1. Caddy version (caddy version
): 2.1.1
2. How I run Caddy:
Caddy is running as a service inside a docker-compose setup of two containers.
a. System environment:
Docker Container group on the Azure Cloud
b. Command:
This is the command to get the containers created from the yaml file below:
az container create --resource-group resGrpName --name caddyContainerGroup --ports 443 80 8080 8181 4848 --file ./dockerfiles/docker-compose_azure.yml
c. Service/unit/compose file:
this is the yaml file i am using for the Azure service to create the containers:
The dash container contains a payara app server application listening on port 8181.
location: someLocation
name: caddyContainerGroup
properties:
containers:
- name: caddy
properties:
image: registry_blurred.io/caddy:latest
resources:
requests:
cpu: 1
memoryInGb: 0.5
ports:
- port: 80
- port: 443
- name: dash
properties:
image: registry_blurred.io/dashboard:latest
resources:
requests:
cpu: 2
memoryInGb: 2
ports:
- port: 8080
- port: 8181
osType: Linux
ipAddress:
type: Public
ports:
- protocol: tcp
port: 80
- protocol: tcp
port: 8080
- protocol: tcp
port: 443
- protocol: tcp
port: 8181
dnsNameLabel: caddydash
imageRegistryCredentials:
- server: registry_blurred.io
username: name
password: pwd
After this command is executed, both Services are up and running:
I can access the Dashboard app on port 8181 directly with no issues.
d. My complete Caddyfile or JSON config:
I tried this with 2 different files:
First one where I thought that docker is resolving the name of Dash:
caddydash.someRegion.azurecontainer.io:443 {
reverse_proxy dash:8181
}
Second one where I went for the fully qualified name:
caddydash.someRegion.azurecontainer.io:443 {
reverse_proxy caddydash.someRegion.azurecontainer.io:8181
}
3. The problem I’m having:
the revers-proxying from the caddy to dash container is not working. Caddy throws the error(s) listed below when using the 2 different Caddyfiles:
4. Error messages and/or full log output:
Error 1 when trying to resolve container by docker service name (“dash”):
{“level”:“error”,“ts”:1606293917.5539818,“logger”:“http.log.error”,“msg”:“dial tcp: lookup dash on 168.63.129.16:53: no such host”,“request”:{“method”:“GET”,“uri”:"/login.xhtml",“proto”:“HTTP/2.0”,“remote_addr”:“10.240.255.55:33293”,“host”:“caddydash.someRegion.azurecontainer.io”,“headers”:{“Upgrade-Insecure-Requests”:[“1”],“User-Agent”:[“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”],“Cookie”:[“JSESSIONID=e81c327c2a9dbfe3fe5fc6437868”],“Cache-Control”:[“max-age=0”],“Sec-Fetch-Site”:[“cross-site”],“Sec-Fetch-Mode”:[“navigate”],“Sec-Fetch-User”:["?1"],“Sec-Fetch-Dest”:[“document”],“Accept-Encoding”:[“gzip, deflate, br”],“Accept-Language”:[“de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7”]},“tls”:{“resumed”:false,“version”:772,“ciphersuite”:4865,“proto”:“h2”,“proto_mutual”:true,“server_name”:“caddydash.someRegion.azurecontainer.io”}},“duration”:0.034422681,“status”:502,“err_id”:“k8251dk35”,“err_trace”:“reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:411)”}
Error 2 when trying to resolve container by FQDN (“caddydash.someRegion.azurecontainer.io”):
{“level”:“error”,“ts”:1606295980.588889,“logger”:“http.log.error”,“msg”:“EOF”,“request”:{“method”:“GET”,“uri”:"/login.xhtml",“proto”:“HTTP/2.0”,“remote_addr”:“10.240.255.56:33368”,“host”:“caddydash.someRegion.azurecontainer.io”,“headers”:{“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”],“Sec-Fetch-Site”:[“none”],“Upgrade-Insecure-Requests”:[“1”],“User-Agent”:[“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36”],“Sec-Fetch-Mode”:[“navigate”],“Sec-Fetch-User”:["?1"],“Sec-Fetch-Dest”:[“document”],“Accept-Encoding”:[“gzip, deflate, br”],“Accept-Language”:[“de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7”],“Cookie”:[“JSESSIONID=e81c327c2a9dbfe3fe5fc6437868”],“Cache-Control”:[“max-age=0”]},“tls”:{“resumed”:false,“version”:772,“ciphersuite”:4865,“proto”:“h2”,“proto_mutual”:true,“server_name”:“caddydash.someRegion.azurecontainer.io”}},“duration”:0.020348627,“status”:502,“err_id”:“yuipi2krx”,“err_trace”:“reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:411)”}
And also, the caddy log contains a lot of other, strange things…
#1: Lots of these TLS handshake errors:
2020/11/25 08:53:26 http: TLS handshake error from 10.240.255.55:58240: EOF
2020/11/25 08:53:32 http: TLS handshake error from 10.240.255.55:58332: EOF
2020/11/25 08:53:38 http: TLS handshake error from 10.240.255.55:58427: EOF
2020/11/25 08:53:44 http: TLS handshake error from 10.240.255.55:58517: EOF
2020/11/25 08:53:50 http: TLS handshake error from 10.240.255.55:58601: EOF
2020/11/25 08:53:56 http: TLS handshake error from 10.240.255.55:58691: EOF
2020/11/25 08:54:02 http: TLS handshake error from 10.240.255.55:58785: EOF
2020/11/25 08:54:08 http: TLS handshake error from 10.240.255.55:58873: EOF
2020/11/25 08:54:14 http: TLS handshake error from 10.240.255.55:58960: EOF
2020/11/25 08:54:20 http: TLS handshake error from 10.240.255.55:59068: EOF
2020/11/25 08:54:26 http: TLS handshake error from 10.240.255.55:59171: EOF
2020/11/25 08:54:32 http: TLS handshake error from 10.240.255.55:59288: EOF
2020/11/25 08:54:38 http: TLS handshake error from 10.240.255.55:59382: EOF
2020/11/25 08:54:44 http: TLS handshake error from 10.240.255.55:59462: EOF
2020/11/25 08:54:50 http: TLS handshake error from 10.240.255.55:59564: EOF
2020/11/25 08:54:56 http: TLS handshake error from 10.240.255.55:59664: EOF
2020/11/25 08:55:02 http: TLS handshake error from 10.240.255.55:59752: EOF
2020/11/25 08:55:08 http: TLS handshake error from 10.240.255.55:59831: EOF
#2: Errors for unresolved requests that I did not make:
{“level”:“error”,“ts”:1606294510.916728,“logger”:“http.log.error”,“msg”:“dial tcp: lookup dash on 168.63.129.16:53: no such host”,“request”:{“method”:“GET”,“uri”:"/",“proto”:“HTTP/2.0”,“remote_addr”:“10.240.255.55:40712”,“host”:“caddydash.someRegion.azurecontainer.io”,“headers”:{“Sec-Fetch-Site”:[“none”],“Accept-Encoding”:[“gzip, deflate, br”],“Pragma”:[“no-cache”],“Cache-Control”:[“no-cache”],“Upgrade-Insecure-Requests”:[“1”],“User-Agent”:[“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.71 Safari/537.36”],“Accept-Language”:[“en-US,en;q=0.9”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3”]},“tls”:{“resumed”:false,“version”:772,“ciphersuite”:4865,“proto”:“h2”,“proto_mutual”:true,“server_name”:“caddydash.someRegion.azurecontainer.io”}},“duration”:0.021471156,“status”:502,“err_id”:“y1h09z9tt”,“err_trace”:“reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:411)”}
#3: One or more domains has an issue, not sure what it is:
{“level”:“info”,“ts”:1606295805.2672303,“msg”:“using provided configuration”,“config_file”:"/etc/caddy/Caddyfile",“config_adapter”:“caddyfile”}
{“level”:“info”,“ts”:1606295805.2685502,“logger”:“admin”,“msg”:“admin endpoint started”,“address”:“tcp/localhost:2019”,“enforce_origin”:false,“origins”:[“localhost:2019”,"[::1]:2019",“127.0.0.1:2019”]}
{“level”:“info”,“ts”:1606295805.2686732,“logger”:“http”,“msg”:“server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS”,“server_name”:“srv0”,“https_port”:443}
{“level”:“info”,“ts”:1606295805.2686977,“logger”:“http”,“msg”:“enabling automatic HTTP->HTTPS redirects”,“server_name”:“srv0”}
2020/11/25 09:16:45 [INFO][cache:0xc0001877a0] Started certificate maintenance routine
{“level”:“info”,“ts”:1606295805.2688997,“logger”:“http”,“msg”:“enabling automatic TLS certificate management”,“domains”:[“caddydash.westeurope.azurecontainer.io”]}
{“level”:“info”,“ts”:1606295805.268985,“logger”:“tls”,“msg”:“cleaned up storage units”}
{“level”:“info”,“ts”:1606295805.26906,“msg”:“autosaved config”,“file”:"/config/caddy/autosave.json"}
{“level”:“info”,“ts”:1606295805.2690742,“msg”:“serving initial configuration”}
2020/11/25 09:16:45 [INFO][caddydash.westeurope.azurecontainer.io] Obtain certificate; acquiring lock…
2020/11/25 09:16:45 [INFO][caddydash.westeurope.azurecontainer.io] Obtain: Lock acquired; proceeding…
2020/11/25 09:16:46 [INFO][caddydash.westeurope.azurecontainer.io] Waiting on rate limiter…
2020/11/25 09:16:46 [INFO][caddydash.westeurope.azurecontainer.io] Done waiting
2020/11/25 09:16:46 [INFO] [caddydash.westeurope.azurecontainer.io] acme: Obtaining bundled SAN certificate given a CSR
2020/11/25 09:16:46 [INFO] [caddydash.westeurope.azurecontainer.io] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8851499004
2020/11/25 09:16:46 [INFO] [caddydash.westeurope.azurecontainer.io] acme: use tls-alpn-01 solver
2020/11/25 09:16:46 [INFO] [caddydash.westeurope.azurecontainer.io] acme: Trying to solve TLS-ALPN-01
2020/11/25 09:16:47 http: TLS handshake error from 127.0.0.1:33522: EOF
2020/11/25 09:17:01 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8851499004
2020/11/25 09:17:02 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8851499004
2020/11/25 09:17:02 [ERROR] error: one or more domains had a problem:
[caddydash.westeurope.azurecontainer.io] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem), url:
(challenge=tls-alpn-01 remaining=[http-01])
2020/11/25 09:17:04 [INFO] [caddydash.westeurope.azurecontainer.io] acme: Obtaining bundled SAN certificate given a CSR
2020/11/25 09:17:04 [INFO] [caddydash.westeurope.azurecontainer.io] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8851503524
2020/11/25 09:17:04 [INFO] [caddydash.westeurope.azurecontainer.io] acme: Could not find solver for: tls-alpn-01
2020/11/25 09:17:04 [INFO] [caddydash.westeurope.azurecontainer.io] acme: use http-01 solver
2020/11/25 09:17:04 [INFO] [caddydash.westeurope.azurecontainer.io] acme: Trying to solve HTTP-01
2020/11/25 09:17:19 http: TLS handshake error from 10.240.255.56:55209: EOF
2020/11/25 09:17:19 http: TLS handshake error from 10.240.255.55:54013: EOF
2020/11/25 09:17:23 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/8851503524
2020/11/25 09:17:23 [ERROR] error: one or more domains had a problem:
[caddydash.westeurope.azurecontainer.io] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://caddydash.westeurope.azurecontainer.io/.well-known/acme-challenge/vEA4EhdftIezymDOzAKhlkdoGa30EIuMetPnLc0O4Wo: Timeout during connect (likely firewall problem), url:
(challenge=http-01 remaining=[])
5. What I already tried:
I tried the 2 different Caddy Files listed above.