1. Caddy version (caddy version
):
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=
2. How I run Caddy:
Caddy native
a. System environment:
Debian 10, systemd disabled, no Docker.
b. Command:
caddy run
c. Service/unit/compose file:
N/A
d. My complete Caddyfile or JSON config:
Frontend
# Global Option Block
{
# General Option
debug
}
# ACME Server
acme.roadrunner {
acme_server
tls internal
}
#
# Reverse proxy
#
bpass.intrafit.nl {
reverse_proxy https://caddytest.roadrunner
}
Backend
# Global Option Block
{
# General Option
debug
}
caddytest.roadrunner {
respond "Hello, this is your internal website @ 192.168.2.50"
tls {
ca https://acme.roadrunner/acme/local/directory
ca_root /root/root.crt
}
}
3. The problem I’m having:
When trying to access the backend through the frontend ie https://bpass.intrafit.nl, I get a blank page.
4. Error messages and/or full log output:
Frontend
root@RJ-CaddyTK ~# caddy run
2021/02/09 16:39:57.631 INFO using adjacent Caddyfile
2021/02/09 16:39:57.637 INFO admin admin endpoint started {“address”: “tcp/localhost:2019”, “enforce_origin”: false, “origins”: [“localhost:2019”, “[::1]:2019”, “127.0.0.1:2019”]}
2021/02/09 16:39:57.656 INFO tls.cache.maintenance started background certificate maintenance {“cache”: “0xc000229960”}
2021/02/09 16:39:57.683 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {“server_name”: “srv0”, “https_port”: 443}
2021/02/09 16:39:57.686 INFO http enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2021/02/09 16:39:57.777 INFO pki.ca.local root certificate is already trusted by system {“path”: “storage:pki/authorities/local/root.crt”}
2021/02/09 16:39:57.780 DEBUG http starting server loop {“address”: “[::]:443”, “http3”: false, “tls”: true}
2021/02/09 16:39:57.781 DEBUG http starting server loop {“address”: “[::]:80”, “http3”: false, “tls”: false}
2021/02/09 16:39:57.781 INFO http enabling automatic TLS certificate management {“domains”: [“bpass.intrafit.nl”, “acme.roadrunner”]}
2021/02/09 16:39:57.782 DEBUG tls loading managed certificate {“domain”: “bpass.intrafit.nl”, “expiration”: “2021/05/10 15:38:41.000”, “issuer_key”: “acme-v02.api.letsencrypt.org-directory”, “storage”: “FileStorage:/root/.local/share/caddy”}
2021/02/09 16:39:57.792 WARN tls stapling OCSP {“error”: “no OCSP stapling for [acme.roadrunner]: no OCSP server specified in certificate”}
2021/02/09 16:39:57.796 INFO autosaved config {“file”: “/root/.config/caddy/autosave.json”}
2021/02/09 16:39:57.797 INFO serving initial configuration
2021/02/09 16:39:57.791 INFO tls cleaned up storage units
Backend
root@RJ-Caddytest ~# caddy run
2021/02/09 16:39:33.577 INFO using adjacent Caddyfile
2021/02/09 16:39:33.583 INFO admin admin endpoint started {“address”: “tcp/localhost:2019”, “enforce_origin”: false, “origins”: [“localhost:2019”, “[::1]:2019”, “127.0.0.1:2019”]}
2021/02/09 16:39:33.587 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {“server_name”: “srv0”, “https_port”: 443}
2021/02/09 16:39:33.590 INFO http enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2021/02/09 16:39:33.591 DEBUG http starting server loop {“address”: “[::]:443”, “http3”: false, “tls”: true}
2021/02/09 16:39:33.593 DEBUG http starting server loop {“address”: “[::]:80”, “http3”: false, “tls”: false}
2021/02/09 16:39:33.595 INFO http enabling automatic TLS certificate management {“domains”: [“caddytest.roadrunner”]}
2021/02/09 16:39:33.593 INFO tls cleaned up storage units
2021/02/09 16:39:33.589 INFO tls.cache.maintenance started background certificate maintenance {“cache”: “0xc00022b810”}
2021/02/09 16:39:33.631 WARN tls stapling OCSP {“error”: “no OCSP stapling for [caddytest.roadrunner]: no OCSP server specified in certificate”}
2021/02/09 16:39:33.634 INFO autosaved config {“file”: “/root/.config/caddy/autosave.json”}
2021/02/09 16:39:33.635 INFO serving initial configuration
5. What I already tried:
I successfully tried to access the backend directly ie https://caddytest.roadrunner I do get proper a response, including the message that the CA is untrusted.
When I shut down the backend, I get a Page not working.
I tried several different Caddyfile setups, including the option
transport http {
tls_insecure_skip_verify
}
6. Links to relevant resources:
- List item