ajfriesen
(Andrej Friesen)
January 4, 2022, 4:12pm
1
1. Caddy version (caddy version
):
latest caddy:2 docker image
2. How I run Caddy:
a. System environment:
Docker on ubuntu host
c. Service/unit/compose file:
version: '3'
services:
caddy:
image: caddy:2
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- $PWD/blog/Caddyfile:/etc/caddy/Caddyfile
- caddy-data:/data
networks:
- docker-network
ghost:
image: ghost:4
restart: always
environment:
# see https://ghost.org/docs/config/#configuration-options
database__client: mysql
database__connection__host: db
database__connection__database: ghost
database__connection__user: ghost
database__connection__password: "${MYSQL_PASSWORD}"
# this url value is just an example, and is likely wrong for your environment!
url: https://www.ajfriesen.com
mail__transport: "${MAIL_TRANSPORT}"
mail__options__host: "${MAIL_HOST}"
mail__options__port: "${MAIL_PORT}"
mail__options__secureConnection: "${MAIL_SECURE_CONNECTION}"
mail__options__auth__user: "${MAIL_USER}"
mail__options__auth__pass: "${MAIL_PASSWORD}"
[...]
d. My complete Caddyfile or JSON config:
{
# Global options block. Entirely optional, https is on by default
# Optional email key for lets encrypt
email my-mail
# Optional staging lets encrypt for testing. Comment out for production.
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
www.ajfriesen.com {
reverse_proxy ghost:2368
}
ajfriesen.com {
redir https://www.ajfriesen.com{uri}
}
www.andrej-friesen.com {
redir https://www.ajfriesen.com{uri}
}
3. The problem I’m having:
I am running a blog on my domain without any issues regarding caddy on www.ajfriesen.com
Now I wanted to add another domain I own www.andrej-friesen.com
I created a CNAME from www.andrej-friesen.com to ajfriesen.com but can not reach my site with that domain.
ping ajfriesen.com
PING ajfriesen.com (116.203.153.211) 56(84) bytes of data.
PING www.ajfriesen.com (116.203.153.211) 56(84) bytes of data.
64 bytes from static.211.153.203.116.clients.your-server.de (116.203.153.211): icmp_seq=1 ttl=52 time=19.1 ms
PING ajfriesen.com (116.203.153.211) 56(84) bytes of data.
64 bytes from static.211.153.203.116.clients.your-server.de (116.203.153.211): icmp_seq=1 ttl=52 time=18.6 ms
curl -v www.andrej-friesen.com
* Trying 116.203.153.211:80...
* TCP_NODELAY set
* Connected to www.andrej-friesen.com (116.203.153.211) port 80 (#0)
> GET / HTTP/1.1
> Host: www.andrej-friesen.com
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://www.andrej-friesen.com/
< Server: Caddy
< Date: Tue, 04 Jan 2022 15:59:35 GMT
< Content-Length: 0
<
* Closing connection 0
4. Error messages and/or full log output:
5. What I already tried:
6. Links to relevant resources:
matt
(Matt Holt)
January 4, 2022, 4:14pm
2
That seems to be working fine, Caddy is responding to your requests. What is the problem exactly?
ajfriesen
(Andrej Friesen)
January 4, 2022, 4:30pm
3
Sorry, thought it was obvious
The blog is not available via www.andrej-friesen.com but is fine on www.ajfriesen.com
Are you certain you’re using the latest version?
Run docker-compose exec caddy caddy version
to see the actual version number. Latest is v2.4.6
currently.
Are you sure you reloaded Caddy after making config changes? It seems like the server doesn’t have a certificate for www.andrej-friesen.com
.
You can perform a graceful config reload by running docker-compose exec -w /etc/caddy caddy caddy reload
Check the container logs with docker-compose logs caddy
, and make sure the logs show that Caddy loaded with the domain www.andrej-friesen.com
listed in the log with the message "enabling automatic TLS certificate management"
2 Likes
matt
(Matt Holt)
January 4, 2022, 4:46pm
5
What do you mean by “not available” though? What indicates that? (You left numbers 4, 5, and 6 empty in the help template.) As far as I can tell everything is working fine. What happens when you follow the redirect?
ajfriesen
(Andrej Friesen)
January 4, 2022, 5:06pm
6
francislavoie:
Are you sure you reloaded Caddy after making config changes? It seems like the server doesn’t have a certificate for www.andrej-friesen.com
.
You can perform a graceful config reload by running docker-compose exec -w /etc/caddy caddy caddy reload
Check the container logs with docker-compose logs caddy
, and make sure the logs show that Caddy loaded with the domain www.andrej-friesen.com
listed in the log with the message "enabling automatic TLS certificate management"
I am managing the docker-compose files via ansible and was assuming that a change will restart the container. I could have sworn I had done that already because I added and removed domains over the last few months there.
My mistake, it does not do that automatically. Nothing caddy-related.
matt:
What do you mean by “not available” though? What indicates that? (You left numbers 4, 5, and 6 empty in the help template.) As far as I can tell everything is working fine. What happens when you follow the redirect?
When I followed www.andrej-friesen.com
I got Chrome saying ERR_SSLPROTOCOL_ERROR
and not showing my blog.
That is what I mean by “redirect does not work”.
Now the reload is done everything works as expected.
So I got the config right in the first place but was fooled by my assumption of the autoreload for my ansible:
- name: "Create docker network"
docker_network:
name: "docker-network"
- name: Sync blog
ansible.posix.synchronize:
src: blog/
dest: /home/andrej/blog
- name: Create and start docker services
community.docker.docker_compose:
project_src: /home/andrej/blog
state: present
restarted: yes # <------ Was missing this.
Again nothing caddy-related.
Mea Culpa!
2 Likes
matt
(Matt Holt)
January 4, 2022, 5:07pm
7
Excellent, thanks for the follow-up! Glad you figured it out.
1 Like
system
(system)
Closed
February 3, 2022, 4:13pm
8
This topic was automatically closed after 30 days. New replies are no longer allowed.