1. Caddy version (caddy version
): 2.3.0
2. How I run Caddy:
docker-compose
a. System environment:
Docker (2.3.0-alpine)
b. Command:
docker-compose up
c. Service/unit/compose file:
version: "3.7"
services:
caddy:
image: caddy:2.3.0-alpine
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "2019:2019"
volumes:
- caddy_data:/data
- caddy_config:/config
- ./Caddyfile:/etc/caddy/Caddyfile
other_container:
build:
dockerfile: ./Dockerfile
context: ./
restart: unless-stopped
volumes:
caddy_data:
caddy_config:
d. My complete Caddyfile or JSON config:
Caddyfile used to initialise server
{
admin 0.0.0.0:2019
}
mycaddy.local {
reverse_proxy other_container:8080 {
header_up X-mTLScertHash {http.request.tls.client.fingerprint}
}
tls {
issuer internal {
ca "local"
}
}
}
After init I try to /load the following JSON config (the same happens if just POSTing the new segment to /config/apps/pki etc.):
{
"admin": {
"listen": "0.0.0.0:2019"
},
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"X-Mtlscerthash": [
"{http.request.tls.client.fingerprint}"
]
}
}
},
"upstreams": [
{
"dial": "other_container:8080"
}
]
}
]
}
]
}
],
"match": [
{
"host": [
"mycaddy.local"
]
}
],
"terminal": true
}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"issuers": [
{
"ca": "local",
"module": "internal"
}
],
"subjects": [
"mycaddy.local"
]
}
]
}
},
"pki": {
"certificate_authorities": {
"local": {
"name": "Default Client CA",
"root": {},
"intermediate": {}
}
}
}
}
}
3. The problem I’m having:
Im trying to get PKI working with default CA for both. The server starts fine with Caddyfile above. When updating the config by POSTing the above JSON config to /load it does not result in a working PKI configuration but the below error message.
4. Error messages and/or full log output:
{“error”:“loading config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: provisioning automation policy 0: loading TLS automation management module: position 0: loading module ‘internal’: provision tls.issuance.internal: loading pki app module: provision pki: provisioning CA ‘local’: open : no such file or directory”}
5. What I already tried:
I have had a look in container and a key pair has been generated in /data/caddy/pki/authorities/local