Serving my backend as https instead of http

lucas-goldner · November 27, 2021, 3:02pm

1. Caddy version (`caddy version`):

v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=

2. How I run Caddy:

caddy run

a. System environment:

ubuntu

b. Command:

caddy start

c. Service/unit/compose file:

Not using anything

d. My complete Caddyfile or JSON config:

{
        email lucas.goldner@googlemail.com
}

carlos.lucas-goldner.com {
        reverse_proxy http://127.0.0.1:5500
}

3. The problem I’m having:

I have configured the subdomain to redirect to carlos.lucas-goldner.com to redirect to the server at the IP: 49.12.231.186. I have a express server running there on the port 5500. Now I am trying to set up an express server so I can serve the express server at https://carlos.lucas-goldner.com.
I have an endpoint to test this at http://49.12.231.186:5500/online. But this works only on http and not on https. Any ideas on how to fix it ?. My domain is hosted on gandi.net btw.

4. Error messages and/or full log output:

root@carlosserver:/home/CarlosServer/CarlosServer# caddy run
2021/11/27 14:50:05.272	INFO	using adjacent Caddyfile
run: loading initial config: loading new config: starting caddy administration endpoint: listen tcp 127.0.0.1:2019: bind: address already in use
root@carlosserver:/home/CarlosServer/CarlosServer# caddy start
2021/11/27 14:50:55.675	INFO	using adjacent Caddyfile
run: loading initial config: loading new config: starting caddy administration endpoint: listen tcp 127.0.0.1:2019: bind: address already in use
start: caddy process exited with error: exit status 1
root@carlosserver:/home/CarlosServer/CarlosServer# caddy stop
root@carlosserver:/home/CarlosServer/CarlosServer# caddy start
2021/11/27 14:51:02.007	INFO	using adjacent Caddyfile
2021/11/27 14:51:02.013	INFO	admin	admin endpoint started	{"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2021/11/27 14:51:02.014	INFO	http	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2021/11/27 14:51:02.014	INFO	http	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2021/11/27 14:51:02.015	INFO	http	enabling automatic TLS certificate management	{"domains": ["carlos.lucas-goldner.com"]}
2021/11/27 14:51:02.015	INFO	autosaved config (load with --resume flag)	{"file": "/root/.config/caddy/autosave.json"}
2021/11/27 14:51:02.015	INFO	serving initial configuration
2021/11/27 14:51:02.016	INFO	tls	cleaning storage unit	{"description": "FileStorage:/root/.local/share/caddy"}
2021/11/27 14:51:02.017	INFO	tls	finished cleaning storage units
2021/11/27 14:51:02.017	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0xc00053bce0"}
2021/11/27 14:51:02.018	INFO	tls.obtain	acquiring lock	{"identifier": "carlos.lucas-goldner.com"}
2021/11/27 14:51:02.020	INFO	tls.obtain	lock acquired	{"identifier": "carlos.lucas-goldner.com"}
Successfully started Caddy (pid=2711383) - Caddy is running in the background
root@carlosserver:/home/CarlosServer/CarlosServer# 2021/11/27 14:51:02.968	INFO	tls.issuance.acme	waiting on internal rate limiter	{"identifiers": ["carlos.lucas-goldner.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "lucas.goldner@googlemail.com"}
2021/11/27 14:51:02.970	INFO	tls.issuance.acme	done waiting on internal rate limiter	{"identifiers": ["carlos.lucas-goldner.com"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "lucas.goldner@googlemail.com"}
2021/11/27 14:51:03.425	INFO	tls.issuance.acme.acme_client	trying to solve challenge	{"identifier": "carlos.lucas-goldner.com", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2021/11/27 14:51:04.871	ERROR	tls.issuance.acme.acme_client	challenge failed	{"identifier": "carlos.lucas-goldner.com", "challenge_type": "http-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "Fetching http://carlos.lucas-goldner.com/.well-known/acme-challenge/E-Lx7iVNS6lXr5Vvr8552H59BnStOQxnDJpTi7FsDrI: Error getting validation data", "instance": "", "subproblems": []}}
2021/11/27 14:51:04.872	ERROR	tls.issuance.acme.acme_client	validating authorization	{"identifier": "carlos.lucas-goldner.com", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "Fetching http://carlos.lucas-goldner.com/.well-known/acme-challenge/E-Lx7iVNS6lXr5Vvr8552H59BnStOQxnDJpTi7FsDrI: Error getting validation data", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/297785050/42907116700", "attempt": 1, "max_attempts": 3}
2021/11/27 14:51:06.258	INFO	tls.issuance.acme.acme_client	trying to solve challenge	{"identifier": "carlos.lucas-goldner.com", "challenge_type": "tls-alpn-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2021/11/27 14:51:07.713	ERROR	tls.issuance.acme.acme_client	challenge failed	{"identifier": "carlos.lucas-goldner.com", "challenge_type": "tls-alpn-01", "problem": {"type": "urn:ietf:params:acme:error:unauthorized", "title": "", "detail": "Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge", "instance": "", "subproblems": []}}
2021/11/27 14:51:07.713	ERROR	tls.issuance.acme.acme_client	validating authorization	{"identifier": "carlos.lucas-goldner.com", "problem": {"type": "urn:ietf:params:acme:error:unauthorized", "title": "", "detail": "Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/297785050/42907132260", "attempt": 2, "max_attempts": 3}
2021/11/27 14:51:09.239	ERROR	tls.obtain	could not get certificate from issuer	{"identifier": "carlos.lucas-goldner.com", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[carlos.lucas-goldner.com] solving challenges: carlos.lucas-goldner.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/297785050/42907141380) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2021/11/27 14:51:10.425	INFO	tls.issuance.zerossl	generated EAB credentials	{"key_id": "9WkWiv9fA6MLDV7aGZJ_Kg"}
2021/11/27 14:51:14.261	INFO	tls.issuance.acme	waiting on internal rate limiter	{"identifiers": ["carlos.lucas-goldner.com"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "lucas.goldner@googlemail.com"}
2021/11/27 14:51:14.262	INFO	tls.issuance.acme	done waiting on internal rate limiter	{"identifiers": ["carlos.lucas-goldner.com"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "lucas.goldner@googlemail.com"}
2021/11/27 14:51:16.381	INFO	tls.issuance.acme.acme_client	trying to solve challenge	{"identifier": "carlos.lucas-goldner.com", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}
```

Mohammed90 · November 27, 2021, 4:24pm

If you want Caddy to handle exposing your service/app on https, you shouldn’t be redirecting to the IP address of your express server. That said, your Caddyfile doesn’t have the redir logic. Is that truly the same Caddyfile currently running on your server?

One thing to note, currently your domain name carlos.lucas-goldner.com points to the IP address 217.70.184.56. Is this the IP address of the server where you’re running Caddy?

system · December 27, 2021, 3:02pm

This topic was automatically closed after 30 days. New replies are no longer allowed.