1. Caddy version (caddy version
):
v2.4.6
2. How I run Caddy:
a. System environment:
Ubuntu 20.04.4 LTS, Docker
b. Command:
docker-compose up -d
c. Service/unit/compose file:
version: "3.7"
services:
nginx:
image: nginx:stable-alpine
container_name: nginx
networks:
- internal
volumes:
- /mnt/unionfs:/media
- /opt/appdata/superplex/streaming-server/nginx.conf:/etc/nginx/conf.d/nginx.conf
- /opt/appdata/superplex/streaming-server/html:/var/www
- /opt/appdata/superplex/streaming-server/cert.pem:/etc/ssl/cert.pem
- /opt/appdata/superplex/streaming-server/key.pem:/etc/ssl/key.pem
ports:
- "8443:8443"
restart: always
d. My complete Caddyfile or JSON config:
{
# Global options block. Entirely optional, https is on by default
# Optional email key for lets encrypt
email m3@gmail.com
# Optional staging lets encrypt for testing. Comment out for production.
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
*.24-7tv.com {
tls {
dns cloudflare KEY
}
@nginx host nginx.24-7tv.com
handle @nginx {
reverse_proxy nginx:8443
}
handle {
abort
}
}
nginx.conf
server {
listen 8443 default_server ssl;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
root /var/www;
}
3. The problem I’m having:
I’ve previously setup Caddy to use as a reverse proxy. I’m working on an additional project that I want to runing nginx so I’m trying to continue that reverse proxy for my web server. I have SSL setup and what I’m getting when I try to test the server is the message:
The plain HTTP request was sent to HTTPS port
nginx/1.22.0
As far as I know, everything I have setup should be using https so I’m not sure what to do next to configure this properly.
4. Error messages and/or full log output:
caddy log:
{"level":"info","ts":1655068713.171485,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1655068713.173798,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1655068713.1801436,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1655068713.1803634,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1655068713.180375,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1655068713.1803904,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000217a40"}
{"level":"info","ts":1655068715.5951037,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["*.24-7tv.com"]}
{"level":"info","ts":1655068715.6051712,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1655068715.6688135,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1655068715.6688333,"msg":"serving initial configuration"}
{"level":"info","ts":1655068715.6691058,"logger":"tls","msg":"finished cleaning storage units"}
nginx log:
172.29.0.2 - - [12/Jun/2022:21:18:39 +0000] "GET / HTTP/1.1" 400 255 "-" "curl/7.68.0" "2a01:4f9:6b:3368::2, 172.70.242.33"
curl -v https://nginx.24-7tv.com
* Trying 2606:4700:3034::ac43:b4b8:443...
* TCP_NODELAY set
* Connected to nginx.24-7tv.com (2606:4700:3034::ac43:b4b8) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Mar 19 00:00:00 2022 GMT
* expire date: Mar 18 23:59:59 2023 GMT
* subjectAltName: host "nginx.24-7tv.com" matched cert's "*.24-7tv.com"
* issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55c62ca542f0)
> GET / HTTP/2
> Host: nginx.24-7tv.com
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 400
< date: Sun, 12 Jun 2022 21:38:25 GMT
< content-type: text/html
< cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ggCwKQylsunwfvq%2Bm3M%2BlIlJno1VR0mZI1qNJ0xWpflEeeiiY12onI7x%2BfrQQRARkihsOLDFUxI%2B0CQEoPUk7GkBKMoMt65qNl%2BtNCWZO8UqcpD7gbNez0DbUtImn2u5Zo41Z8GzNKigVUJmGzdY"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 71a5bbbd7dfa9a05-FRA
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.22.0</center>
</body>
</html>
* Connection #0 to host nginx.24-7tv.com left intact