1. The problem I’m having:
I am trying to configure the reverse proxy for my https://nas.trescak.com to point to the admin url of my NAS which runs on https://192.168.1.200:5001
I have other services I would like configure that run on https ports as well.
2. Error messages and/or full log output:
This is the error from the log
Jan 15 20:38:10 tomi-beast caddy[2310]: {"level":"error","ts":1705311490.5540106,"logger":"http.log.error","msg":"tls: failed to verify certificate: x509: cannot validate certificate for 192.168.1.200 because it doesn't contain any IP SANs","request":{"remote_ip":"192.168.1.1","remote_port":"54956","client_ip":"192.168.1.1","proto":"HTTP/3.0","method":"GET","host":"nas.trescak.com","uri":"/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Cookie":[],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15"],"Accept-Language":["en-AU,en;q=0.9"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"],"Priority":["u=0, i"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"nas.trescak.com"}},"duration":0.003145431,"status":502,"err_id":"186cu44km","err_trace":"reverseproxy.statusError (reverseproxy.go:1267)"}
3. Caddy version:
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
4. How I installed and ran Caddy:
a. System environment:
Linux Ubuntu 20.x
b. Command:
Nothing, default install running from the caddy.service
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
jobiq.com.au, www.jobiq.com.au {
reverse_proxy :3020
}
credit.trescak.com {
reverse_proxy :3010
}
nas.trescak.com {
reverse_proxy https://192.168.1.200:5001
}
tel.trescak.com {
reverse_proxy :3030
}