1. Caddy version (caddy version
):
$ caddy version
v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=
2. How I run Caddy:
My caddy is run as a systemd service, serving a static directory on one domain and reverse proxying to a backend passenger ruby container (with nginx and RoR included) on a subdomain.
a. System environment:
Linux adalab 4.15.0-88-generic #88-Ubuntu SMP Tue Feb 11 20:11:34 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
b. Command:
$ ps aux | grep caddy
benben 4126 0.0 0.0 15492 1044 pts/3 S+ 10:26 0:00 grep --color=auto caddy
caddy 30275 0.0 1.0 739712 42256 ? Ssl Jul08 1:52 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
foobar.com {
# static pages
file_server
root * /home/foobar/webroot/
}
subdomain.foobar.com {
reverse_proxy localhost:8080
# logging
log {
output file /var/log/caddy.log
}
}
3. The problem I’m having:
foobar.com
works just fine, but visiting subdomain.foobar.com
from FireFox generates a sec_error_ocsp_old_response error.
4. Error messages and/or full log output:
No error in the log.
5. What I already tried:
- switching to another browser resolves the problem
- disabling OCSP in FireFox resolves the problem
- access to
foobar.com
works fine