Minio -- can access thru caddy reverse proxy but insecurely

Help
1

1. Output of caddy version:

latest

2. How I run Caddy:

DOCKER/Ubuntu

a. System environment:

Docker

b. Command:

Paste command here.

c. Service/unit/compose file:

services:
  caddy:
    container_name: caddy
    image: caddy:latest
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /docker/caddy/Caddyfile:/etc/caddy/Caddyfile
      - /docker/caddy/data:/data
      - /docker/caddy/srv:/srv
      - /docker/caddy/config:/config
    networks:
      - t2_proxy
networks:
  t2_proxy:
    external: true

d. My complete Caddy config:

{
	# Global options block. Entirely optional, https is on by default

	# Optional email key for lets encrypt

	email lookatme33@protonmail.com

	# Optional staging lets encrypt for testing. Comment out for production.

	# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

naff.casa {
	# enable logging

	log

	# .well-known is delegated from example.co.uk and served here

	header /.well-known/matrix/server {
		Content-Type application/json
	}

	respond /.well-known/matrix/server 200 {
		body "{ \"m.server\": \"matrix.naff.casa:443\" }"

		close
	}

	# .well-known delegate for client

	header /.well-known/matrix/client {
		Content-Type application/json
	}

	respond /.well-known/matrix/client 200 {
		body "{\"m.homeserver\": {\"base_url\": \"https://matrix.naff.casa\"}}"

		close
	}

	reverse_proxy /_matrix/* http://192.168.1.37:8008

	reverse_proxy /_synapse/client/* http://192.168.1.37:8008

	reverse_proxy 192.168.1.37:2368
}

minio.naff.casa {
	reverse_proxy 192.168.1.37:9001
}

recipes.naff.casa {
	reverse_proxy 192.168.1.37:8081
}

share.naff.casa {
	reverse_proxy 192.168.1.37:7070
}

logs.naff.casa {
	reverse_proxy 192.168.1.37:9999
}

bin.naff.casa {
	reverse_proxy 192.168.1.37:6608
}

paste.naff.casa {
	reverse_proxy 192.168.1.37:8085
}

remote.naff.casa {
	redir / /guacamole

	reverse_proxy 192.168.1.37:6969
}

fleet.naff.casa {
	reverse_proxy 192.168.1.37:82
}

books.naff.casa {
	reverse_proxy 192.168.1.37:5006
}

port.naff.casa {
	reverse_proxy 192.168.1.37:9000
}

www.naff.casa {
	redir https://naff.casa{uri}
}

sonarr.naff.casa {
	reverse_proxy 192.168.1.37:8989
}

radarr.naff.casa {
	reverse_proxy 192.168.1.37:7878
}

ombi.naff.casa {
	reverse_proxy 192.168.1.37:3579
}

bw.naff.casa {
	reverse_proxy 192.168.1.37:8711
}

cctv.naff.casa {
	reverse_proxy 192.168.1.224:8123
}

jellyfin.naff.casa {
	reverse_proxy 192.168.1.37:8096
}

code.naff.casa {
	reverse_proxy 192.168.1.37:4443
}

matrix.naff.casa {
	reverse_proxy 192.168.1.37:8008
}

element.naff.casa {
	reverse_proxy 192.168.1.37:8089
}

prox.naff.casa {
	reverse_proxy 192.168.1.218:8006 {
		transport http {
			tls_insecure_skip_verify
		}
	}
}

3. The problem I’m having:

cannot connect to minio.naff.casa securely, i have to allow browser to connect insecurely

4. Error messages and/or full log output:

11/03/2022 10:03:59 PM
level=infologger=http.logmsg=server runningname=srv0protocols=h1,h2,h3ts=1667538239.1479073
11/03/2022 10:03:59 PM
level=infologger=http.logmsg=server runningname=remaining_auto_https_redirectsprotocols=h1,h2,h3ts=1667538239.1480827
11/03/2022 10:03:59 PM
domains=element.naff.casa,port.naff.casa,ombi.naff.casa,bw.naff.casa,naff.casa,share.naff.casa,code.naff.casa,matrix.naff.casa,fleet.naff.casa,cctv.naff.casa,sonarr.naff.casa,radarr.naff.casa,remote.naff.casa,jellyfin.naff.casa,minio.naff.casa,paste.naff.casa,bin.naff.casa,books.naff.casa,logs.naff.casa,prox.naff.casa,recipes.naff.casa,www.naff.casalevel=infologger=httpmsg=enabling automatic TLS certificate managementts=1667538239.1481147
11/03/2022 10:03:59 PM
level=infologger=tlsmsg=finished cleaning storage unitsts=1667538239.1642263
11/03/2022 10:03:59 PM
file=/config/caddy/autosave.jsonlevel=infomsg=autosaved config (load with --resume flag)ts=1667538239.1737742
11/03/2022 10:03:59 PM
level=infomsg=serving initial configurationts=1667538239.1738377
11/03/2022 10:04:23 PM
duration=0.000127706level=infologger=http.log.accessmsg=handled requestrequest.headers.Accept=*/*request.headers.Connection=Keep-Aliverequest.headers.User-Agent=WinHttp-Autoproxy-Service/5.1request.host=wpad.naff.casarequest.method=GETrequest.proto=HTTP/1.1request.remote_ip=192.168.1.1request.remote_port=13601request.uri=/wpad.datresp_headers.Connection=closeresp_headers.Content-Type=resp_headers.Location=https://wpad.naff.casa/wpad.datresp_headers.Server=Caddysize=0status=308ts=1667538263.5793295user_id=
11/03/2022 10:04:25 PM
duration=0.000077494level=infologger=http.log.accessmsg=handled requestrequest.headers.Accept-Encoding=gzip, deflaterequest.headers.Connection=keep-aliverequest.headers.User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36request.host=wpadrequest.method=GETrequest.proto=HTTP/1.1request.remote_ip=192.168.1.1request.remote_port=61787request.uri=/wpad.datresp_headers.Connection=closeresp_headers.Content-Type=resp_headers.Location=https://wpad/wpad.datresp_headers.Server=Caddysize=0status=308ts=1667538265.2820437user_id=
11/03/2022 10:04:35 PM
duration=0.000119162level=infologger=http.log.accessmsg=handled requestrequest.headers.Accept-Encoding=gzip, deflaterequest.headers.Connection=keep-aliverequest.headers.User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36request.host=wpadrequest.method=GETrequest.proto=HTTP/1.1request.remote_ip=192.168.1.1request.remote_port=26308request.uri=/wpad.datresp_headers.Connection=closeresp_headers.Content-Type=resp_headers.Location=https://wpad/wpad.datresp_headers.Server=Caddysize=0status=308ts=1667538275.6012821user_id=
11/03/2022 10:06:03 PM
duration=0.000096624level=infologger=http.log.accessmsg=handled requestrequest.headers.Accept=*/*request.headers.Connection=Keep-Aliverequest.headers.User-Agent=WinHttp-Autoproxy-Service/5.1request.host=wpad.naff.casarequest.method=GETrequest.proto=HTTP/1.1request.remote_ip=192.168.1.1request.remote_port=26110request.uri=/wpad.datresp_headers.Connection=closeresp_headers.Content-Type=resp_headers.Location=https://wpad.naff.casa/wpad.datresp_headers.Server=Caddysize=0status=308ts=1667538363.4906914user_id=
11/03/2022 10:06:08 PM
duration=0.000068766level=infologger=http.log.accessmsg=handled requestrequest.headers.Accept=*/*request.headers.Connection=Keep-Aliverequest.headers.User-Agent=WinHttp-Autoproxy-Service/5.1request.host=wpad.naff.casarequest.method=GETrequest.proto=HTTP/1.1request.remote_ip=192.168.1.1request.remote_port=41261request.uri=/wpad.datresp_headers.Connection=closeresp_headers.Content-Type=resp_headers.Location=https://wpad.naff.casa/wpad.datresp_headers.Server=Caddysize=0status=308ts=1667538368.8545575user_id=
11/03/2022 10:06:18 PM
duration=0.000056433level=infologger=http.log.accessmsg=handled requestrequest.headers.Accept=*/*request.headers.Connection=Keep-Aliverequest.headers.User-Agent=WinHttp-Autoproxy-Service/5.1request.host=wpad.naff.casarequest.method=GETrequest.proto=HTTP/1.1request.remote_ip=192.168.1.1request.remote_port=19100request.uri=/wpad.datresp_headers.Connection=closeresp_headers.Content-Type=resp_headers.Location=https://wpad.naff.casa/wpad.datresp_headers.Server=Caddysize=0status=308ts=1667538378.5164409user_id=
11/03/2022 10:06:56 PM
duration=0.000069759level=infologger=http.log.accessmsg=handled requestrequest.headers.Accept=*/*request.headers.Connection=Keep-Aliverequest.headers.User-Agent=WinHttp-Autoproxy-Service/5.1request.host=wpad.naff.casarequest.method=GETrequest.proto=HTTP/1.1request.remote_ip=192.168.1.1request.remote_port=64638request.uri=/wpad.datresp_headers.Connection=closeresp_headers.Content-Type=resp_headers.Location=https://wpad.naff.casa/wpad.datresp_headers.Server=Caddysize=0status=308ts=1667538416.9606018user_id=
11/03/2022 10:07:12 PM
duration=0.000130733level=infologger=http.log.accessmsg=handled requestrequest.headers.Accept=*/*request.headers.Connection=Keep-Aliverequest.headers.User-Agent=WinHttp-Autoproxy-Service/5.1request.host=wpad.naff.casarequest.method=GETrequest.proto=HTTP/1.1request.remote_ip=192.168.1.1request.remote_port=14436request.uri=/wpad.datresp_headers.Connection=closeresp_headers.Content-Type=resp_headers.Location=https://wpad.naff.casa/wpad.datresp_headers.Server=Caddysize=0status=308ts=1667538432.0092967user_id=
11/03/2022 10:07:18 PM
duration=0.000092421level=infologger=http.log.accessmsg=handled requestrequest.headers.Accept=*/*request.headers.Connection=Keep-Aliverequest.headers.User-Agent=WinHttp-Autoproxy-Service/5.1request.host=wpad.naff.casarequest.method=GETrequest.proto=HTTP/1.1request.remote_ip=192.168.1.1request.remote_port=51776request.uri=/wpad.datresp_headers.Connection=closeresp_headers.Content-Type=resp_headers.Location=https://wpad.naff.casa/wpad.datresp_headers.Server=Caddysize=0status=308ts=1667538438.5348692user_id=
11/03/2022 10:08:12 PM
duration=0.000069363level=infologger=http.log.accessmsg=handled requestrequest.headers.Accept=*/*request.headers.Connection=Keep-Aliverequest.headers.User-Agent=WinHttp-Autoproxy-Service/5.1request.host=wpad.naff.casarequest.method=GETrequest.proto=HTTP/1.1request.remote_ip=192.168.1.1request.remote_port=58701request.uri=/wpad.datresp_headers.Connection=closeresp_headers.Content-Type=resp_headers.Location=https://wpad.naff.casa/wpad.datresp_headers.Server=Caddysize=0status=308ts=1667538492.0728667user_id=
11/03/2022 10:08:53 PM
error=context canceledlevel=errorlogger=http.handlers.reverse_proxymsg=aborting with incomplete responsets=1667538533.379141
Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.

5. What I already tried:

I’ve googled and looked at 1 other caddyforum post but the user didn’t fill out the template as I have and didn’t get anywhere, see below:

6. Links to relevant resources:

2

I fixed the formatting of your post.
I usually don’t mention that, but since this isn’t your first topic, please make sure that your post preview looks alright before posting. Thank you.

I am afraid I can’t reproduce your error.
https://minio.naff.case serves a valid and perfectly trusted certificate for me.
Any particular browser or OS you are having issues with?

2 Likes
3

Hi James – sorry about the formatting, I did this post last night and didn’t realize i had submitted the code incorrectly.

Honest mistake, my bad.

So looks like chrome loads fine but not Edge.

Oh well!

Have a great weekend, I’m off to drive for uber for 30 hours hahah!

1 Like
4

This topic was automatically closed after 30 days. New replies are no longer allowed.