Set up a single https access point to several podman containers in a Fedora-Server

groovyman · June 13, 2026, 5:34pm

1. The problem I’m having:

A server (Fedora-F44) does not render a https page, that has been configured as a revered-proxy to a local http access point. The server and the client with the firefox resides inside a LAN (router is a fritzbox). Whenever i am trying to access the https://chasmash/service my browser shows a ERR_SSL_PROTOCOL_ERROR

2. Error messages and/or full log output:

curl -vL  https://chasmash/kivitendo
* Host chasmash:443 was resolved.
* IPv6: (none)
* IPv4: 192.168.170.121
*   Trying 192.168.170.121:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL Trust Anchors:
*   CAfile: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
* TLSv1.3 (IN), TLS alert, internal error (592):
* TLS connect error: error:0A000438:SSL routines::tlsv1 alert internal error
* closing connection #0
curl: (35) TLS connect error: error:0A000438:SSL routines::tlsv1 alert internal error

So chasmash is the server dns name, that can be resolved and kivitendo is the part of the url, that should be rewritten inside a directive. Anyway the problem is to grant a proper https access from a browser, that actually fails.

3. Caddy version:

caddy-2.10.2-5.fc44.x86_64

4. How I installed and ran Caddy:

I am running a standard Fedeora-Server F44 with a installed caddy. The installation of caddy is very simple. I installed it as a package from the Fedora-Standard repository. Fedora comes with its own infrastructure using a /etc/caddy/Caddyfile file and a service oriented subdir /etc/caddy/Caddyfile.d directory (similar to postgres) that holds all services.
In order to keep installed files untouched (due to possible changes by updates) i decided to put all to-be exposed http urls into individual service.caddyfile files.

# my kivitendo.caddyfile
https://chasmash.fritz.box {
   handle_path /kivitendo/* {
   reverse_proxy  localhost:9190
}

Caddy should work as a host-local distribution and functional distribution service to all install container with their local http service access points.

a. System environment:

A simple out of the box Fedora-Server F44 running in a LAN. The standard package caddy has been installed. Caddy should act here as a

b. Command:

see above

c. Service/unit/compose file:

PASTE OVER THIS HERE IN THIS CODE BLOCK.
Please ensure it looks nice.

d. My complete Caddy config:

# file /etc/caddy/Caddyfile:
http:// {
	# Set this path to your site's directory.
	root * /usr/share/caddy

	# Enable the static file server.
	file_server

	# Another common task is to set up a reverse proxy:
	# reverse_proxy localhost:8080

	# Or serve a PHP site through php-fpm:
	# php_fastcgi localhost:9000

	# Refer to the directive documentation for more options.
	# https://caddyserver.com/docs/caddyfile/directives
}

# file /etc/caddy/Caddyfile.d/kivitendo:
https://chasmash.fritz.box {
	handle_path /kivitendo/* {
		reverse_proxy localhost:9190
	}

5. Links to relevant resources:

none