1. Output of caddy version
:
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I run Caddy:
As a service on ubuntu via oracle’s free cloud tier implementation. It is run in conjunction with a Foundry server which broadcasts on port 30000. I am attempting to create a reverse proxy to redirect 80 to 443 (the default per Caddy’s documentation) and 443 to localhost:30000 (where the server I want to hit is)
a. System environment:
Ubuntu. Installed Caddy via the commands below.
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
b. Command:
sudo service caddy start
c. Service/unit/compose file:
I don’t know what this is
d. My complete Caddy config:
{
debug
}
# This replaces the existing content in /etc/caddy/Caddyfile
# A CONFIG SECTION FOR YOUR HOSTNAME
feedingamos.com {
# PROXY ALL REQUEST TO PORT 30000
reverse_proxy localhost:30000
encode zstd gzip
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
3. The problem I’m having:
I am trying to establish a reverse proxy to forward all ports to localhost:30000 where a working server is located. (the server is working and works if I access it directly over http. When I attempt to access it I get a timeout error, when I use curl -v https://localhost I get TLS Alert, internal error (592) and it fails.
4. Error messages and/or full log output:
ubuntu@foundry:~$ curl -v https://localhost
* Trying 127.0.0.1:443...
* Connected to localhost (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection 0
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error
al certificate managers yielded no certificates and no errors","remote_ip":"127.0.0.1","remote_port":"39710","sni":"localhost"}
Jan 16 04:31:32 foundry caddy[6018]: {"level":"debug","ts":1673843492.871479,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","remote_ip":"127.0.0.1","remote_port":"39710","server_name":"localhost","remote":"127.0.0.1:39710","identifier":"localhost","cipher_suites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"cert_cache_fill":0.0001,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Jan 16 04:31:32 foundry caddy[6018]: {"level":"debug","ts":1673843492.8715444,"logger":"http.stdlib","msg":"http: TLS handshake error from 127.0.0.1:39710: no certificate available for 'localhost'"}
Jan 16 04:33:10 foundry caddy[6018]: {"level":"debug","ts":1673843590.6222188,"logger":"events","msg":"event","name":"tls_get_certificate","id":"eaf0e1f4-f2ad-4aa0-9b2e-fb4bb58a6efd","origin":"tls","data":{"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"localhost","SupportedCurves":[29,23,30,25,24,256,257,258,259,260],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
Jan 16 04:33:10 foundry caddy[6018]: {"level":"debug","ts":1673843590.622297,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"localhost"}
Jan 16 04:33:10 foundry caddy[6018]: {"level":"debug","ts":1673843590.6223054,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*"}
Jan 16 04:33:10 foundry caddy[6018]: {"level":"debug","ts":1673843590.6223097,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"127.0.0.1","remote_port":"49954","sni":"localhost"}
Jan 16 04:33:10 foundry caddy[6018]: {"level":"debug","ts":1673843590.6223154,"logger":"tls.handshake","msg":"no certificate matching TLS ClientHello","remote_ip":"127.0.0.1","remote_port":"49954","server_name":"localhost","remote":"127.0.0.1:49954","identifier":"localhost","cipher_suites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"cert_cache_fill":0.0001,"load_if_necessary":true,"obtain_if_necessary":true,"on_demand":false}
Jan 16 04:33:10 foundry caddy[6018]: {"level":"debug","ts":1673843590.6231406,"logger":"http.stdlib","msg":"http: TLS handshake error from 127.0.0.1:49954: no certificate available for 'localhost'"}
5. What I already tried:
Well I read the entire getting started documentation for Caddy and tried various methods including
caddy reverse-proxy --from feedingamos.com --to localhost:30000
This also returned an identical error. I also attempted a full re-install of the package which didn’t help either. I also tried multiple different variations of the config based on what I was reading in the manuals and had the same error throughout.
I also tried with foundry.lovingamos.com (an alternate domain I also own but was worried the subdomain was the issue hence the current config.)
I know I’m probably messing up something obvious and I feel bad asking for help but after putting in well over 4 hours I’m not sure what else to do
Thanks for any input! hopefully it’s an easy fix.
6. Links to relevant resources:
This is the guide I started out with Always Free Oracle Cloud Hosting Guide for Foundry | Foundry VTT Community Wiki from D30 on. All the things I tried were after that.