Problems migrating to V2

1. Caddy version (caddy version):2.0.0

2. How I run Caddy:

Caddy has historically been running V1 to retrieve LetsEncrypt certificates to provide HTTPS to servers behind a single IP. So, proxy server is the basica functionality I am trying to get working on V2

a. System environment:

debian Jessie, Systemd, running on a VM on the LAN that proxies traffic to HTTP only servers on the LAN. Caddy should retrieve LetsEncrypt certs for these web servers and secure them when exposed to the the WAN.

b. Command:

caddy run --watch

c. Service/unit/compose file:

sudo systemctl caddy stop/start

d. My complete Caddyfile or JSON config:

#V1 Config
southwind.mydomain.com {
     proxy / 192.168.1.4 {

      transparent
 }
 timeouts none
}

#V2 Config
localhost
reverse_proxy --from southwind.mydomain.com --to 192.168.1.4:80

3. The problem I’m having:

So I’m basically just trying to get reverse_proxy working in V2. Every guide is outdated, or piecemeal information, and\or for a different situation, so I’m not sure I’ve done this right, and to make things worse, my understanding of some of this stuff isn’t that great. But, so far it seems like it might be close to working. It appears as if my certificates from the previous server are interfering. I’ve read that caddy can self correct this in time.

4. Error messages and/or full log output:

Browser reports “ERR_SSL_PROTOCOL_ERROR” when attempting to access. “Caddy --watch” output shows:

2020/05/13 19:08:12.266 INFO using adjacent Caddyfile
2020/05/13 19:08:12.268 INFO admin admin endpoint started {“address”: “tcp/localhost:2019”, “enforce_origin”: false, “origins”: [“127.0.0.1:2019”, “localhost:2019”, “[::1]:2019”]}
2020/05/13 19:08:12.268 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {“server_name”: “srv0”, “https_port”: 443}
2020/05/13 19:08:12.268 INFO http enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2020/05/13 15:08:12 [INFO][cache:0xc0006d1c70] Started certificate maintenance routine
2020/05/13 19:08:12.283 INFO tls setting internal issuer for automation policy that has only internal subjects but no issuer configured {“subjects”: [“localhost”]}
2020/05/13 19:08:12.283 INFO tls cleaned up storage units
2020/05/13 19:08:12.352 INFO pki.ca.local root certificate is already trusted by system {“path”: “storage:pki/authorities/local/root.crt”}
2020/05/13 19:08:12.352 INFO http enabling automatic TLS certificate management {“domains”: [“localhost”]}
2020/05/13 15:08:12 [WARNING] Stapling OCSP: no OCSP stapling for [localhost]: no OCSP server specified in certificate
2020/05/13 19:08:12.353 INFO autosaved config {“file”: “/root/.config/caddy/autosave.json”}
2020/05/13 19:08:12.353 INFO serving initial configuration
2020/05/13 19:08:12.354 INFO watcher watching config file for changes {“config_file”: “Caddyfile”}

^C2020/05/13 19:08:32.374 INFO shutting down {“signal”: “SIGINT”}
2020/05/13 15:08:32 [INFO][cache:0xc0006d1c70] Stopped certificate maintenance routine
2020/05/13 19:08:32.375 INFO admin stopped previous server
2020/05/13 19:08:32.375 INFO shutdown done {“signal”: “SIGINT”}

5. What I already tried:

  1. After failing to build my own caddy\xcaddy on a micro version of Debian, I set out to upgrade my old server.
  2. Google and Forum searching. Tried various different examples as posted by previous posters without success. This current config seems to be the closest I’ve gotten to getting it working.

6. Links to relevant resources:

None come to mind this moment… thanks for any help.

Hey, this line below is invalid (correct me if i am wrong):

reverse_proxy --from southwind.mydomain.com --to 192.168.1.4:80

By the looks of it, you copied this command from the documentation and added it to your caddyfile: Reverse proxy quick-start — Caddy Documentation

That one is supposed to be ran in the command line, i think you meant to write your V2 conflig like this:

southwind.mydomain.com
reverse_proxy 192.168.1.4:80

Alternatively you can write it like this, which is similar to your V1 config:

southwind.mydomain.com {
    reverse_proxy 192.168.1.4:80 {}
}

NOTE: There is no need to add transparent as this is now the default for V2, you can read more about it here: Upgrading to Caddy 2 — Caddy Documentation

2 Likes

That’s the CLI command you tried to put in a Caddyfile!

Take another look at the documentation:

Edit: Ha @DaBultz you beat me to it :smile:

1 Like

Guys, thanks so much for the reply.

So at some point, I had something similar to your correct V2 Caddyfile… when I adjust the Caddyfile per your instructions I get.

#########
sudo caddy run --watch
2020/05/14 11:40:46.368 INFO using adjacent Caddyfile
run: adapting config using caddyfile: Caddyfile:18: unrecognized directive: southwind.mydomain.com

#########

So I tried other things… something still isn’t quite right…

Thanks!

Can you post your latest full Caddyfile that gives you this error?

Of course, and thanks…

###########CaddyfileV2###
localhost

southwind.mydomain.com {
reverse_proxy / 192.168.1.4 {}
}
###########

Here is the output of “caddy version”
###########
caddy@caddylanier:~$ caddy version
v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=
caddy@caddylanier:~$
###########

Thanks Again…

Do you want localhost or do you want southwind.mydomain.com?

You have two site labels there. If you want both, put them on the same line, separated by a comma. Otherwise, get rid of the other.

Also reverse_proxy / 192.168.1.4 {} is incorrect. In Caddy v2 path matchers are exact-match, meaning that would only proxy requests to / and not /somethingelse. Instead, just remove the /, which will imply a * matcher, i.e. match all requests. Also, remove {} on that line, it has no purpose unless you have additional options to specify (and you can’t close a block on the same line as you open it).

1 Like

That worked francis!

had to put :80 at the end of the 192.168.1.4 though… thanks so much for all the excellent assistance

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.