Migrating from Docker container to LXC

Moqqel · November 30, 2025, 9:37pm

1. The problem I’m having:

Hi,
I’m running caddy in a Docker container (192.168.0.2) without any issue.

I’m trying to move caddy to a Proxmox unprivileged LXC (192.168.0.203) using the official installation method, on Debian Trixie, with the official caddy-dns-cloudflare add-on.

I saw the default caddy page at 192.168.0.203:80

I transfered, and modified if needed, my Caddyfile and the /data/certificates folder with rsync -avh and updated my local DNS to redirect to the new host.

I cannot for the love of me get it to work.

Do you have any idea what could be going on here ?

Thank you

Error messages and/or full log output:

systemctl status caddy

* caddy.service - Caddy     Loaded: loaded (/usr/lib/systemd/system/caddy.service; enabled; preset: en>    Drop-In: /etc/systemd/system/caddy.service.d             `-override.conf     Active: active (running) since Sun 2025-11-30 21:33:53 UTC; 14min ago Invocation: b07938335b10460398507f1b6b1546f6       Docs: https://caddyserver.com/docs/   Main PID: 2098 (caddy)      Tasks: 34 (limit: 76641)     Memory: 23.7M (peak: 26.7M)        CPU: 1.059s     CGroup: /system.slice/caddy.service             `-2098 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

journalctl -u caddy -f

No journal files were found.

curl -vL 192.168.0.203:80

* ALPN: curl offers h2,http/1.1* (304) (OUT), TLS handshake, Client hello (1):*  CAfile: /etc/ssl/cert.pem*  CApath: none* LibreSSL/3.3.6: error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error* Closing connectioncurl: (35) LibreSSL/3.3.6: error:1404B438:SSL routines:ST_CONNECT:tlsv1 alert internal error

3. Caddy version:

v2.10.2 h1:g/gTYjGMD0dec+UgMw8SnfmJ3I9+M2TdvoRL/Ovu6U8=

4. How I installed and ran Caddy:

pveam download local debian-13-standard_13.1-2_amd64.tar.zst
pct create 203 local:vztmpl/debian-13-standard_13.1-2_amd64.tar.zst \
  --hostname caddy \
  --memory 512 \
  --cores 1 \
  --rootfs local-lvm:4 \
  --net0 name=eth0,bridge=vmbr0,ip=192.168.0.203/24,gw=192.168.0.1 \
  --unprivileged 1 \
  --onboot 1 \
  --start 1
pct enter 203
apt update && apt upgrade -y
apt install -y curl ca-certificates gnupg nano debian-keyring rsync
curl -1sLf ‘``https://dl.cloudsmith.io/public/caddy/stable/gpg.key’`` | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf ‘``https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt’`` | tee /etc/apt/sources.list.d/caddy-stable.list
chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg
chmod o+r /etc/apt/sources.list.d/caddy-stable.list
apt update
apt install caddy
curl -o caddy ‘``https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com%2Fcaddy-dns%2Fcloudflare&idempotency=70369667001017’
systemctl stop caddy
chmod +x caddy
mv caddy /usr/bin/caddy
systemctl start caddy
nano /etc/caddy/.env

CF_API_TOKEN=[redacted]

chmod 600 /etc/caddy/.env
chown caddy:caddy /etc/caddy/.env
systemctl edit caddy

[Service]EnvironmentFile=/etc/caddy/.env

systemctl daemon-reload
systemctl restart caddy

a. System environment:

Proxmox LXC (Debian 13 Trixie)

b. Command:

systemctl restart caddy

c. Service/unit/compose file:

LXC

d. My complete Caddy config:

{
    debug
}

(moqqel) {
    tls {
        dns cloudflare {env.CF_API_TOKEN}
        resolvers 1.1.1.1 # override local DNS to resolve the domain, otherwise cannot reach cloudflare API
    }
    @local_subnets remote_ip private_ranges
    reverse_proxy @local_subnets {args[0]}
}

home.moqqel.com {
    import moqqel http://192.168.0.214:3000
}

5. Links to relevant resources:

NA