Sorry Matt, but read post above. Obvious I’m not an expert, so I sent all I have, each time, and nothing work. I would like to help, but I don’t know how.
With the last backend config, I have:
localhost
root * /var/www/
tls {
on_demand
}
log {
output file /var/log/caddy/domain.com.log
}
file_server
and frontend config:
domain.com {
reverse_proxy wordpress01:443
log {
output file /var/log/caddy/domain.com.log
}
{
debug
}
}
And logs frontend:
root@haproxy01:~# caddy run --config /etc/caddy/Caddyfile
2020/03/21 18:27:42.024 INFO using provided configuration {"config_file": "/etc/caddy/Caddyfile", "config_adapter": ""}
2020/03/21 18:27:42.047 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["localhost:2019"]}
2020/03/21 18:27:42 [INFO][cache:0xc000694aa0] Started certificate maintenance routine
2020/03/21 18:27:42.047 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2020/03/21 18:27:42.047 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2020/03/21 18:27:42.048 INFO http enabling automatic TLS certificate management {"domains": ["domain.com"]}
2020/03/21 18:27:42.062 INFO tls cleaned up storage units
2020/03/21 18:27:42.063 INFO autosaved config {"file": "/root/.config/caddy/autosave.json"}
2020/03/21 18:27:42.063 INFO serving initial configuration
2020/03/21 18:27:48.316 ERROR http.log.error.log0 remote error: tls: internal error {"request": {"method": "GET", "uri": "/", "proto": "HTTP/2.0", "remote_addr": "127.0.0.1:53950", "host": "domain.com", "headers": {"Dnt": ["1"], "Upgrade-Insecure-Requests": ["1"], "Cache-Control": ["max-age=0"], "Te": ["trailers"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0) Gecko/20100101 Firefox/74.0"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"], "Accept-Language": ["fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3"], "Accept-Encoding": ["gzip, deflate, br"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "domain.com"}}, "status": 502, "err_id": "2vtezdphd", "err_trace": "reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:363)"}
2020/03/21 18:27:48.316 ERROR http.log.access.log0 handled request {"request": {"method": "GET", "uri": "/", "proto": "HTTP/2.0", "remote_addr": "127.0.0.1:53950", "host": "domain.com", "headers": {"Te": ["trailers"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:74.0) Gecko/20100101 Firefox/74.0"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"], "Accept-Language": ["fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3"], "Accept-Encoding": ["gzip, deflate, br"], "Dnt": ["1"], "Upgrade-Insecure-Requests": ["1"], "Cache-Control": ["max-age=0"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "domain.com"}}, "common_log": "127.0.0.1 - - [21/Mar/2020:18:27:48 +0000] \"GET / HTTP/2.0\" 502 0", "latency": 0.003536149, "size": 0, "status": 502, "resp_headers": {"Server": ["Caddy"]}}
and backend frontend:
root@wordpress01:~# caddy run --config /etc/caddy/Caddyfile
2020/03/21 18:27:39.356 INFO using provided configuration {"config_file": "/etc/caddy/Caddyfile", "config_adapter": ""}
2020/03/21 18:27:39.358 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["localhost:2019"]}
2020/03/21 18:27:39.359 INFO tls setting internal issuer for automation policy that has only internal subjects but no issuer configured {"subjects": ["localhost"]}
2020/03/21 18:27:39 [INFO][cache:0xc000243ef0] Started certificate maintenance routine
2020/03/21 18:27:39.373 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2020/03/21 18:27:39.373 INFO http enabling automatic TLS certificate management {"domains": ["localhost"]}
2020/03/21 18:27:39.441 WARN pki.ca.local trusting root certificate (you might be prompted for password) {"path": "storage:pki/authorities/local/root.crt"}
2020/03/21 18:27:39.441 ERROR pki failed to install root certificate {"error": "not NSS security databases found", "certificate_file": "storage:pki/authorities/local/root.crt"}
2020/03/21 18:27:39.443 INFO tls cleaned up storage units
2020/03/21 18:27:39.444 INFO autosaved config {"file": "/root/.config/caddy/autosave.json"}
2020/03/21 18:27:39.444 INFO serving initial configuration
2020/03/21 18:27:48 http: TLS handshake error from 10.244.32.196:42474: no certificate available for 'wordpress01'