1. Caddy version (caddy version
):
2.0.0
2. How I run Caddy:
Serving up static files from a folder. Behind a Traefik reverse proxy.
a. System environment:
Ubuntu 20.04
Docker, Docker Compose
b. Command:
docker-compose up -d
c. Service/unit/compose file:
version: "3.3"
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.email=my@email.address"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
nzz:
image: "caddy"
container_name: "nzz-caddy"
volumes:
- "caddy_nzz_data:/data"
- "caddy_nzz_config:/config"
- "/home/fmbra/websites/nzz:/usr/share/caddy"
- "/home/fmbra/websites/Caddyfile-nzz:/etc/caddy/Caddyfile"
labels:
- "traefik.enable=true"
- "traefik.http.routers.nzz.rule=Host(`nzz.tld`)"
- "traefik.http.routers.nzz.entrypoints=websecure"
- "traefik.http.routers.nzz.tls.certresolver=myresolver"
volumes:
caddy_nzz_data:
caddy_nzz_config:
d. My complete Caddyfile or JSON config:
encode gzip
templates
3. The problem I’m having:
I’m very much a newbie, so apologies if this is obvious. I’ve set up a very basic Caddy 2 server behind a Traefik reverse proxy using Docker Compose. It works fine until I try to use a custom Caddyfile to turn on gzip compression. Caddy attempts to get lets encrypt certificates for “encode” and “gzip” instead of treating them as configuration options.
4. Error messages and/or full log output:
e[33mnzzus-caddy |e[0m {“level”:“info”,“ts”:1590436589.078648,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
e[33mnzz-caddy |e[0m {“level”:“info”,“ts”:1590436589.0814178,“logger”:“admin”,“msg”:“admin endpoint started”,“address”:“tcp/localhost:2019”,“enforce_origin”:false,“origins”:[“localhost:2019”,"[::1]:2019",“127.0.0.1:2019”]}
e[33mnzzus-caddy |e[0m 2020/05/25 19:56:29 [INFO][cache:0xc000763590] Started certificate maintenance routine
e[33mnzz-caddy |e[0m {“level”:“info”,“ts”:1590436589.096234,“logger”:“http”,“msg”:“server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS”,“server_name”:“srv0”,“https_port”:443}
e[33mnzz-caddy |e[0m {“level”:“info”,“ts”:1590436589.0963771,“logger”:“http”,“msg”:“enabling automatic HTTP->HTTPS redirects”,“server_name”:“srv0”}
e[33mnzz-caddy |e[0m {“level”:“info”,“ts”:1590436589.096867,“logger”:“tls”,“msg”:“cleaned up storage units”}
e[33mnzz-caddy |e[0m {“level”:“info”,“ts”:1590436589.0974503,“logger”:“http”,“msg”:“enabling automatic TLS certificate management”,“domains”:[“encode”,“gzip”]}
e[33mnzz-caddy |e[0m {“level”:“info”,“ts”:1590436589.097868,“msg”:“autosaved config”,“file”:"/config/caddy/autosave.json"}
e[33mnzz-caddy |e[0m {“level”:“info”,“ts”:1590436589.0978787,“msg”:“serving initial configuration”}
e[33mnzz-caddy |e[0m 2020/05/25 19:56:29 [INFO][encode] Obtain certificate; acquiring lock…
e[33mnzz-caddy |e[0m 2020/05/25 19:56:29 [INFO][gzip] Obtain certificate; acquiring lock…
e[33mnzz-caddy |e[0m 2020/05/25 19:56:29 [INFO][gzip] Obtain: Lock acquired; proceeding…
e[33mnzz-caddy |e[0m 2020/05/25 19:56:29 [INFO][encode] Obtain: Lock acquired; proceeding…
e[33mnzz-caddy |e[0m 2020/05/25 19:56:29 [INFO][gzip] Waiting on rate limiter…
e[33mnzz-caddy |e[0m 2020/05/25 19:56:29 [INFO][gzip] Done waiting
e[33mnzz-caddy |e[0m 2020/05/25 19:56:29 [INFO] [gzip] acme: Obtaining bundled SAN certificate given a CSR
e[33mnzz-caddy |e[0m 2020/05/25 19:56:29 [INFO][encode] Waiting on rate limiter…
e[33mnzz-caddy |e[0m 2020/05/25 19:56:29 [INFO] [encode] acme: Obtaining bundled SAN certificate given a CSR
e[33mnzz-caddy |e[0m 2020/05/25 19:56:29 [INFO][encode] Done waiting
e[33mnzz-caddy |e[0m 2020/05/25 19:56:29 [ERROR] acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for “gzip”: Domain name needs at least one dot, url: (challenge=tls-alpn-01 remaining=[http-01])
e[33mnzzus-caddy |e[0m 2020/05/25 19:56:29 [ERROR] acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for “encode”: Domain name needs at least one dot, url: (challenge=tls-alpn-01 remaining=[http-01])
e[33mnzz-caddy |e[0m 2020/05/25 19:56:31 [INFO] [gzip] acme: Obtaining bundled SAN certificate given a CSR
e[33mnzz-caddy |e[0m 2020/05/25 19:56:31 [INFO] [encode] acme: Obtaining bundled SAN certificate given a CSR
e[33mnzzus-caddy |e[0m 2020/05/25 19:56:32 [ERROR] acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for “gzip”: Domain name needs at least one dot, url: (challenge=http-01 remaining=[])
e[33mnzzus-caddy |e[0m 2020/05/25 19:56:32 [ERROR] acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for “encode”: Domain name needs at least one dot, url: (challenge=http-01 remaining=[])