1. The problem I’m having:
I am trying to host some of my docker containers locally using caddy. I have successfully gotten it to work using the .local TLD, but nothing is resolving when I switch them over to the .localhost TLD.
2. Error messages and/or full log output:
INF ts=1680041538.9001062 msg=using provided configuration config_file=/etc/caddy/Caddyfile config_adapter=caddyfile
WRN ts=1680041538.9020388 msg=Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies adapter=caddyfile file=/etc/caddy/Caddyfile line=1
INF ts=1680041538.9030972 logger=admin msg=admin endpoint started address=localhost:2019 enforce_origin=false origins=["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]
INF ts=1680041538.903509 logger=http msg=server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS server_name=srv0 https_port=443
INF ts=1680041538.903525 logger=http msg=enabling automatic HTTP->HTTPS redirects server_name=srv0
INF ts=1680041538.9036286 logger=tls.cache.maintenance msg=started background certificate maintenance cache=0xc0001f12d0
INF ts=1680041538.920608 logger=pki.ca.local msg=root certificate is already trusted by system path=storage:pki/authorities/local/root.crt
INF ts=1680041538.9208004 logger=http msg=enabling HTTP/3 listener addr=:443
INF ts=1680041538.9208927 msg=failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details.
INF ts=1680041538.9209976 logger=http.log msg=server running name=srv0 protocols=["h1","h2","h3"]
INF ts=1680041538.9210474 logger=http.log msg=server running name=remaining_auto_https_redirects protocols=["h1","h2","h3"]
INF ts=1680041538.9210558 logger=http msg=enabling automatic TLS certificate management domains=["adguard.local","portainer.local","portainer.localhost"]
WRN ts=1680041538.9217272 logger=tls msg=stapling OCSP error=no OCSP stapling for [adguard.local]: no OCSP server specified in certificate identifiers=["adguard.local"]
WRN ts=1680041538.9220595 logger=tls msg=stapling OCSP error=no OCSP stapling for [portainer.local]: no OCSP server specified in certificate identifiers=["portainer.local"]
WRN ts=1680041538.9225974 logger=tls msg=stapling OCSP error=no OCSP stapling for [portainer.localhost]: no OCSP server specified in certificate identifiers=["portainer.localhost"]
INF ts=1680041538.922717 logger=tls msg=cleaning storage unit description=FileStorage:/data/caddy
INF ts=1680041538.9227748 msg=autosaved config (load with --resume flag) file=/config/caddy/autosave.json
INF ts=1680041538.9227893 msg=serving initial configuration
INF ts=1680041538.9248555 msg=[ERROR] Deleting expired certificates: certificate file certificates/acme-v02.api.letsencrypt.org-directory/caddy/root.crt does not contain PEM-encoded certificate
INF ts=1680041538.9248672 logger=tls msg=finished cleaning storage units
3. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
4. How I installed and ran Caddy:
a. System environment:
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
Docker Compose
b. Command:
c. Service/unit/compose file:
caddy:
image: caddy:latest
container_name: caddy
restart: always
volumes:
- ${USERDIR}/Caddy/config:/etc/caddy
- ${USERDIR}/Caddy/.caddy:/root/.caddy
- ${USERDIR}/Caddy:/data
ports:
- "80:80"
- "443:443"
d. My complete Caddy config:
adguard.local {
reverse_proxy 192.168.0.107:3080
}
portainer.local, portainer.localhost {
reverse_proxy portainer:9000
}
5. Links to relevant resources:
I am switching to .localhost from .local because .local does not work on my Mac for I think this reason: .local domain not working
I have made sure .local and .localhost both have DNS rewrites on my adguard server. They are both getting redirected to the correct internal IP when I curl
$ curl -v https://karaoke.localhost
* Trying 192.168.0.107:443...
* Connected to karaoke.localhost (192.168.0.107) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
When I navigate to portainer.local, it successfully resolves. When I navigate to portainer.localhost, I get ERR_CONNECTION_REFUSED