Deinara
February 1, 2021, 8:57am
8
Although it wasn’t immediately obvious how to, I enabled logging using:
Hi Melissa–
Good question. All logs at the INFO level or higher are enabled by default, except for HTTP access logs, I think.
You can enable them 100% as described here in the docs: JSON Config Structure - Caddy Documentation
Enables access logging and configures how access logs are handled in this server. To minimally enable access logs, simply set this to a non-null, empty struct.
ServerLogConfig describes a server’s logging configuration. If enabled without customization, all requests to…
and
and
Turns out it was as simple as:
{
debug
}
https://redacted.com https://192.168.1.25:8012 https://simon.local:8012 {
reverse_proxy home_assistant:8123
}
This results in the following, rather brief, log line being spat out.
caddy_1 | {"level":"debug","ts":1612168776.013658,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.168.1.164:53180: no certificate available for '172.19.0.8'"}
This points to the docker abstraction as the culprit. Caddy’s creating a certificate for 192.168.1.25, but the address that’s ‘requested’ is 172.19.0.8. An internal docker address.
Yes - you’re running Caddy in Docker. When it installs its local-only certificate authority, it does so… inside the Docker container. The actual Docker host (presumably where you’re running your browser) still won’t trust Caddy.
Quirk of interaction between Docker NAT, and SNI (or specifically the lack thereof).
Browsers don’t send SNI for IP addresses, so Caddy infers the server name from the IP address the client is connecting to (i.e. its own IP address). You might be connecting to a 192.…
It doesn’t provide an answer, other than configuring a domain name (which, of course, I am doing via the .local domain)
I have not been able to find any solution so far.
1 Like