a wordpress docker listen at port 86
I wan cady to help me to solve the ssl issues.
Caddyfile
a. System environment:
ubuntu 18.04 x64
b. Command:
sudo caddy run
d. My complete Caddyfile or JSON config:
w.cowbay.org {
reverse_proxy localhost:86
}
3. The problem I’m having:
It does not work , and no error in console , the browser shows
SSL_ERROR_RX_RECORD_TOO_LONG
4. Error messages and/or full log output:
no error in console
2020-06-25 22:20:02 [chchang@ws ~]$ sudo caddy run
2020/06/25 14:20:06.348 INFO using adjacent Caddyfile
2020/06/25 14:20:06.354 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["127.0.0.1:2019", "localhost:2019", "[::1]:2019"]}
2020/06/25 14:20:06.357 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2020/06/25 14:20:06.357 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2020/06/25 14:20:06.362 INFO tls cleaned up storage units
2020/06/25 14:20:06.363 INFO http enabling automatic TLS certificate management {"domains": ["w.cowbay.org"]}
2020/06/25 22:20:06 [INFO][cache:0xc00045fd60] Started certificate maintenance routine
2020/06/25 14:20:06.389 INFO autosaved config {"file": "/home/chchang/.config/caddy/autosave.json"}
2020/06/25 14:20:06.390 INFO serving initial configuration
I just foloow the document in
it should be the most easy theme to use caddy , but I dont have any idea about what’s wrong with my config ???
The fact there is no error in the console at all makes me concerned that your browser is not actually talking to Caddy and you’re getting a SSL_ERROR_RX_RECORD_TOO_LONG from some other server.
You could try:
Double check that your domain name resolves to the IP address of your Caddy server
If you’re port forwarding from an external IP address to Caddy, make sure port forwards are correct and functioning
2020/06/26 05:54:20.211 INFO serving initial configuration
2020/06/26 13:54:24 http: TLS handshake error from 220.137.48.5:50691: no certificate available for '45.77.98.9'
and curl log
appleteki-Mac-mini:~ chchang$ curl -kIL w.cowbay.org
HTTP/1.1 308 Permanent Redirect
Connection: close
Location: https://w.cowbay.org/
Server: Caddy
Date: Fri, 26 Jun 2020 06:05:00 GMT
curl: (35) Unknown SSL protocol error in connection to w.cowbay.org:-9838
Your client (curl, I suppose, in this case) is not sending a ServerName value (SNI) in the TLS handshake. So Caddy doesn’t know which certificate to offer. I don’t know enough about how curl works, but it might have something to do with -k.
That usually happens when the browser expects TLS but gets plaintext HTTP in response.
-k is curl’s insecure_skip_verify analogue. It should still send SNI, I use -kiL / -kIL (skip verify, show headers, follow redirects) very frequently to get insight into what Caddy’s doing when debugging stuff.
curl -IL w.cowbay.org could also be used just to confirm that, though.
This site can’t be reachedw.cowbay.org took too long to respond.
建議做法:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_TIMED_OUT
Something odd is going on here. When I am faced with situations like these I just start trying to rule out issues by using the most simple use cases.
First… set up the most basic use case using Caddy to rule out basic DNS connectivity and ensure TLS is working.
I have set up a reverse proxy just recently and think your issue is more on getting requests to your server not Caddy causing an issue routing to the proxy.
Try this and post a link to a working https://w.cowbay.org page that just says “Hello world”