddy/Caddyfile
but that didn’t return any results.
I’ve gone through the Caddyfile, deleted extra whitespace, and recreated all new lines to no effect.
And as a last attempt to see if I could find any problems, I did hexdump -C
on the Caddyfile but that showed no \x00 characters.
I’m now at a loss and any help will be greatly appreciated!
6. Links to relevant resources:
Foundry VTT Knowledge Base incase it’s needed.