1. The problem I’m having:
I wanted to run a simple web server on local. So I ran caddy in a docker on my mac and started ngrok, to make the web server available to the world.
My problem is, although the Caddyfile had a named block for port 80 (and 443), it didn’t return 200. Instead it looked like it was redirected to 443. Shouldn’t it return 200 with message “Im healthy”?
2. Error messages and/or full log output:
richardchou@Richards-MacBook-Pro caddy_cluster % docker run -p 443:443 -p 80:80 caddy-cluster
{"level":"info","ts":1688693601.6755793,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
{"level":"warn","ts":1688693601.6761997,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1688693601.677662,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1688693601.6778586,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1688693601.6778708,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"warn","ts":1688693601.6778777,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
{"level":"info","ts":1688693601.6780093,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x400007cd90"}
{"level":"info","ts":1688693601.678052,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1688693601.678093,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
{"level":"debug","ts":1688693601.6781404,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
{"level":"info","ts":1688693601.678162,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"debug","ts":1688693601.6781754,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
{"level":"info","ts":1688693601.6781783,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
{"level":"info","ts":1688693601.6783762,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1688693601.6794465,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1688693601.6794589,"msg":"serving initial configuration"}
{"level":"info","ts":1688693601.6821163,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"debug","ts":1688694307.5788047,"logger":"events","msg":"event","name":"tls_get_certificate","id":"d065ce19-4254-4b16-94d7-88d0cbcd775f","origin":"tls","data":{"client_hello":{"CipherSuites":[49199,49200,49195,49196,52392,52393,49171,49161,49172,49162,156,157,47,53,49170,10,4865,4867,4866],"ServerName":"localhost","SupportedCurves":[29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[2052,1027,2055,2053,2054,1025,1281,1537,1283,1539,513,515],"SupportedProtos":null,"SupportedVersions":[772,771,770,769],"Conn":{}}}}
{"level":"debug","ts":1688694307.5859387,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"localhost"}
{"level":"debug","ts":1688694307.5867674,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"*"}
{"level":"debug","ts":1688694307.5867815,"logger":"tls.handshake","msg":"all external certificate managers yielded no certificates and no errors","remote_ip":"172.17.0.1","remote_port":"59162","sni":"localhost"}
{"level":"debug","ts":1688694307.9071097,"logger":"tls","msg":"response from ask endpoint","domain":"localhost","url":"https://ezyraise.ap.ngrok.io?domain=localhost","status":404}
{"level":"debug","ts":1688694307.9083111,"logger":"http.stdlib","msg":"http: TLS handshake error from 172.17.0.1:59162: localhost: certificate not allowed by ask endpoint https://ezyraise.ap.ngrok.io - non-2xx status code 404"}
3. Caddy version:
2.6.4
4. How I installed and ran Caddy:
a. System environment:
MacOS Apple M1
Docker Desktop
b. Command:
Building docker image
docker build -t caddy-cluster .
Starting container
docker run -p 80:80 -p 443:443 caddy-cluster
Starting ngrok
./ngrok http -subdomain=ezyraise -region au 443
Session Status online
Account ezyraise (Plan: Pro)
Version 2.3.41
Region Australia (au)
Web Interface http://127.0.0.1:4040
Forwarding http://ezyraise.au.ngrok.io -> https://localhost:443
Forwarding https://ezyraise.au.ngrok.io -> https://localhost:443
curl port 80
curl -vL http://ezyraise.au.ngrok.io/health
and it returned error 404
c. Service/unit/compose file:
Dockerfile
FROM caddy:2.6.4-alpine
COPY Caddyfile /etc/caddy/Caddyfile
EXPOSE 80
EXPOSE 443
CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile"]
d. My complete Caddy config:
Caddyfile
{
debug
on_demand_tls {
ask https://ezyraise.ap.ngrok.io
burst 5
interval 2m
}
}
:80 {
respond /health "Im healthy" 200
}
:443 {
tls {
on_demand
}
reverse_proxy https://tictactoeonrails.tamsui.xyz {
header_down Strict-Transport-Security max-age=31536000
header_up Host {host}
header_up X-Real-IP {remote_host}
}
}