Serving https:localhost on local network on windows

Jens_s · April 30, 2024, 2:28pm

1. The problem I’m having:

im trying to serve a few endpoints in my local network, by means of Caddyfile. when I try to resolve https://localhost:8010 i get my expected index.html back. Same on two configured endpoints on https://localhost:8011. But when I try to resolve through https://192.168.0.37:8010 it seems to pickup something about the certificate but no html response is ever returned.

i am sure that this is due to misconfigured caddyfile. And a general noobyness on my part. Could you please verify the caddyfile

I also tried to specify the reverse proxy directive with Header Up and at that point I mostly brute forced and doing guesswork

an additional troubleshooting problem seems to be using curl on windows correctly, instead of with the browser.

2. Error messages and/or full log output:

output of caddy

2024/04/30 13:56:23.008 INFO    using adjacent Caddyfile
2024/04/30 13:56:23.011 WARN    Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies   {"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2024/04/30 13:56:23.029 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//[::1]:2019", "//127.0.0.1:2019", "//localhost:2019"]}
2024/04/30 13:56:23.029 INFO    http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2024/04/30 13:56:23.029 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000246380"}
2024/04/30 13:56:23.030 INFO    http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "srv1"}
2024/04/30 13:56:23.034 WARN    tls     storage cleaning happened too recently; skipping for now        {"storage": "FileStorage:C:\\Users\\Jens\\AppData\\Roaming\\Caddy", "instance": "3d979852-18d0-470a-b559-f290f3d29255", "try_again": "2024/05/01 13:56:23.034", "try_again_in": 86400}
2024/04/30 13:56:23.034 INFO    tls     finished cleaning storage units
2024/04/30 13:56:23.048 WARN    pki.ca.local    installing root certificate (you might be prompted for password)       {"path": "storage:pki/authorities/local/root.crt"}
2024/04/30 13:56:23.676 ERROR   pki.ca.local    failed to install root certificate      {"error": "failed to execute keytool.exe: exit status 1", "certificate_file": "storage:pki/authorities/local/root.crt"}
2024/04/30 13:56:23.677 INFO    http    enabling HTTP/3 listener        {"addr": ":8010"}
2024/04/30 13:56:23.678 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/04/30 13:56:23.678 INFO    http    enabling HTTP/3 listener        {"addr": ":8011"}
2024/04/30 13:56:23.679 INFO    http.log        server running  {"name": "srv1", "protocols": ["h1", "h2", "h3"]}
2024/04/30 13:56:23.679 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/04/30 13:56:23.679 INFO    http    enabling automatic TLS certificate management   {"domains": ["192.168.0.37", "localhost"]}
2024/04/30 13:56:23.679 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [192.168.0.37]: no OCSP server specified in certificate", "identifiers": ["192.168.0.37"]}
2024/04/30 13:56:23.680 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [localhost]: no OCSP server specified in certificate", "identifiers": ["localhost"]}
2024/04/30 13:56:23.680 INFO    autosaved config (load with --resume flag)      {"file": "C:\\Users\\Jens\\AppData\\Roaming\\Caddy\\autosave.json"}
2024/04/30 13:56:23.680 INFO    serving initial configuration

curl output

*   Trying [::1]:8010...
* Connected to localhost (::1) port 8010
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - De certificaatketen is verleend door een niet-vertrouwde instantie.
* Closing connection
* schannel: shutting down SSL/TLS connection with localhost port 8010
curl: (60) schannel: SEC_E_UNTRUSTED_ROOT (0x80090325) - De certificaatketen is verleend door een niet-vertrouwde instantie.
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

a. System environment:

Windows 11 in powershell 7 terminal

b. Command:

caddy run

separate terminal

curl -vL https://localhost:8010

c. Service/unit/compose file:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

d. My complete Caddy config:

localhost:8010 {
    root public
    file_server
}

localhost:8011 {
    handle_path /disk/A/* {
        root C:\Users\Jens\Documents\dotNET
        file_server browse
	}

	handle_path /disk/B/* {
        root C:\Users\Jens\Documents\ESP32
        file_server browse
	}
}

https://192.168.0.37:8010 {
	reverse_proxy https://localhost:8010
}

5. Links to relevant resources:

francislavoie · April 30, 2024, 5:52pm

You need to install Caddy’s root CA cert on the machines that you want to connect with, to establish trust.

Jens_s · May 8, 2024, 11:42am

its weird how little I understand of the certification. It seems that so far i only had to add this to only one device, for instance my phone, when on the network, it got the index page served without adding the cert to my phone (at least manually).

but i can continue my experimentation and learning with caddy. thanks