Reverse_Proxy-Valid Certs not found for Proxmox

1. The problem I’m having: caddy reverse proxy does not provide https to proxmox.

caddy is running in lxc debian12 container on proxmox 8. Caddy was built using xcaddy with cloudflare DNS plugin, I have not installed a systemd service.

How do I get Proxmox at either 192.168.1.145 or pve.domain.name to find the acme certs?

There are acme-v02 letsencrypt certs in ~/.locale/share/caddy/certificates/
I do not know what I am missing.
Is there something i need at cloudflare or proxmox?

Is there more needed in the Caddyfile?

caddy run seems to work with only 1 warning, "tls cleaning happened too recently; skipping for now.

2. Error messages and/or full log output:

root@caddy2-db12:/etc/caddy# caddy run
2024/02/16 15:21:12.431 INFO    using adjacent Caddyfile
2024/02/16 15:21:12.433 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/02/16 15:21:12.433 INFO    http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2024/02/16 15:21:12.433 INFO    http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2024/02/16 15:21:12.433 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc0000b6280"}
2024/02/16 15:21:12.433 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2024/02/16 15:21:12.434 INFO    failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details.
2024/02/16 15:21:12.434 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/02/16 15:21:12.434 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/02/16 15:21:12.434 INFO    http    enabling automatic TLS certificate management   {"domains": ["*.lkwz.xyz"]}
2024/02/16 15:21:12.434 INFO    autosaved config (load with --resume flag)      {"file": "/root/.config/caddy/autosave.json"}
2024/02/16 15:21:12.434 INFO    serving initial configuration
2024/02/16 15:21:12.434 WARN    tls     storage cleaning happened too recently; skipping for now        {"storage": "FileStorage:/root/.local/share/caddy", "instance": "2f77a644-266d-41e6-b963-317ec249d2a6", "try_again": "2024/02/17 15:21:12.434", "try_again_in": 86399.999999729}
2024/02/16 15:21:12.435 INFO    tls     finished cleaning storage units

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

Installed Go (ref go.dev/doc/install)
Installed xcaddy (ref GitHub - caddyserver/xcaddy: Build Caddy with plugins
xcaddy build --with GitHub - caddy-dns/cloudflare: Caddy module: dns.providers.cloudflare
created a caddy usr

a. System environment:

debian 12 lxv on proxmox 8

b. Command:

caddy run ( there is no systemd service)

c. Service/unit/compose file:

na for now

d. My complete Caddy config:

*lkwz.xyz {
        reverse_proxy 127.0.0.1:8006

        tls {
                dns cloudflare p0luODFJEn5u99FbrIBYBMZvt2CKuIe4KrgSqNCv
        }
}

5. Links to relevant resources:

I hope that’s not your real API key. You should not post that publicly, it must remain secret.

If it is your real API key, you need to revoke it right away and generate a new one, otherwise someone can take control of your DNS.

What do you mean by “find”? What are you trying to do exactly?

Yep, that’s harmless. No errors. That warning is just saying “I already did cleaning in the past 24 hours so I don’t need to do it again right now”.

What am I trying to accomplish? two things.
1 get the HTTPS (valid certs) for proxmox, wordpress, and others on my local network;
2. be able to access them using domain names vice ip:ports addresses.

I am at a point that I do not know how or where to troubleshoot. I finally got a reverse proxy to run, but it appears promox does not use it.
thanks- I rolled the api key…

Just have Caddy proxy to those services. The certs and keys shouldn’t leave Caddy.

Is the caddy file that I have shown acceptable for a reverse proxy? What do I need to change? I changed the ip shown to be the ip:port of proxmox.
With Caddy run running. I still get the not secure/invalid cert message.

Please show evidence of the problem. Show an example request with curl -v. Enable the debug global option and show your Caddy logs.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.