[newbie] Two services on https

ksol · February 16, 2022, 9:15pm

1. Caddy version (`caddy version`):

v2.4.6

2. How I run Caddy:

a. System environment:

Ubuntu 20.04

b. Command:

sudo systemctl start caddy.service

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=www-data
Group=www-data
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

mysite.it
{
        root * /var/www/html/mysite.it
        file_server
        reverse_proxy localhost:8079
}

mysite.it:8169
{
        root * /var/www/html/mysite.it
        file_server
        reverse_proxy localhost:8069
}

3. The problem I’m having:

I have two web serivces, one on 8069 port and another on 8079.
I want to use both with https.
Each work fine if I set the Caddyfile with only one service but I’m not able to setup the file to have both going well.
I tried different configuration (googled on the net) but without know much in terms or web server configuration is like play on the roulette.
Someone has the winning number?
Thanks

4. Error messages and/or full log output:

this is the result of curl -v localhost:8169

*   Trying 127.0.0.1:8169...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8169 (#0)
> GET / HTTP/1.1
> Host: localhost:8169
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
* HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad Request
<
Client sent an HTTP request to an HTTPS server.
* Closing connection 0

this is the result of curl -v https://localhost:8069

*   Trying 127.0.0.1:8069...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8069 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Doing https://mysite.it:8069 gives:

An error occurred during a connection to mysite.it:8069. PR_END_OF_FILE_ERROR

5. What I already tried:

At the moment I haven’t a third level domain to use in the config so I try adding port indication on the address or specific path on the root (ie: root /server_2/* /var/www/html/mysite.it) for the second service.
If I do http://mysite.it:8069 it goes but on http

francislavoie · February 17, 2022, 12:13am

What’s in your logs? What exactly is not working? What behaviour are you seeing?

Please be more specific. Don’t omit any parts of the help template, they’re important.

ksol · February 17, 2022, 9:23am

I changed the config, did the log (I hope in the right way) and add some notes.
Let me know if it is enough.

francislavoie · February 17, 2022, 4:35pm

Hmm, okay.

First, why are you using a different port for the second site? Why not use a subdomain like second.mysite.it? That way you can avoid the port number.

Second, you’re making requests using an IP address such as 127.0.0.1:8169, but that won’t work because you configured Caddy with mysite.it as the hostname. So it’s looking for that hostname in TLS-SNI (in the TLS handshake) and/or the Host header. The IP address isn’t the same as the hostname.

Also in one curl example, you used 8069 and the other you used 8169. Those aren’t the same thing. You configured Caddy to listen on port 8169. So you would need to connect with https://mysite.it:8169.

system · March 18, 2022, 9:15pm

This topic was automatically closed after 30 days. New replies are no longer allowed.