1. Caddy version (caddy version
):
v2.3.0
2. How I run Caddy:
a. System environment:
caddy docker image
b. Command:
Unsure, the default command the docker image uses
c. Service/unit/compose file:
version: "3"
services:
caddy:
image: caddy
restart: always
ports:
- 80:80
- 443:443
- 8000-8100:8000-8100
volumes:
- ./config/Caddyfile:/etc/caddy/Caddyfile
- ./persistent/caddy_pages:/pages
- ./non_backup_data/caddy_data:/data
- ./non_backup_data/caddy_config:/config
d. My complete Caddyfile or JSON config:
‘simon’ is the name my server has been given
Usually my Caddyfile is much longer, but I swear this is all there is in my Caddyfile right now for testing!
I know the template states not to redact, but I’m not comfortable sharing my domain, and it’s not the issue here.
https://redacted.com https://192.168.1.25:8012 https://simon.local:8012 {
reverse_proxy home_assistant:8123
log {
output stdout
}
}
3. The problem I’m having:
When I connect to my .com domain or the .local address, the webpage is presented. So local caddy CA works and the Let’s Encrypt CA works.
However, when I connect to the IP address, I am presented with a SSL_ERROR_INTERNAL_ERROR_ALERT on firefox, and a ERR_SSL_PROTOCOL_ERROR on chrome.
The page does not get displayed
4. Error messages and/or full log output:
Log from startup of the container:
caddy_1 | {"level":"info","ts":1612108050.2341197,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
caddy_1 | {"level":"info","ts":1612108050.238755,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["[::1]:2019","127.0.0.1:2019","localhost:2019"]}
caddy_1 | {"level":"info","ts":1612108050.2398407,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy_1 | {"level":"info","ts":1612108050.240863,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy_1 | {"level":"info","ts":1612108050.2409132,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv1"}
caddy_1 | {"level":"info","ts":1612108050.240822,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000373570"}
caddy_1 | {"level":"info","ts":1612108050.2810113,"logger":"tls","msg":"cleaned up storage units"}
caddy_1 | {"level":"info","ts":1612108050.3017972,"logger":"pki.ca.local","msg":"root certificate is already trusted by system","path":"storage:pki/authorities/local/root.crt"}
caddy_1 | {"level":"info","ts":1612108050.3030016,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["simon.local","redacted.nl","192.168.1.25"]}
caddy_1 | {"level":"warn","ts":1612108050.304018,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [simon.local]: no OCSP server specified in certificate"}
caddy_1 | {"level":"warn","ts":1612108050.3045423,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [192.168.1.25]: no OCSP server specified in certificate"}
caddy_1 | {"level":"info","ts":1612108050.305942,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
caddy_1 | {"level":"info","ts":1612108050.305992,"msg":"serving initial configuration"}
Then, when I try to connect with https://simon.local:8012
a couple of the following log entries are created:
caddy_1 | {"level":"info","ts":1612108215.9996169,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"192.168.1.170:37796","proto":"HTTP/2.0","method":"GET","host":"simon.local:8012","uri":"/","heade
rs":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Dnt":["1"],"Cookie":["default-t
heme=ngax; type=user; google2fa_token={redacted_long_string}; XSRF-TOKEN={redacted_long_string}"],"Te":["trail
ers"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"simon.local"}},"common_log":"192.168.1
.170 - - [31/Jan/2021:15:50:15 +0000] \"GET / HTTP/2.0\" 200 3386","duration":0.002423514,"size":3386,"status":200,"resp_headers":{"Server":["Caddy","Python/3.8 aiohttp/3.7.3"],"Content-Type":["text/html; charset=utf-8"],"Content-Length
":["3386"],"Date":["Sun, 31 Jan 2021 15:50:15 GMT"]}}
However, when I connect using the ip address https://192.168.1.25:8012
no log is created at all.
5. What I already tried:
Tried to decipher logs, tried to find logs at all.
Searched the forum, searched the documentation.
Searched on google for solutions.
However, I have not found this specific problem anywhere. Many topics cover issues with the local CA or accepting certificates. However, there seems to be an error in the handling of IP addresses.
If I try the following Caddyfile (to ensure there is no conflict between the IP and .local address) the issue remains.
https://192.168.1.25:8012 {
reverse_proxy home_assistant:8123
log {
output stdout
}
}
I have also tried a simple file server, with the same result:
https://192.168.1.25:8012 {
root * /pages/
file_server
log {
output stdout
}
}