Json on_demand not issuing certificate

se7 · November 25, 2022, 11:33pm

1. Output of `caddy version`:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

using docker serivce create with sending volume for config : /etc/config

a. System environment:

docker swarm

b. Command:

docker inspect ca
[
    {
        "ID": "on9r4k07vpt2btgvpby0pz0os",
        "Version": {
            "Index": 29832599
        },
        "CreatedAt": "2022-11-25T11:01:35.25925543Z",
        "UpdatedAt": "2022-11-25T11:01:35.261731579Z",
        "Spec": {
            "Name": "ca",
            "Labels": {},
            "TaskTemplate": {
                "ContainerSpec": {
                    "Image": "caddy",
                    "Args": [
                        "caddy",
                        "run",
                        "--config",
                        "/etc/caddy/caddy.json"
                    ],
                    "Mounts": [
                        {
                            "Type": "bind",
                            "Source": "/mo/certsFinal",
                            "Target": "/mo/certsFinal"
                        },
                        {
                            "Type": "bind",
                            "Source": "/mo/config/caddy",
                            "Target": "/etc/caddy"
                        },
                        {
                            "Type": "bind",
                            "Source": "/mo/upload",
                            "Target": "/mo/upload"
                        }
                    ],
                    "StopGracePeriod": 10000000000,
                    "DNSConfig": {},
                    "Isolation": "default"
                },
                "Resources": {
                    "Limits": {},
                    "Reservations": {}
                },
                "RestartPolicy": {
                    "Condition": "any",
                    "Delay": 5000000000,
                    "MaxAttempts": 0
                },
                "Placement": {},
                "LogDriver": {
                    "Name": "json-file",
                    "Options": {
                        "max-file": "3",
                        "max-size": "10M"
                    }
                },
                "ForceUpdate": 0,
                "Runtime": "container"
            },
            "Mode": {
                "Replicated": {
                    "Replicas": 1
                }
            },
            "UpdateConfig": {
                "Parallelism": 0,
                "FailureAction": "pause",
                "Monitor": 5000000000,
                "MaxFailureRatio": 0,
                "Order": "stop-first"
            },
            "RollbackConfig": {
                "Parallelism": 0,
                "FailureAction": "pause",
                "Monitor": 5000000000,
                "MaxFailureRatio": 0,
                "Order": "stop-first"
            },
            "Networks": [
                {
                    "Target": "l8dnnagdjobzp73vxonpwjc3l"
                }
            ],
            "EndpointSpec": {
                "Mode": "vip",
                "Ports": [
                    {
                        "Protocol": "tcp",
                        "TargetPort": 31080,
                        "PublishedPort": 31080,
                        "PublishMode": "ingress"
                    },
                    {
                        "Protocol": "tcp",
                        "TargetPort": 2019,
                        "PublishedPort": 2019,
                        "PublishMode": "ingress"
                    },
                    {
                        "Protocol": "tcp",
                        "TargetPort": 31443,
                        "PublishedPort": 31443,
                        "PublishMode": "ingress"
                    }
                ]
            }
        },
        "Endpoint": {
            "Spec": {
                "Mode": "vip",
                "Ports": [
                    {
                        "Protocol": "tcp",
                        "TargetPort": 31080,
                        "PublishedPort": 31080,
                        "PublishMode": "ingress"
                    },
                    {
                        "Protocol": "tcp",
                        "TargetPort": 2019,
                        "PublishedPort": 2019,
                        "PublishMode": "ingress"
                    },
                    {
                        "Protocol": "tcp",
                        "TargetPort": 31443,
                        "PublishedPort": 31443,
                        "PublishMode": "ingress"
                    }
                ]
            },
            "Ports": [
                {
                    "Protocol": "tcp",
                    "TargetPort": 31080,
                    "PublishedPort": 31080,
                    "PublishMode": "ingress"
                },
                {
                    "Protocol": "tcp",
                    "TargetPort": 2019,
                    "PublishedPort": 2019,
                    "PublishMode": "ingress"
                },
                {
                    "Protocol": "tcp",
                    "TargetPort": 31443,
                    "PublishedPort": 31443,
                    "PublishMode": "ingress"
                }
            ],
            "VirtualIPs": [
                {
                    "NetworkID": "hifr8m195ctdt4c8t7gabgbx7",
                    "Addr": "10.0.0.101/24"
                },
                {
                    "NetworkID": "l8dnnagdjobzp73vxonpwjc3l",
                    "Addr": "10.0.1.103/24"
                }
            ]
        }
    }
]

c. Service/unit/compose file:

docker service was created via an app, not via command line. Added service inspect above.

d. My complete Caddy config:

{
    "admin": {
        "disabled": false
    },
    "logging": {
        "logs": {
            "":{
                "level": "DEBUG"
            }
        }
    },
    "apps": {
        "http": {
            "servers": {
                "example": {
                    "listen": [
                        ":31080" ,":31443"
                    ],
                    "routes": [
                        {
                            "handle": [
                                {
                                    "handler": "static_response",
                                    "body": "Hello, world!"
                                }
                            ]
                        }
                    ]
                }
            }
        }, 
       
       "tls": {
            "automation": {
                "policies": [
                    {
                        "on_demand": true
                        
                    }
                ],
                "on_demand": {
                    "rate_limit": {
                        "interval": "10m",
                        "burst": 2
                    }
                }
            }
        }
    }
}

3. The problem I’m having:

on my webserver, :80 is mapped to :31080 and :443 is mapped to :31443. I am trying to automatically generate certificates. I am using json file(see above config) as config rater than Caddyfile. But certificates are not getting created. Also even with DEBUG logging, its not logging. Also can’t get admin port :2019 to work, curl doesn’t work.

4. Error messages and/or full log output:

docker logs didn’t had any logs for access / issuing of certificate.

Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.

5. What I already tried:

Trying to create auto certificates, on_demand; and it’s not issuing certificates.
But couldn’t find examples of json config to refer to.

6. Links to relevant resources:

matt · November 26, 2022, 12:27am

Try adding a TLS connection policy to your “example” server: JSON Config Structure - Caddy Documentation

(Just create an empty one, {}, for its defaults. That will enable HTTPS on the server, since you don’t specify any domain names automatic HTTPS cannot engage.)

se7 · November 26, 2022, 8:38am

Doesn’t work.

Looks like it expects an array instead of object. Tried emtpy array, still fails.

Getting TLS false

{"level":"debug","ts":1669459341.4331555,"logger":"http","msg":"starting server loop","address":"[::]:31080","tls":false,"http3":false}
{"level":"debug","ts":1669459341.4332523,"logger":"http","msg":"starting server loop","address":"[::]:31443","tls":false,"http3":false}

Full config

{
    "admin": {
        "disabled": false
    },
    "logging": {
        "logs": {
            "":{
                "level": "DEBUG"
            }
        }
    },
    "apps": {
        "http": {
            "servers": {
                "example": {
                    "listen": [
                        ":31080" ,":31443"
                    ],
                    "routes": [
                        {
                            "handle": [
                                {
                                    "handler": "static_response",
                                    "body": "Hello, world!"
                                }
                            ]
                        }
                    ],
                    "tls_connection_policies":{}
                }
            }
        }, 
       
       "tls": {
            "automation": {
                "policies": [
                    {
                        "on_demand": true 
                    }
                ],
                "on_demand": {
                    "rate_limit": {
                        "interval": "10m",
                        "burst": 2
                    }
                }
            }
        }
    }
}

Gives error in config

docker exec -w /etc/caddy ca.1.10m0bv6p11gmv4j0897comit5 caddy reload --config /etc/caddy/caddy.json

{"level":"info","ts":1669451602.1980085,"msg":"using provided configuration","config_file":"/etc/caddy/caddy.json","config_adapter":""}
Error: sending configuration to instance: caddy responded with error: HTTP 400: {"error":"loading config: loading new config: loading http app module: decoding module config: http: json: cannot unmarshal object into Go struct field Server.servers.tls_connection_policies of type caddytls.ConnectionPolicies"}

also tried “tls_connection_policies”:[] but didn’t helped.

Note: http to the host works but https doesn’t

gives error

This site can’t provide a secure connection
**www.************.com** sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

matt · November 26, 2022, 4:25pm

To clarify, you need an array with one empty object: [{}]

se7 · November 27, 2022, 5:03am

Thanks, worked ! Is it possible see some examples of json. Similar to github examples folder in v1. Thanks.

matt · November 27, 2022, 5:17am

We could benefit from more examples. But there could be thousands of them, really. We’re taking up a collection on our wiki if anyone would like to contribute!

se7 · November 27, 2022, 8:34am

Btw, Http was not redirecting to Https.
Nice, pls make sure we have both Caddyfile and json config ! Thanks

francislavoie · November 27, 2022, 11:25am

That would be because of this:

If you set up an HTTP server yourself, then Caddy’s redirect routes will be overshadowed.

Remove ":31080" from there, and add "http_port": "31080" to the http app’s config, and it should fix the redirects. JSON Config Structure - Caddy Documentation

se7 · November 27, 2022, 7:54pm

Thanks, Worked.

system · December 25, 2022, 11:34pm

This topic was automatically closed after 30 days. New replies are no longer allowed.