1. Caddy version:
$ caddy version
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I installed, and run Caddy:
a. System environment:
$ cat /etc/centos-release
CentOS Linux release 7.9.2009 (Core)
b. Command:
$ caddy run --environ --config /etc/caddy/Caddyfil
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=proxy
Group=proxy
ExecStart=/usr/local/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
{
servers {
protocols h1 h2 h3
}
log {
output file /var/log/caddy/caddy.log
level INFO
}
}
my.smartpns.one {
tls /etc/caddy/pns.crt /etc/caddy/pns.key
reverse_proxy https://test.smartpns.one {
#transport http {
# tls
# tls_insecure_skip_verify
# read_buffer 8192
#}
header_up Host {upstream_hostport}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
}
header /* {
-Server
}
log {
output file /var/log/caddy/http.log {
roll_local_time
}
level INFO
format console {
time_format rfc3339
time_local
}
}
}
3. The problem I’m having:
C:\Users\Administrator>curl -vL https://my.smartpns.one
* Trying 219.139.73.98:443...
* Connected to my.smartpns.one (219.139.73.98) port 443 (#0)
* schannel: disabled automatic use of client certificate
* ALPN: offers http/1.1
* ALPN: server accepted http/1.1
> GET / HTTP/1.1
> Host: my.smartpns.one
> User-Agent: curl/7.83.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 502 Bad Gateway
< Alt-Svc: h3=":443"; ma=2592000
< Server: Caddy
< Date: Tue, 24 Jan 2023 08:12:10 GMT
< Content-Length: 0
<
* Connection #0 to host my.smartpns.pne left intact
4. Error messages and/or full log output:
$ tail -f /var/log/caddy/caddy.log
{"level":"info","ts":1674547860.5913746,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/home/proxy/.local/share/caddy"}
{"level":"info","ts":1674547860.5914052,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1674547860.5919294,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1674547860.59198,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1674547860.592036,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
{"level":"info","ts":1674547860.5920794,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1674547860.592302,"msg":"autosaved config (load with --resume flag)","file":"/home/proxy/.config/caddy/autosave.json"}
{"level":"info","ts":1674547860.5923667,"msg":"serving initial configuration"}
{"level":"error","ts":1674547925.3170397,"logger":"http.log.error.log1","msg":"x509: certificate signed by unknown authority","request":{"remote_ip":"20.43.84.40","remote_port":"31056","proto":"HTTP/1.1","method":"GET","host":"my.smartpns.one","uri":"/","headers":{"User-Agent":["curl/7.83.1"],"Accept":["*/*"]},"tls":{"resumed":false,"version":771,"cipher_suite":49199,"proto":"http/1.1","server_name":"my.smartpns.one"}},"duration":0.003351671,"status":502,"err_id":"9i70z92fz","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
5. What I already tried:
I tried to use the configuration:
transport http {
tls
tls_insecure_skip_verify
read_buffer 8192
}
But when I visit the site, I get this error:
Client sent an HTTP request to an HTTPS server.