1. Caddy version (caddy version
):
Docker Hub tag caddy:2
2. How I run Caddy:
Through docker on a VPS
a. System environment:
Docker
c. Service/unit/compose file:
version: '3'
services:
app:
image: 'caddy:2'
#network_mode: "host"
restart: unless-stopped
ports:
- '80:80'
- '443:443'
volumes:
- ./data:/data
- ./config:/config
- ./Caddyfile:/etc/caddy/Caddyfile
- ./srv:/srv
networks:
- backend
networks:
backend:
name: backend
external: true
d. My complete Caddyfile or JSON config:
{
email email@example.com
}
admin.trunking.telexperts-host.net {
@public not remote_ip 24.78.154.37/32
tls email@example.com {
on_demand
}
respond @public 403 {
close
}
reverse_proxy admin-panel-admin-panel-1:80
}
3. The problem I’m having:
The not request matcher doesn’t seem to work. When I put the above public filter it blocks my ip, not others.
4. Error messages and/or full log output:
caddy-app-1 | {"level":"error","ts":1653356648.3603776,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"admin.trunking.telexperts-host.net","error":"no information found to solve challenge for identifier: admin.trunking.telexperts-host.net"}
caddy-app-1 | {"level":"error","ts":1653356648.3604548,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"admin.trunking.telexperts-host.net","error":"no information found to solve challenge for identifier: admin.trunking.telexperts-host.net"}
caddy-app-1 | {"level":"error","ts":1653356648.3946877,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"admin.trunking.telexperts-host.net","error":"no information found to solve challenge for identifier: admin.trunking.telexperts-host.net"}
caddy-app-1 | {"level":"error","ts":1653356648.3947623,"logger":"tls.issuance.acme","msg":"looking up info for HTTP challenge","host":"admin.trunking.telexperts-host.net","error":"no information found to solve challenge for identifier: admin.trunking.telexperts-host.net"}
caddy-app-1 | {"level":"error","ts":1653356648.3948286,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"172.105.18.30","remote_port":"49930","proto":"HTTP/1.1","method":"GET","host":"admin.trunking.telexperts-host.net","uri":"/.well-known/acme-challenge/MFUL2LWDEkPnf_Un8lbekgQoNahisWCb-VIHetYEAEk","headers":{"User-Agent":["cert-manager/v1.7.1 (clean)"],"Referer":["http://admin.trunking.telexperts-host.net/.well-known/acme-challenge/MFUL2LWDEkPnf_Un8lbekgQoNahisWCb-VIHetYEAEk"],"Accept-Encoding":["gzip"],"Connection":["close"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"admin.trunking.telexperts-host.net"}},"user_id":"","duration":0.00022756,"size":0,"status":403,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Content-Type":[]}}
caddy-app-1 | {"level":"error","ts":1653356648.6687777,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"24.78.138.37","remote_port":"65460","proto":"HTTP/2.0","method":"GET","host":"admin.trunking.telexperts-host.net","uri":"/index.html?__WB_REVISION__=84af66af4dcf16627cd732d8779fb6f5","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.162 Safari/537.36"],"Referer":["https://admin.trunking.telexperts-host.net/service-worker.js"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US,en;q=0.9"],"Pragma":["no-cache"],"Cache-Control":["no-cache"],"Accept":["*/*"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Dest":["empty"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"admin.trunking.telexperts-host.net"}},"user_id":"","duration":0.000051627,"size":0,"status":403,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Content-Type":[]}}
caddy-app-1 | {"level":"error","ts":1653356649.8410146,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"24.78.138.37","remote_port":"65462","proto":"HTTP/2.0","method":"GET","host":"admin.trunking.telexperts-host.net","uri":"/service-worker.js","headers":{"Sec-Fetch-Dest":["serviceworker"],"Referer":["https://admin.trunking.telexperts-host.net/service-worker.js"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.162 Safari/537.36"],"Accept-Language":["en-US,en;q=0.9"],"Cache-Control":["max-age=0"],"Accept":["*/*"],"Service-Worker":["script"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Mode":["same-origin"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"admin.trunking.telexperts-host.net"}},"user_id":"","duration":0.000037953,"size":0,"status":403,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Content-Type":[]}}
5. What I already tried:
I copied that from an example I found on this forum somewhere, it seems to be doing blocking, just the opposite from what I want!
If I remove the not from the @public line, it allows my connection, but doesn’t block others.