1. The problem I’m having:
I am trying to configure Caddy as a reverse proxy for a gRPC service running on localhost:9190
. The gRPC service is using HTTP/2 (h2c) for communication, and I need to make it accessible at https://service.grpc.example.com
. However, I am encountering TLS errors when attempting to use grpcurl
to make a simple request, as well as issues when testing with curl
. I’m not sure if my configuration is correct for this use case.
2. Error messages and/or full log output:
Here’s the output from curl
:
curl -v https://service.grpc.examle.com
* Host service.grpc.example.com:443 was resolved.
* IPv6: (none)
* IPv4: 11.111.1.111
* Trying 11.111.1.111:443...
* Connected to service.grpc.example.com (11.111.1.111) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* LibreSSL/3.3.6: error:1404B460:SSL routines:ST_CONNECT:reason(1120)
* Closing connection
curl: (35) LibreSSL/3.3.6: error:1404B460:SSL routines:ST_CONNECT:reason(1120)
Caddy debug logs do not show any apparent issues with certificate selection, but the error persists.
3. Caddy version:
v2.9.1
4. How I installed and ran Caddy:
a. System environment:
- OS: Ubuntu 22.04
- Caddy installed using the official package manager
- Systemd used to manage Caddy service
b. Command:
sudo systemctl start caddy
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
Restart=on-failure
StartLimitInterval=500
StartLimitBurst=5
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
https://service.grpc.example.com {
reverse_proxy {
to localhost:9190
transport http {
versions h2c
}
}
tls {
alpn h2
}
log {
output file /var/log/caddy/access.log
format json
level DEBUG
}
}