1. The problem I’m having:
Hi everyone,
I am currently trying to setup a mail server (stalwart) and to update my mta-sts policy.
I have setup stalwart to listen on port 10443, and when I do a curl -k https://127.0.0.1:10443/.well-known/mta-sts.txt
, I get the policy.
2. Error messages and/or full log output:
But when I try to access https://mta-sts.domain.tld/.well-known/mta-sts.txt
via a web browser, I get a 502 and with curl I get nothing at all.
Where is something wrong?
3. Caddy version:
v2.9.1
4. How I installed and ran Caddy:
a. System environment:
Arch linux package, systemd service
b. Command:
sudo systemctl start caddy.service
d. My complete Caddy config:
{
# Restrict the admin interface to a local unix file socket whose directory
# is restricted to caddy:caddy. By default the TCP socket allows arbitrary
# modification for any process and user that has access to the local
# interface. If admin over TCP is turned on one should make sure
# implications are well understood.
admin "unix//run/caddy/admin.socket"
}
http:// {
# Set this path to your site's directory.
root * /srv/www/html/
# Enable the static file server.
file_server
# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8080
# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000
# Refer to the directive documentation for more options.
# https://caddyserver.com/docs/caddyfile/directives
}
artav.fr {
# Set this path to your site's directory.
root * /srv/www/html/
# Enable the static file server.
file_server
# reverse_proxy localhost:10443
}
mail.artav.fr, mta-sts.artav.fr {
reverse_proxy localhost:10443 {
transport http {
proxy_protocol v2
tls_server_name mail.artav.fr
}
}
log {
output file /var/log/caddy/mail.log
}
}
webmail.artav.fr {
reverse_proxy 127.0.0.1:8084
}
auth.artav.fr {
reverse_proxy localhost:9091
}
dav.artav.fr {
reverse_proxy localhost:5232 {
# header_up X-Script-Name /radicale
}
}
gamja.artav.fr {
root * /usr/share/webapps/gamja
file_server
reverse_proxy /socket localhost:8083
}
rss.artav.fr {
forward_auth localhost:9091 {
uri /api/authz/forward-auth
## The following commented line is for configuring the Authelia URL in the proxy. We strongly suggest
## this is configured in the Session Cookies section of the Authelia configuration.
# uri /api/authz/forward-auth?authelia_url=https://auth.artav.fr/
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy localhost:8081
}
shaarli.artav.fr {
root * /usr/share/webapps/shaarli
}
wallabag.artav.fr {
root * /usr/share/wallabag/web
file_server
php_fastcgi unix//run/php-fpm/php-fpm-wallabag.sock {
index app.php
}
try_files {path} {path}/ /app.php?{query}
log {
output file /var/log/caddy/wbg.access.log
}
}
wiki.artav.fr {
encode gzip zstd
root * /usr/share/webapps/dokuwiki
#Remember to comment the below forbidden block out when you're installing, and uncomment it when done.
@forbidden path /data/* /conf/* /bin/* /inc/* /install.php
handle @forbidden {
respond * 403
}
#End of the forbidden block
try_files {path} {path}/index.html
route {
handle_path /_media/* {
rewrite * /lib/exe/fetch.php?media={path}&{query}
}
handle_path /_detail/* {
rewrite * /lib/exe/detail.php?media={path}&{query}
}
handle /_export/* {
@export path_regexp export ^/_export/([^/]+)/(.*)
rewrite @export /doku.php?do=export_{re.export.1}&{query}&id={re.export.2}
}
handle / {
rewrite * /doku.php?{query}
}
try_files {path} /doku.php?id={path}&{query}
}
file_server
php_fastcgi unix//run/php-fpm/php-fpm.sock
}