1. Caddy version (caddy version): v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=
2. How I run Caddy:
a. System environment:
Raspian Buster on Raspberry Pi 4
It will use systemd but I have not made it that far yet, still just trying to get it to work manually.
b. Command:
caddy run
c. Service/unit/compose file:
# /lib/systemd/system/caddy.service
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace the line below with your
# domain name.
# Letsencrypt staging environment
# https://acme-staging-v02.api.letsencrypt.org/directory
# Set this path to your site's directory.
# root * /usr/share/caddy
# Enable the static file server.
# file_server
# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8080
# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
{
debug
email greg@gregandeva.net
}
reverse_proxy www.gregandeva.net https://mongoliad.gregandeva.net
reverse_proxy gregandeva.duckdns.org:8123 http://hassos.gregandeva.net:8123
reverse_proxy hassos.gregandeva.net:8123 http://hassos.gregandeva.net:8123
3. The problem I’m having:
What I am trying to do is figure out the precise syntax of a reverse_proxy directive. I have been struggling with this all day and tried so many different things that I cannot remember them all. So perhaps someone will be able to see from the above Caddyfile what I am trying to do and tell me what the proper syntax is.
Looks like it is trying to get a cert for the domain “reverse_proxy”? Clearly my syntax is incorrect.
4. Error messages and/or full log output:
2020/07/05 23:32:25.234 INFO using adjacent Caddyfile
2020/07/05 23:32:25.241 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2020/07/05 23:32:25.242 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2020/07/05 23:32:25.242 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2020/07/05 17:32:25 [INFO][cache:0x3ccaa00] Started certificate maintenance routine
2020/07/05 23:32:25.251 INFO tls cleaned up storage units
2020/07/05 23:32:25.252 DEBUG http starting server loop {"address": "[::]:443", "http3": false, "tls": true}
2020/07/05 23:32:25.253 DEBUG http starting server loop {"address": "[::]:80", "http3": false, "tls": false}
2020/07/05 23:32:25.254 INFO http enabling automatic TLS certificate management {"domains": ["mongoliad.gregandeva.net", "reverse_proxy", "www.gregandeva.net"]}
2020/07/05 17:32:25 [INFO][reverse_proxy] Obtain certificate; acquiring lock...
2020/07/05 17:32:25 [INFO][reverse_proxy] Obtain: Lock acquired; proceeding...
2020/07/05 23:32:25.262 INFO autosaved config {"file": "/root/.config/caddy/autosave.json"}
2020/07/05 23:32:25.263 INFO serving initial configuration
2020/07/05 17:32:25 [INFO][reverse_proxy] Waiting on rate limiter...
2020/07/05 17:32:25 [INFO][reverse_proxy] Done waiting
2020/07/05 17:32:25 [INFO] [reverse_proxy] acme: Obtaining bundled SAN certificate given a CSR
2020/07/05 17:32:25 [ERROR] acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for "reverse_proxy": Domain name contains an invalid character, url: (challenge=tls-alpn-01 remaining=[http-01])
2020/07/05 17:32:27 [INFO] [reverse_proxy] acme: Obtaining bundled SAN certificate given a CSR
2020/07/05 17:32:28 [ERROR] acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for "reverse_proxy": Domain name contains an invalid character, url: (challenge=http-01 remaining=[])
2020/07/05 17:32:30 [ERROR] attempt 1: [reverse_proxy] Obtain: [reverse_proxy] acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for "reverse_proxy": Domain name contains an invalid character, url: - retrying in 1m0s (4.749510931s/720h0m0s elapsed)...
2020/07/05 17:33:33 [INFO] acme: Registering account for greg@gregandeva.net
2020/07/05 17:33:34 [INFO] [reverse_proxy] acme: Obtaining bundled SAN certificate given a CSR
2020/07/05 17:33:34 [ERROR] acme: error: 400 :: POST :: https://acme-staging-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for "reverse_proxy": Domain name contains an invalid character, url: (challenge=tls-alpn-01 remaining=[http-01])
2020/07/05 17:33:36 [INFO] [reverse_proxy] acme: Obtaining bundled SAN certificate given a CSR
2020/07/05 17:33:36 [ERROR] acme: error: 400 :: POST :: https://acme-staging-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for "reverse_proxy": Domain name contains an invalid character, url: (challenge=http-01 remaining=[])
2020/07/05 17:33:38 [ERROR] attempt 2: [reverse_proxy] Obtain: [reverse_proxy] acme: error: 400 :: POST :: https://acme-staging-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for "reverse_proxy": Domain name contains an invalid character, url: - retrying in 2m0s (1m13.218004749s/720h0m0s elapsed)...
5. What I already tried:
Here’s where I may run into trouble. I tried so many things I can’t tell you exactly what they were. But here’s a sample:
:443
reverse_proxy mongoliad.gregandeva.net
:8123
reverse_proxy http://hassos.gregandeva.net:8123
That fails to validate:
2020/07/05 23:50:26.058 INFO using adjacent Caddyfile
validate: adapting config using caddyfile: Caddyfile:38: unrecognized directive: :8123
6. Links to relevant resources:
https://caddyserver.com/docs/caddyfile/directives/reverse_proxy
Thanks for any help.
–Greg
It should take you about 5 seconds to fix once you read it. Let me know how it goes.