Need help configuring caddy & l4 for git ssh access on domain

nitanmarcel · November 20, 2024, 11:20am

1. The problem I’m having:

I’m trying to use caddy-l4 to set up an OneDev server. Until now I used my ip address for ssh ssh://1.2.3.4:661/repo but I want to use the domain name instead.

I figured out I can direct the requests to either the http port or the ssh port with layer4, and while I managed to make the http direct work, I’m having issues with the ssh one.

2. Error messages and/or full log output:

Nothing gets printed in the logs

3. Caddy version:

4. How I installed and ran Caddy:

sudo apt install caddy

then

xcaddy build --with github.com/caddy-dns/cloudflare --with github.com/mholt/caddy-dynamicdns --with github.com/mholt/caddy-l4 --with github.com/pieterlouw/caddy-net ( I did replaced the original caddy executable with the new one)
→

a. System environment:

Ubuntu 20.04, with systemd

b. Commands

systemctl restart/start caddy
caddy reload

c. Service/unit/compose file:

d. My complete Caddy config:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
{
	debug
	acme_dns cloudflare abcdf
	dynamic_dns {
		provider cloudflare abcdf
		domains {
			example.com @ www
		}
		dynamic_domains
	}
	layer4 {
		0.0.0.0:587 {
			route {
				proxy localhost:1507
			}
		}
		0.0.0.0:993 {
			route {
				proxy localhost:1903
			}
		}
		0.0.0.0:6612 {
			route {
				proxy localhost:6611
			}
		}

		0.0.0.0:6612 {
			@ssh ssh
			route @ssh {
				proxy localhost:6611
			}
			@ui http
			route @ui {
				proxy localhost:6610
			}
		}
	}
}

mail.example.com {
	tls internal {
		key_type rsa2048
	}

	# Optional, can be useful for troubleshooting
	# connection to Caddy with correct certificate:
	respond "Hello DMS"
}

example.com {
	# Set this path to your site's directory.
	root * /usr/share/caddy

	# Enable the static file server.
	file_server

	# Another common task is to set up a reverse proxy:
	# reverse_proxy localhost:8080

	# Or serve a PHP site through php-fpm:
	# php_fastcgi localhost:9000
}

docker.example.com {
	reverse_proxy localhost:9000
}

it.example.com {
	reverse_proxy 172.17.0.3:80
}

git.example.com {
	reverse_proxy localhost:6612
}

gpt.example.com {
	reverse_proxy localhost:3080
}

gptproxy.example.com {
	reverse_proxy localhost:8121
}

stats.example.com {
	reverse_proxy 172.20.0.2:3000
}

5. Links to relevant resources:

Whitestrake · November 21, 2024, 12:20am

Howdy @nitanmarcel,

Just to clarify, you say you can connect over HTTP but you’re having issues with SSH.

What issues are you running into? Can you document / demonstrate them for us?

nitanmarcel · November 21, 2024, 6:53am

Apparently I was connecting the wrong way with the ssh, by not providing the right port. Also did some modifications, moved my sshd port to 6662 and used 22 for layer4, and it works perfectly fine, I can clone with ssh by just using my domain.

I did encounter another issue with the certificate. I can’t seem to make it work with caddy auto certificate and layer4.

More exactly I can’t figure out how to properly use caddy for tls and layer4 for proxy, without having caddy to handle the request

{
	debug
	acme_dns cloudflare 1234 
	dynamic_dns {
		provider cloudflare 1234
		domains {
			marcelsoftware.dev @ www
		}
		dynamic_domains
	}
	layer4 {
		0.0.0.0:587 {
			route {
				proxy localhost:1507
			}
		}
		0.0.0.0:993 {
			route {
				proxy localhost:1903
			}
		}
		0.0.0.0:6612 {
			route {
				proxy localhost:6611
			}
		}

		:443 {
			@secure tls sni git.marcelsoftware.dev
			route @secure {
				proxy :6610
			}
			@ssh ssh
			route @ssh {
				proxy :6611
			}
		}
	}
}

git.marcelsoftware.dev {
	tls mail@marcelsoftware.dev {
		on_demand
	}
}

francislavoie · November 21, 2024, 5:51pm

When you use on_demand, you’re telling Caddy “don’t try to fetch a cert right away, only do it if you have a TLS connection come in”. Then you use layer4 on port :443 which intercepts those TLS bytes and proxies it, so no connections ever make it to Caddy’s TLS handshake logic which would trigger cert issuance.

Just remove on_demand. You should only use it if you don’t know the domains ahead of time, i.e. you’re having customers point their domains to your server and you can’t have Caddy issue the certs up-front because it needs to be dynamic. That’s not your situation, you know your domain, so no need for on-demand.

nitanmarcel · November 24, 2024, 9:52am

I suppose there was a communication issue from my side here.

The issue is that even with your changes if I have my record like this

git.marcelsoftware.dev {
	tls mail@marcelsoftware.dev
}

Caddy handles the cert correctly but then layer4 won’t be able to handle the request, ending up with a blank page

francislavoie · November 24, 2024, 10:12am

Show your debug logs

nitanmarcel · November 24, 2024, 10:38am

Look for it.marcelsoftware.dev

Nov 24 10:37:41 ubuntu systemd[1]: Starting Caddy...
Nov 24 10:37:41 ubuntu caddy[1649363]: caddy.HomeDir=/var/lib/caddy
Nov 24 10:37:41 ubuntu caddy[1649363]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Nov 24 10:37:41 ubuntu caddy[1649363]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Nov 24 10:37:41 ubuntu caddy[1649363]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Nov 24 10:37:41 ubuntu caddy[1649363]: caddy.Version=v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
Nov 24 10:37:41 ubuntu caddy[1649363]: runtime.GOOS=linux
Nov 24 10:37:41 ubuntu caddy[1649363]: runtime.GOARCH=amd64
Nov 24 10:37:41 ubuntu caddy[1649363]: runtime.Compiler=gc
Nov 24 10:37:41 ubuntu caddy[1649363]: runtime.NumCPU=4
Nov 24 10:37:41 ubuntu caddy[1649363]: runtime.GOMAXPROCS=4
Nov 24 10:37:41 ubuntu caddy[1649363]: runtime.Version=go1.23.3
Nov 24 10:37:41 ubuntu caddy[1649363]: os.Getwd=/
Nov 24 10:37:41 ubuntu caddy[1649363]: LANG=C.UTF-8
Nov 24 10:37:41 ubuntu caddy[1649363]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Nov 24 10:37:41 ubuntu caddy[1649363]: NOTIFY_SOCKET=/run/systemd/notify
Nov 24 10:37:41 ubuntu caddy[1649363]: HOME=/var/lib/caddy
Nov 24 10:37:41 ubuntu caddy[1649363]: LOGNAME=caddy
Nov 24 10:37:41 ubuntu caddy[1649363]: USER=caddy
Nov 24 10:37:41 ubuntu caddy[1649363]: INVOCATION_ID=27ec395fa98b4056b83de21509b2f240
Nov 24 10:37:41 ubuntu caddy[1649363]: JOURNAL_STREAM=8:20948905
Nov 24 10:37:41 ubuntu caddy[1649363]: SYSTEMD_EXEC_PID=1649363
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.656575,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6620166,"msg":"adapted config to JSON","adapter":"caddyfile"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"warn","ts":1732444661.6620474,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":4}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6645129,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6654088,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc001cb7800"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6656353,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6656737,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6657386,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{"subjects":["gptproxy.marcelsoftware.dev","docker.marcelsoftware.dev","twenty.marcelsoftware.dev","unami.marcelsoftware.dev","stats.marcelsoftware.dev","auth.marcelsoftware.dev","gpt.marcelsoftware.dev","marcelsoftware.dev"]},{"subjects":["mail.marcelsoftware.dev"],"key_type":"rsa2048"},{"subjects":["git.marcelsoftware.dev"],"on_demand":true},{"subjects":["it.marcelsoftware.dev"]},{}]}},"http":{"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"localhost:8121"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"localhost:9000"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"localhost:3000"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":":3001"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"authentication","providers":{"authorizer":{"gatekeeper_name":"admins_policy","route_matcher":"*"}}},{"handler":"reverse_proxy","upstreams":[{"dial":":61208"}]}]}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"body":"Hello DMS","handler":"static_response"}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"authenticator","portal_name":"myportal","route_matcher":"*"}]}]}],"match":[{"path":["*"]}]}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"localhost:6610"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"localhost:3080"}]}]}]}],"terminal":true},{"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"vars","root":"/var/opt/www"},{"handler":"file_server","hide":["/etc/caddy/Caddyfile"]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6677454,"logger":"security","msg":"provisioning app instance","app":"security"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.66791,"logger":"security","msg":"identity store authenticator configuration","kind":"local","db_path":"/var/lib/caddy/users.json"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.670907,"logger":"security","msg":"successfully configured identity store","name":"localdb","kind":"local","db_path":"/var/lib/caddy/users.json","login_icon":{"class_name":"las la-key la-2x","color":"white","background_color":"#324960","text_color":"#37474f"}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6710112,"logger":"security","msg":"Configuring caching","portal_name":"myportal","portal_id":"64339144-8afd-44cb-8d63-913dfab88bd8"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.671116,"logger":"security","msg":"Configuring cookie parameters","portal_name":"myportal","cookie_config":{"domains":{"marcelsoftware.dev":{"seq":1,"domain":"marcelsoftware.dev"}}}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.671176,"logger":"security","msg":"Configuring default portal user roles","portal_name":"myportal","portal_admin_roles":{"authp/admin":true},"portal_user_roles":{"authp/user":true},"portal_guest_roles":{"authp/guest":true},"portal_admin_role_patterns":[],"portal_user_role_patterns":[],"portal_guest_role_patterns":[]}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6712103,"logger":"security","msg":"Configuring authentication ACL","portal_name":"myportal","portal_id":"64339144-8afd-44cb-8d63-913dfab88bd8","access_list_configs":[{"comment":"admin role name match","conditions":["match role authp/admin"],"action":"allow stop"},{"comment":"user role name match","conditions":["match role authp/user"],"action":"allow stop"},{"comment":"guest role name match","conditions":["match role authp/guest"],"action":"allow stop"}]}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6713378,"logger":"security","msg":"Configured validator ACL","portal_name":"myportal","portal_id":"64339144-8afd-44cb-8d63-913dfab88bd8","token_validator_options":{"validate_bearer_header":true},"token_grantor_options":{}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.671367,"logger":"security","msg":"Configuring identity store login options","portal_name":"myportal","portal_id":"64339144-8afd-44cb-8d63-913dfab88bd8","identity_store_count":1}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.671431,"logger":"security","msg":"Provisioned login options","portal_name":"myportal","portal_id":"64339144-8afd-44cb-8d63-913dfab88bd8","options":{"authenticators":[{"background_color":"#324960","class_name":"las la-key la-2x","color":"white","realm":"local","text":"LOCAL","text_color":"#37474f"}],"authenticators_required":"no","default_realm":"local","form_required":"yes","hide_contact_support_link":"yes","hide_forgot_username_link":"yes","hide_links":"yes","hide_register_link":"yes","identity_required":"yes","realm_dropdown_required":"no","realms":[{"default":"yes","label":"LOCAL","realm":"local"}]},"identity_store_count":1,"identity_provider_count":0}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.671511,"logger":"security","msg":"Configuring user interface","portal_name":"myportal","portal_id":"64339144-8afd-44cb-8d63-913dfab88bd8"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6717153,"logger":"security","msg":"Configuring default authentication user interface templates","portal_name":"myportal","template_theme":"basic","template_name":"login"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6724749,"logger":"security","msg":"Configuring default authentication user interface templates","portal_name":"myportal","template_theme":"basic","template_name":"sandbox"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6734333,"logger":"security","msg":"Configuring default authentication user interface templates","portal_name":"myportal","template_theme":"basic","template_name":"apps_sso"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6736794,"logger":"security","msg":"Configuring default authentication user interface templates","portal_name":"myportal","template_theme":"basic","template_name":"apps_mobile_access"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6738484,"logger":"security","msg":"Configuring default authentication user interface templates","portal_name":"myportal","template_theme":"basic","template_name":"portal"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.674025,"logger":"security","msg":"Configuring default authentication user interface templates","portal_name":"myportal","template_theme":"basic","template_name":"whoami"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.674191,"logger":"security","msg":"Configuring default authentication user interface templates","portal_name":"myportal","template_theme":"basic","template_name":"register"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6746094,"logger":"security","msg":"Configuring default authentication user interface templates","portal_name":"myportal","template_theme":"basic","template_name":"generic"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6747975,"logger":"security","msg":"Configuring default authentication user interface templates","portal_name":"myportal","template_theme":"basic","template_name":"settings"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.677312,"logger":"security","msg":"Configured user interface","portal_name":"myportal","portal_id":"64339144-8afd-44cb-8d63-913dfab88bd8","title":"Sign In","logo_url":"/assets/images/logo.svg","logo_description":"Authentication Portal","action_endpoint":"","private_links":[{"link":"https://marcelsoftware.dev/","title":"My Website","icon_name":"las la-star","icon_enabled":true},{"link":"/whoami","title":"My Identity","icon_name":"las la-user","icon_enabled":true}],"realms":[],"theme":"basic"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.677373,"logger":"security","msg":"Configuring user transforms","portal_name":"myportal","portal_id":"64339144-8afd-44cb-8d63-913dfab88bd8"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6774652,"logger":"security","msg":"Configured user transforms","portal_name":"myportal","portal_id":"64339144-8afd-44cb-8d63-913dfab88bd8","transforms":[{"matchers":["exact match origin local"],"actions":["action add role authp/user","ui link \"Portal Settings\" /settings icon \"las la-cog\""]}]}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6774905,"logger":"security","msg":"Logout redirect URI configuration not present"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.678099,"logger":"security","msg":"Configured gatekeeper","gatekeeper_name":"admins_policy","gatekeeper_id":"ef8465f0-63d0-4a45-b1d0-38159b0acc43","auth_url_path":"https://auth.marcelsoftware.dev/","token_sources":"cookie header query","token_validator_options":{},"access_list_rules":[{"conditions":["match roles authp/admin authp/user"],"action":"allow log debug"},{"comment":"comment allow users","conditions":["match role authp/user"],"action":"allow stop log info"},{"comment":"comment default deny","conditions":["match any"],"action":"deny log warn"}],"forbidden_path":""}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6781573,"logger":"security","msg":"provisioned app instance","app":"security"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6792707,"logger":"security","msg":"started app instance","app":"security"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6795483,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6799731,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6800368,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6801307,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.680151,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6801622,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["mail.marcelsoftware.dev","auth.marcelsoftware.dev","it.marcelsoftware.dev","twenty.marcelsoftware.dev","unami.marcelsoftware.dev","stats.marcelsoftware.dev","gptproxy.marcelsoftware.dev","git.marcelsoftware.dev","gpt.marcelsoftware.dev","marcelsoftware.dev","docker.marcelsoftware.dev"]}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"warn","ts":1732444661.6816223,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [mail.marcelsoftware.dev]: no OCSP server specified in certificate","identifiers":["mail.marcelsoftware.dev"]}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6816883,"logger":"tls.cache","msg":"added certificate to cache","subjects":["mail.marcelsoftware.dev"],"expiration":1732464030,"managed":true,"issuer_key":"local","hash":"c4f0ab6901b2f4a0616440e21ca5c15082cdd7904f0b9947472ef6a0a1da41f0","cache_size":1,"cache_capacity":10000}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6817436,"logger":"events","msg":"event","name":"cached_managed_cert","id":"e1a6250b-c2e0-4d0e-bf96-a8b1effa0bea","origin":"tls","data":{"sans":["mail.marcelsoftware.dev"]}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6827326,"logger":"tls.cache","msg":"added certificate to cache","subjects":["auth.marcelsoftware.dev"],"expiration":1740062167,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"76d27ec29bcfe47cce384381e6059498043f282c08eb60a8d4a7951063f4fb4a","cache_size":2,"cache_capacity":10000}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6828196,"logger":"events","msg":"event","name":"cached_managed_cert","id":"64f19418-55cc-457c-99bf-60e9b2e1edc0","origin":"tls","data":{"sans":["auth.marcelsoftware.dev"]}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6835608,"logger":"tls.cache","msg":"added certificate to cache","subjects":["twenty.marcelsoftware.dev"],"expiration":1739953348,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"be05070585e0357d62778b3705d69f6576b2e5f27cd8b47746500abb86305e42","cache_size":3,"cache_capacity":10000}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.683628,"logger":"events","msg":"event","name":"cached_managed_cert","id":"7bd78bf6-99d1-4034-8e58-54b8c02750c1","origin":"tls","data":{"sans":["twenty.marcelsoftware.dev"]}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6843593,"logger":"tls.cache","msg":"added certificate to cache","subjects":["unami.marcelsoftware.dev"],"expiration":1739969274,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"1e9cf05f2fb774de8d4fba9bd95ee8a13c2f79831b3c20b98fb4c2c446dc4ad3","cache_size":4,"cache_capacity":10000}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6844327,"logger":"events","msg":"event","name":"cached_managed_cert","id":"2ec9d190-8b50-4f58-b724-27a3f949a18f","origin":"tls","data":{"sans":["unami.marcelsoftware.dev"]}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6852264,"logger":"tls.cache","msg":"added certificate to cache","subjects":["stats.marcelsoftware.dev"],"expiration":1739744142,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"b0d429e9b3480d97d1d5e948b573410f9a450eefe7f8d13c4293c607da1e8ed0","cache_size":5,"cache_capacity":10000}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6853306,"logger":"events","msg":"event","name":"cached_managed_cert","id":"788e8143-11ef-4d3f-9c40-b95e003f01fd","origin":"tls","data":{"sans":["stats.marcelsoftware.dev"]}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6861703,"logger":"tls.cache","msg":"added certificate to cache","subjects":["gptproxy.marcelsoftware.dev"],"expiration":1739741628,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"9023cfee1e355dd50369b3ca5940394fce181d681406458d41c3c068bc4903a5","cache_size":6,"cache_capacity":10000}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6862557,"logger":"events","msg":"event","name":"cached_managed_cert","id":"f85a0b04-c05e-4b8a-b902-48effb6941f1","origin":"tls","data":{"sans":["gptproxy.marcelsoftware.dev"]}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6870294,"logger":"tls.cache","msg":"added certificate to cache","subjects":["gpt.marcelsoftware.dev"],"expiration":1739729466,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"5e3f4a4bdd47fdf311de9ecfd3f1ed86583253c02b01934b302080eb36d1fc89","cache_size":7,"cache_capacity":10000}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6870956,"logger":"events","msg":"event","name":"cached_managed_cert","id":"e338821b-19a2-4308-b273-9bb1b06540c2","origin":"tls","data":{"sans":["gpt.marcelsoftware.dev"]}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6879172,"logger":"tls.cache","msg":"added certificate to cache","subjects":["marcelsoftware.dev"],"expiration":1739801101,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"90df7f0afd66107aa3575821d61e75a405ecc023dea08df2b92b1e7d72a7e860","cache_size":8,"cache_capacity":10000}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.688017,"logger":"events","msg":"event","name":"cached_managed_cert","id":"c2be889a-b7f2-48fd-9554-ee4599eaaaca","origin":"tls","data":{"sans":["marcelsoftware.dev"]}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6887672,"logger":"tls.cache","msg":"added certificate to cache","subjects":["docker.marcelsoftware.dev"],"expiration":1739723181,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"93f387d33d1fca08805ba8311fa926c81e4d7f896aee1248fa79b8a6d0667e9c","cache_size":9,"cache_capacity":10000}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6888826,"logger":"events","msg":"event","name":"cached_managed_cert","id":"cffac906-d0da-4975-895d-edac1b03e308","origin":"tls","data":{"sans":["docker.marcelsoftware.dev"]}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6894522,"logger":"tls","msg":"loading managed certificate","domain":"it.marcelsoftware.dev","expiration":1739724166,"issuer_key":"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6898935,"logger":"tls.cache","msg":"added certificate to cache","subjects":["it.marcelsoftware.dev"],"expiration":1739724166,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"e89bbf64dc2012254786d0e343569b6498aefb4a626030fb67c3f55bcddccfaa","cache_size":10,"cache_capacity":10000}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6899614,"logger":"events","msg":"event","name":"cached_managed_cert","id":"aec1ef37-891e-4e20-beca-5042c4012222","origin":"tls","data":{"sans":["it.marcelsoftware.dev"]}}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.690113,"logger":"layer4","msg":"listening","address":"tcp/[::]:443"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6901803,"logger":"layer4","msg":"listening","address":"tcp/[::]:22"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6902115,"logger":"pki.ca.local","msg":"root certificate is already trusted by system","path":"storage:pki/authorities/local/root.crt"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"debug","ts":1732444661.6903534,"logger":"dynamic_dns","msg":"beginning IP address check"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6904259,"logger":"dynamic_dns","msg":"Loaded dynamic domains","domains":["twenty.marcelsoftware.dev","unami.marcelsoftware.dev","auth.marcelsoftware.dev","gptproxy.marcelsoftware.dev","mail.marcelsoftware.dev","git.marcelsoftware.dev","it.marcelsoftware.dev","marcelsoftware.dev","docker.marcelsoftware.dev","stats.marcelsoftware.dev","gpt.marcelsoftware.dev"]}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.690454,"logger":"dynamic_dns","msg":"Adding dynamic domain","domain":"twenty"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6904643,"logger":"dynamic_dns","msg":"Adding dynamic domain","domain":"unami"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6904728,"logger":"dynamic_dns","msg":"Adding dynamic domain","domain":"auth"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6904824,"logger":"dynamic_dns","msg":"Adding dynamic domain","domain":"gptproxy"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.69049,"logger":"dynamic_dns","msg":"Adding dynamic domain","domain":"mail"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6904979,"logger":"dynamic_dns","msg":"Adding dynamic domain","domain":"git"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6905053,"logger":"dynamic_dns","msg":"Adding dynamic domain","domain":"it"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6905134,"logger":"dynamic_dns","msg":"Adding dynamic domain","domain":"@"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6905208,"logger":"dynamic_dns","msg":"Adding dynamic domain","domain":"docker"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6905303,"logger":"dynamic_dns","msg":"Adding dynamic domain","domain":"stats"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6905382,"logger":"dynamic_dns","msg":"Adding dynamic domain","domain":"gpt"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.6907032,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Nov 24 10:37:41 ubuntu systemd[1]: Started Caddy.
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.694193,"msg":"serving initial configuration"}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.69791,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"5a891700-d907-4fed-8276-709bd1d5beb8","try_again":1732531061.697907,"try_again_in":86399.999998934}
Nov 24 10:37:41 ubuntu caddy[1649363]: {"level":"info","ts":1732444661.698055,"logger":"tls","msg":"finished cleaning storage units"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0722628,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"auth","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0723314,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"caddy","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0723453,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"docker","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0723553,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"git","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0723648,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"gpt","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0723753,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"gptproxy","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.072385,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"it","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0723948,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"mail","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.072429,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0724444,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"proton","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0724547,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"smtp","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.072465,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"stats","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0724738,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"twenty","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.072483,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"umami","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0724938,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"unami","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0725152,"logger":"dynamic_dns","msg":"found DNS record","type":"A","name":"www","zone":"marcelsoftware.dev","value":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0725265,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"auth","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0725381,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"caddy","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.072552,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"docker","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.072564,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"git","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0725734,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"gpt","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0725832,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"gptproxy","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0725927,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"it","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0726018,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"mail","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0726106,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0726185,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"proton","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0726264,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"smtp","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0726354,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"stats","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0726614,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"twenty","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.072672,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"umami","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0726814,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"unami","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.0726907,"logger":"dynamic_dns","msg":"found DNS record","type":"AAAA","name":"www","zone":"marcelsoftware.dev","value":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.072768,"logger":"dynamic_dns","msg":"looked up current IPs from DNS","lastIPs":{"auth.marcelsoftware.dev":{"A":["188.241.240.67"],"AAAA":["2a0e:8f02:f04f:1074::"]},"docker.marcelsoftware.dev":{"A":["188.241.240.67"],"AAAA":["2a0e:8f02:f04f:1074::"]},"git.marcelsoftware.dev":{"A":["188.241.240.67"],"AAAA":["2a0e:8f02:f04f:1074::"]},"gpt.marcelsoftware.dev":{"A":["188.241.240.67"],"AAAA":["2a0e:8f02:f04f:1074::"]},"gptproxy.marcelsoftware.dev":{"A":["188.241.240.67"],"AAAA":["2a0e:8f02:f04f:1074::"]},"it.marcelsoftware.dev":{"A":["188.241.240.67"],"AAAA":["2a0e:8f02:f04f:1074::"]},"mail.marcelsoftware.dev":{"A":["188.241.240.67"],"AAAA":["2a0e:8f02:f04f:1074::"]},"marcelsoftware.dev":{"A":["188.241.240.67"],"AAAA":["2a0e:8f02:f04f:1074::"]},"stats.marcelsoftware.dev":{"A":["188.241.240.67"],"AAAA":["2a0e:8f02:f04f:1074::"]},"twenty.marcelsoftware.dev":{"A":["188.241.240.67"],"AAAA":["2a0e:8f02:f04f:1074::"]},"unami.marcelsoftware.dev":{"A":["188.241.240.67"],"AAAA":["2a0e:8f02:f04f:1074::"]},"www.marcelsoftware.dev":{"A":["188.241.240.67"],"AAAA":["2a0e:8f02:f04f:1074::"]}}}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.1299486,"logger":"dynamic_dns.ip_sources.simple_http","msg":"lookup","type":"IPv4","endpoint":"https://icanhazip.com","ip":"188.241.240.67"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.1727421,"logger":"dynamic_dns.ip_sources.simple_http","msg":"lookup","type":"IPv6","endpoint":"https://icanhazip.com","ip":"2a0e:8f02:f04f:1074::"}
Nov 24 10:37:43 ubuntu caddy[1649363]: {"level":"debug","ts":1732444663.172859,"logger":"dynamic_dns","msg":"no IP address change; no update needed"}
Nov 24 10:37:50 ubuntu caddy[1649363]: {"level":"debug","ts":1732444670.3211243,"logger":"events","msg":"event","name":"tls_get_certificate","id":"de8dd3fe-8b50-4e3d-8c00-6961b10922ed","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4867,4866,49195,49199,52393,52392,49196,49200,49171,49172,156,157,47,53],"ServerName":"it.marcelsoftware.dev","SupportedCurves":[4588,29,23,24,25,256,257],"SupportedPoints":"AA==","SignatureSchemes":[1027,1283,1539,2052,2053,2054,1025,1281,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"RemoteAddr":{"IP":"82.77.10.249","Port":60500,"Zone":""},"LocalAddr":{"IP":"188.241.240.67","Port":443,"Zone":""}}}}
Nov 24 10:37:50 ubuntu caddy[1649363]: {"level":"debug","ts":1732444670.3212023,"logger":"tls.handshake","msg":"choosing certificate","identifier":"it.marcelsoftware.dev","num_choices":1}
Nov 24 10:37:50 ubuntu caddy[1649363]: {"level":"debug","ts":1732444670.3212347,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"it.marcelsoftware.dev","subjects":["it.marcelsoftware.dev"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"e89bbf64dc2012254786d0e343569b6498aefb4a626030fb67c3f55bcddccfaa"}
Nov 24 10:37:50 ubuntu caddy[1649363]: {"level":"debug","ts":1732444670.3212512,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"82.77.10.249","remote_port":"60500","subjects":["it.marcelsoftware.dev"],"managed":true,"expiration":1739724166,"hash":"e89bbf64dc2012254786d0e343569b6498aefb4a626030fb67c3f55bcddccfaa"}

francislavoie · November 24, 2024, 10:51am

I don’t see any logs for attempted connections to git.marcelsoftware.dev

nitanmarcel · November 24, 2024, 11:19am

I’ve changed it to the it subdomain for testing purposes

Whitestrake · November 24, 2024, 11:24pm

No idea what’s going on, but looking at the latest config you’ve posted, you’re routing layer 4 TLS SNI for git.marcelsoftware.dev (or it.marcelsoftware.dev?) to :6610?

What’s listening on :6610, exactly? Because it doesn’t look like you’ve configured your HTTPS server to listen there.

Edit: Actually, the behaviour I’m seeing is the HTTP server taking precedence over the layer4 server…

curl results:

~/Projects/caddy
➜ curl -iL test.example.com --resolve test.example.com:443:127.0.0.1 --resolve test.example.com:80:127.0.0.1
HTTP/1.1 308 Permanent Redirect
Connection: close
Location: https://test.example.com/
Server: Caddy
Date: Sun, 24 Nov 2024 23:31:44 GMT
Content-Length: 0

HTTP/2 200
alt-svc: h3=":443"; ma=2592000
content-type: text/plain; charset=utf-8
server: Caddy
content-length: 9
date: Sun, 24 Nov 2024 23:31:44 GMT

It works!⏎

Version, Caddyfile, and logs:

~/Projects/caddy
➜ caddy version
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=

~/Projects/caddy
➜ cat Caddyfile
{
  debug
  layer4 {
    :443 {
      @ssh ssh
      route @ssh {
        proxy :6611
      }
      @secure tls sni test.example.com
      route @secure {
        proxy :6610
      }
    }
  }
}

test.example.com {
  tls internal
  respond "It works!"
}

~/Projects/caddy
➜ caddy run
2024/11/24 23:31:41.663	INFO	using adjacent Caddyfile
2024/11/24 23:31:41.664	INFO	adapted config to JSON	{"adapter": "caddyfile"}
2024/11/24 23:31:41.664	WARN	Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies	{"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2024/11/24 23:31:41.667	INFO	admin	admin endpoint started	{"address": "localhost:2019", "enforce_origin": false, "origins": ["//[::1]:2019", "//127.0.0.1:2019", "//localhost:2019"]}
2024/11/24 23:31:41.667	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0x14000221480"}
2024/11/24 23:31:41.668	INFO	http.auto_https	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2024/11/24 23:31:41.668	INFO	http.auto_https	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2024/11/24 23:31:41.668	DEBUG	http.auto_https	adjusted config	{"tls": {"automation":{"policies":[{"subjects":["test.example.com"]},{}]}}, "http": {"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"body":"It works!","handler":"static_response"}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
2024/11/24 23:31:41.673	INFO	pki.ca.local	root certificate is already trusted by system	{"path": "storage:pki/authorities/local/root.crt"}
2024/11/24 23:31:41.673	INFO	http	enabling HTTP/3 listener	{"addr": ":443"}
2024/11/24 23:31:41.674	DEBUG	http	starting server loop	{"address": "[::]:443", "tls": true, "http3": true}
2024/11/24 23:31:41.674	INFO	http.log	server running	{"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/11/24 23:31:41.674	DEBUG	http	starting server loop	{"address": "[::]:80", "tls": false, "http3": false}
2024/11/24 23:31:41.674	INFO	http.log	server running	{"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/11/24 23:31:41.674	INFO	http	enabling automatic TLS certificate management	{"domains": ["test.example.com"]}
2024/11/24 23:31:41.675	WARN	tls	stapling OCSP	{"error": "no OCSP stapling for [test.example.com]: no OCSP server specified in certificate", "identifiers": ["test.example.com"]}
2024/11/24 23:31:41.675	DEBUG	tls.cache	added certificate to cache	{"subjects": ["test.example.com"], "expiration": "2024/11/25 11:19:48.000", "managed": true, "issuer_key": "local", "hash": "fa81d169705b7bb961bf2ad81c900fdcb55c42db00f2e20575b89420e71ce34e", "cache_size": 1, "cache_capacity": 10000}
2024/11/24 23:31:41.675	DEBUG	events	event	{"name": "cached_managed_cert", "id": "c2792e6e-c48c-4fbc-815f-d4027c2d125b", "origin": "tls", "data": {"sans":["test.example.com"]}}
2024/11/24 23:31:41.675	DEBUG	layer4	listening	{"address": "tcp/[::]:443"}
2024/11/24 23:31:41.676	INFO	autosaved config (load with --resume flag)	{"file": "/Users/whitestrake/Library/Application Support/Caddy/autosave.json"}
2024/11/24 23:31:41.676	INFO	serving initial configuration
2024/11/24 23:31:41.679	INFO	tls	storage cleaning happened too recently; skipping for now	{"storage": "FileStorage:/Users/whitestrake/Library/Application Support/Caddy", "instance": "0628da60-008d-4a59-9155-5055acaecdf6", "try_again": "2024/11/25 23:31:41.679", "try_again_in": 86399.999999792}
2024/11/24 23:31:41.679	INFO	tls	finished cleaning storage units
2024/11/24 23:31:44.954	DEBUG	events	event	{"name": "tls_get_certificate", "id": "d81b08df-bd9e-4643-9fb9-4560e8013a41", "origin": "tls", "data": {"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"test.example.com","SupportedCurves":[29,23,30,25,24,256,257,258,259,260],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2074,2075,2076,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"RemoteAddr":{"IP":"127.0.0.1","Port":63239,"Zone":""},"LocalAddr":{"IP":"127.0.0.1","Port":443,"Zone":""}}}}
2024/11/24 23:31:44.954	DEBUG	tls.handshake	choosing certificate	{"identifier": "test.example.com", "num_choices": 1}
2024/11/24 23:31:44.954	DEBUG	tls.handshake	default certificate selection results	{"identifier": "test.example.com", "subjects": ["test.example.com"], "managed": true, "issuer_key": "local", "hash": "fa81d169705b7bb961bf2ad81c900fdcb55c42db00f2e20575b89420e71ce34e"}
2024/11/24 23:31:44.955	DEBUG	tls.handshake	matched certificate in cache	{"remote_ip": "127.0.0.1", "remote_port": "63239", "subjects": ["test.example.com"], "managed": true, "expiration": "2024/11/25 11:19:48.000", "hash": "fa81d169705b7bb961bf2ad81c900fdcb55c42db00f2e20575b89420e71ce34e"}
^C2024/11/24 23:31:47.788	INFO	shutting down	{"signal": "SIGINT"}
2024/11/24 23:31:47.788	WARN	exiting; byeee!! 👋	{"signal": "SIGINT"}
2024/11/24 23:31:47.789	INFO	http	servers shutting down with eternal grace period
2024/11/24 23:31:47.789	INFO	admin	stopped previous server	{"address": "localhost:2019"}
2024/11/24 23:31:47.789	INFO	shutdown complete	{"signal": "SIGINT", "exit_code": 0}

system · December 24, 2024, 11:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.