1. Caddy version (caddy version
): 2.1.1
2. How I run Caddy:
In a docker container
a. System environment:
b. Command:
docker-compose up -d
c. Service/unit/compose file:
docker-compose.yml:
version: "3.7"
networks:
default:
ipam:
driver: default
config:
- subnet: 172.29.24.0/24
services:
caddy:
container_name: caddy
image: caddy:latest
restart: unless-stopped
ports:
- "80:80"
- "443:443"
networks:
default:
ipv4_address: 172.29.24.2
volumes:
- $PWD/caddyfile:/etc/caddy
- $PWD/site:/srv
- $PWD/caddy_data:/data
- $PWD/caddy_config:/config
volumes:
caddy_data:
caddy_config:
d. My complete Caddyfile or JSON config:
web.mysite.com
reverse_proxy https://192.168.1.5:9443
3. The problem I’m having:
Trying to connect to https://web.mysite.com gives an error. If the Caddy file points to the http version of the Upstream (reverse_proxy http://192.168.1.5:8080), everything is fine (but presumably not encrypted between Caddy and the web server).
9443 & 8080 are the ports for the web server.
4. Error messages and/or full log output:
{“level”:“error”,“ts”:1606926250.202709,“logger”:“http.log.error”,“msg”:“x509: cannot validate certificate for 192.168.1.5 because it doesn’t contain any IP SANs”,“request”:{“remote_addr”:“192.168.1.1:53972”,“proto”:“HTTP/1.1”,“method”:“GET”,“host”:“web.crach.site”,“uri”:"/",“headers”:{“Accept”:["/"],“User-Agent”:[“curl/7.43.0”]},“tls”:{“resumed”:false,“version”:771,“cipher_suite”:49196,“proto”:“http/1.1”,“proto_mutual”:true,“server_name”:“web.mysite.com”}},“duration”:0.125343725,“status”:502,“err_id”:“6ue14i83n”,“err_trace”:“reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:441)”}