That’s it – the described docker-compose.yml file + caddyfile is all i have running. no other docker containers are running. I’m not excluding anything from my files as I’ve posted them and will post another example below.
Are you browsing directly to 172.19.0.3?
I’m not going to 172.19.0.3, In my address bar I’m typing:
https://192.168.1.200:9999
With the following caddyfile + d-c.yml
>>>docker-compose.yml
version: '3'
services:
caddy:
image: caddy:latest
volumes:
- /home/me/Documents/bitwarden/Caddyfile:/etc/caddy/Caddyfile
- /home/me/Documents/bitwarden/caddy-data:/data
- /home/me/Documents/bitwarden/caddy-config:/config
ports:
- 9999:9999
crcc:
image: crccheck/hello-world
restart: unless-stopped
<<<
>>> Caddyfile
https://192.168.1.200:9999 {
reverse_proxy crcc:8000
}
<<<
If I access the website 3 times from chrome at https://192.168.1.200:9999/
I see the error: ERR_SSL_PROTOCOL_ERROR
and cannot access the service each time and I see the logs:
{"level":"info","ts":1589255900.1151738,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1589255900.1204681,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1589255900.1206877,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
2020/05/12 03:58:20 [INFO][cache:0xc0007a0500] Started certificate maintenance routine
{"level":"info","ts":1589255900.1297123,"logger":"tls","msg":"setting internal issuer for automation policy that has only internal subjects but no issuer configured","subjects":["192.168.1.200"]}
{"level":"warn","ts":1589255900.1674604,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
2020/05/12 03:58:20 Warning: "certutil" is not available, install "certutil" with "apt install libnss3-tools" or "yum install nss-tools" and try again
2020/05/12 03:58:20 define JAVA_HOME environment variable to use the Java trust
2020/05/12 03:58:20 certificate installed properly in linux trusts
{"level":"info","ts":1589255900.2134988,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["192.168.1.200"]}
{"level":"info","ts":1589255900.213643,"logger":"tls","msg":"cleaned up storage units"}
{"level":"info","ts":1589255900.2137372,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1589255900.2137475,"msg":"serving initial configuration"}
2020/05/12 03:58:20 [INFO][192.168.1.200] Obtain certificate; acquiring lock...
2020/05/12 03:58:20 [INFO][192.168.1.200] Obtain: Lock acquired; proceeding...
2020/05/12 03:58:20 [INFO][192.168.1.200] Certificate obtained successfully
2020/05/12 03:58:20 [INFO][192.168.1.200] Obtain: Releasing lock
2020/05/12 03:58:20 [WARNING] Stapling OCSP: no OCSP stapling for [192.168.1.200]: no OCSP server specified in certificate
2020/05/12 03:58:26 http: TLS handshake error from 192.168.1.200:39010: no certificate available for '172.19.0.4'
2020/05/12 03:58:27 http: TLS handshake error from 192.168.1.200:39014: no certificate available for '172.19.0.4'
2020/05/12 03:59:15 http: TLS handshake error from 192.168.1.200:39018: no certificate available for '172.19.0.4'
If I THEN alter the Caddyfile
ONLY and make it look like:
>>> Caddyfile
https://192.168.1.200:9999 172.19.0.4 {
reverse_proxy crcc:8000
}
rebuild the containers with:
sudo rm -rf caddy-config/caddy caddy-data/caddy && docker-compose up -d --force-recreate
then I ERR_CERT_AUTHORITY_INVALID
but can access the webpage anyway via chrome (again i’m visiting https://192.168.1.200:9999
) and CAN access the webpage/see the whale saying hello-world
my logs after loading that page 3 times are:
{"level":"info","ts":1589256146.1785617,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1589256146.2017343,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1589256146.2019217,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1589256146.2019448,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv1","https_port":443}
{"level":"info","ts":1589256146.2019558,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv1"}
2020/05/12 04:02:26 [INFO][cache:0xc000820190] Started certificate maintenance routine
{"level":"info","ts":1589256146.2127438,"logger":"tls","msg":"setting internal issuer for automation policy that has only internal subjects but no issuer configured","subjects":["172.19.0.4","192.168.1.200"]}
{"level":"info","ts":1589256146.2130857,"logger":"tls","msg":"cleaned up storage units"}
{"level":"warn","ts":1589256146.2562604,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
2020/05/12 04:02:26 Warning: "certutil" is not available, install "certutil" with "apt install libnss3-tools" or "yum install nss-tools" and try again
2020/05/12 04:02:26 define JAVA_HOME environment variable to use the Java trust
2020/05/12 04:02:26 certificate installed properly in linux trusts
{"level":"info","ts":1589256146.2857757,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["172.19.0.4","192.168.1.200"]}
{"level":"info","ts":1589256146.2859979,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1589256146.2860198,"msg":"serving initial configuration"}
2020/05/12 04:02:26 [INFO][192.168.1.200] Obtain certificate; acquiring lock...
2020/05/12 04:02:26 [INFO][172.19.0.4] Obtain certificate; acquiring lock...
2020/05/12 04:02:26 [INFO][192.168.1.200] Obtain: Lock acquired; proceeding...
2020/05/12 04:02:26 [INFO][172.19.0.4] Obtain: Lock acquired; proceeding...
2020/05/12 04:02:26 [INFO][192.168.1.200] Certificate obtained successfully
2020/05/12 04:02:26 [INFO][192.168.1.200] Obtain: Releasing lock
2020/05/12 04:02:26 [INFO][172.19.0.4] Certificate obtained successfully
2020/05/12 04:02:26 [INFO][172.19.0.4] Obtain: Releasing lock
2020/05/12 04:02:26 [WARNING] Stapling OCSP: no OCSP stapling for [192.168.1.200]: no OCSP server specified in certificate
2020/05/12 04:02:26 [WARNING] Stapling OCSP: no OCSP stapling for [172.19.0.4]: no OCSP server specified in certificate
2020/05/12 04:03:26 http: TLS handshake error from 192.168.1.200:39088: remote error: tls: unknown certificate
2020/05/12 04:03:26 http: TLS handshake error from 192.168.1.200:39092: remote error: tls: unknown certificate
2020/05/12 04:03:34 http: TLS handshake error from 192.168.1.200:39094: remote error: tls: unknown certificate
edit: in this case I’m accessing it from chrome directly on the server computer (192.168.1.200)