1. Caddy version (caddy version
):2.0.0
2. How I run Caddy:
Caddy has historically been running V1 to retrieve LetsEncrypt certificates to provide HTTPS to servers behind a single IP. So, proxy server is the basica functionality I am trying to get working on V2
a. System environment:
debian Jessie, Systemd, running on a VM on the LAN that proxies traffic to HTTP only servers on the LAN. Caddy should retrieve LetsEncrypt certs for these web servers and secure them when exposed to the the WAN.
b. Command:
caddy run --watch
c. Service/unit/compose file:
sudo systemctl caddy stop/start
d. My complete Caddyfile or JSON config:
#V1 Config
southwind.mydomain.com {
proxy / 192.168.1.4 {
transparent
}
timeouts none
}
#V2 Config
localhost
reverse_proxy --from southwind.mydomain.com --to 192.168.1.4:80
3. The problem I’m having:
So I’m basically just trying to get reverse_proxy working in V2. Every guide is outdated, or piecemeal information, and\or for a different situation, so I’m not sure I’ve done this right, and to make things worse, my understanding of some of this stuff isn’t that great. But, so far it seems like it might be close to working. It appears as if my certificates from the previous server are interfering. I’ve read that caddy can self correct this in time.
4. Error messages and/or full log output:
Browser reports “ERR_SSL_PROTOCOL_ERROR” when attempting to access. “Caddy --watch” output shows:
…
2020/05/13 19:08:12.266 INFO using adjacent Caddyfile
2020/05/13 19:08:12.268 INFO admin admin endpoint started {“address”: “tcp/localhost:2019”, “enforce_origin”: false, “origins”: [“127.0.0.1:2019”, “localhost:2019”, “[::1]:2019”]}
2020/05/13 19:08:12.268 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {“server_name”: “srv0”, “https_port”: 443}
2020/05/13 19:08:12.268 INFO http enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2020/05/13 15:08:12 [INFO][cache:0xc0006d1c70] Started certificate maintenance routine
2020/05/13 19:08:12.283 INFO tls setting internal issuer for automation policy that has only internal subjects but no issuer configured {“subjects”: [“localhost”]}
2020/05/13 19:08:12.283 INFO tls cleaned up storage units
2020/05/13 19:08:12.352 INFO pki.ca.local root certificate is already trusted by system {“path”: “storage:pki/authorities/local/root.crt”}
2020/05/13 19:08:12.352 INFO http enabling automatic TLS certificate management {“domains”: [“localhost”]}
2020/05/13 15:08:12 [WARNING] Stapling OCSP: no OCSP stapling for [localhost]: no OCSP server specified in certificate
2020/05/13 19:08:12.353 INFO autosaved config {“file”: “/root/.config/caddy/autosave.json”}
2020/05/13 19:08:12.353 INFO serving initial configuration
2020/05/13 19:08:12.354 INFO watcher watching config file for changes {“config_file”: “Caddyfile”}
^C2020/05/13 19:08:32.374 INFO shutting down {“signal”: “SIGINT”}
2020/05/13 15:08:32 [INFO][cache:0xc0006d1c70] Stopped certificate maintenance routine
2020/05/13 19:08:32.375 INFO admin stopped previous server
2020/05/13 19:08:32.375 INFO shutdown done {“signal”: “SIGINT”}
…
5. What I already tried:
- After failing to build my own caddy\xcaddy on a micro version of Debian, I set out to upgrade my old server.
- Google and Forum searching. Tried various different examples as posted by previous posters without success. This current config seems to be the closest I’ve gotten to getting it working.
6. Links to relevant resources:
None come to mind this moment… thanks for any help.