1. Caddy version (caddy version
):
v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=
2. How I run Caddy:
a. System environment:
$ uname -a
Linux ip-172-31-31-101 5.4.0-1045-aws #47-Ubuntu SMP Tue Apr 13 07:04:23 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux
$docker version
Client: Docker Engine - Community
Version: 20.10.7
API version: 1.41
Go version: go1.13.15
Git commit: f0df350
Built: Wed Jun 2 11:57:03 2021
OS/Arch: linux/arm64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.7
API version: 1.41 (minimum version 1.12)
Go version: go1.13.15
Git commit: b0f5bc3
Built: Wed Jun 2 11:55:14 2021
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.4.6
GitCommit: d71fcd7d8303cbf684402823e425e9dd2e99285d
runc:
Version: 1.0.0-rc95
GitCommit: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
docker-init:
Version: 0.19.0
GitCommit: de40ad0
b. Command:
export DOMAIN=$(curl http://169.254.169.254/latest/meta-data/public-hostname)
export IP=$(curl http://169.254.169.254/latest/meta-data/public-ipv4)
docker run --rm -e DOMAIN -e IP --name caddy -d -p 80:80 -p 443:443 \
-v /home/ubuntu/Caddyfile:/etc/caddy/Caddyfile \
-v /srv:/srv -v caddy_data:/data \
-v caddy_config:/config caddy
c. Service/unit/compose file:
None
d. My complete Caddyfile or JSON config:
{$DOMAIN} {
root * /srv
file_server browse
}
# Avoid invalid SSL errors.
{$IP}:80 {
redir https://{$DOMAIN}
}
3. The problem I’m having:
I have EC2 instance running on AWS. There is an public IP and public DNS assigned with it. I want to call it from any combination without errors. What does work:
curl DNS
curl http://IP
with both being redirected to https://DNS. However, when I call curl -v https://IP
then I get an TLS error.
☺ curl -v 13.57.16.173
* Trying 13.57.16.173...
* TCP_NODELAY set
* Connected to 13.57.16.173 (13.57.16.173) port 80 (#0)
> GET / HTTP/1.1
> Host: 13.57.16.173
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 302 Found
< Location: https://ec2-13-57-16-173.us-west-1.compute.amazonaws.com
< Server: Caddy
< Date: Sat, 17 Jul 2021 17:30:21 GMT
< Content-Length: 0
<
* Connection #0 to host 13.57.16.173 left intact
* Closing connection 0
~/Developer/projects/openremote/openremote
☺ curl -v https://13.57.16.173
* Trying 13.57.16.173...
* TCP_NODELAY set
* Connected to 13.57.16.173 (13.57.16.173) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS alert, internal error (592):
* error:14004438:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:14004438:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert internal error
Ideally I would like to have the same response for both, i.e. redirection to https://DNS
. Is it possible?
4. Error messages and/or full log output:
curl: (35) error:14004438:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert internal error
5. What I already tried:
I’ve already tried different redirect configurations in Caddyfile, and the one I’ve showed above works the best. The only combination which gives errors is curl https://IP
. The problem is that exactly this call is embedded in AWS EC2 web console. Therefore, anyone which click it will bump in this SSL error, bad user experience.