1. The problem I’m having:
Greetings
I have been using Caddy for Grafana and other systems. I loved it a lot, no hassle to access the systems through https on the local area network. Currently, I am using ERPNext which I deployed using Podman and I am trying to access it with https://mydomain.net. The pod / container is running on port 8085; when I go to https://mydomain.net I am getting black screen with no content on it.
2. Error messages and/or full log output:
Dec 13 10:07:37 fedora caddy[1419]: {"level":"error","ts":1734073657.9075766,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.4.33","remote_port":"36846","client_ip":"192.168.4.33","proto":"HTTP/2.0","method":"GET","host":"erp.liyumfi.net","uri":"/","headers":{"Priority":["u=0, i"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Upgrade-Insecure-Requests":["1"],"Cookie":["REDACTED"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"erp.liyumfi.net"}},"duration":0.001602726,"status":502,"err_id":"8zi46xs7e","err_trace":"reverseproxy.statusError (reverseproxy.go:1269)"}
Dec 13 10:07:37 fedora caddy[1419]: {"level":"error","ts":1734073657.9914207,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.4.33","remote_port":"36846","client_ip":"192.168.4.33","proto":"HTTP/2.0","method":"GET","host":"erp.liyumfi.net","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Priority":["u=0, i"],"Te":["trailers"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Cookie":["REDACTED"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["cross-site"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"erp.liyumfi.net"}},"duration":0.001069844,"status":502,"err_id":"7xf17t6py","err_trace":"reverseproxy.statusError (reverseproxy.go:1269)"}
Dec 13 10:07:38 fedora caddy[1419]: {"level":"error","ts":1734073658.1293514,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_ip":"192.168.4.33","remote_port":"36846","client_ip":"192.168.4.33","proto":"HTTP/2.0","method":"GET","host":"erp.liyumfi.net","uri":"/favicon.ico","headers":{"Accept":["image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Mode":["no-cors"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0"],"Referer":["https://erp.liyumfi.net/"],"Cookie":["REDACTED"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Site":["same-origin"],"Priority":["u=6"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"erp.liyumfi.net"}},"duration":0.001046611,"status":502,"err_id":"m55ukieu0","err_trace":"reverseproxy.statusError (reverseproxy.go:1269)"}
3. Caddy version:
v2.8.4
4. How I installed and ran Caddy:
From official fedora repository
Name : caddy
Epoch : 0
Version : 2.8.4
Release : 1.fc41
Architecture : x86_64
Installed size : 42.7 MiB
Source : caddy-2.8.4-1.fc41.src.rpm
From repository : fedora
Summary : Web server with automatic HTTPS
URL : https://caddyserver.com
License : Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND MIT AND BSD-2-Clause-Views AND CC0-1.0 AND ISC AND MPL-2.0
Description : Caddy is an extensible server platform that uses TLS by default.
Vendor : Fedora Project
a. System environment:
OS: Fedora Linux 41 (KDE Plasma) x86_64
Host: VMware Virtual Platform
Kernel: Linux 6.11.11-300.fc41.x86_64
Shell: bash 5.2.32
Terminal: /dev/pts/0
cCPU: 12th Gen Intel(R) Core(TM) i7-12700 (12) @ 2.11 GHz
GPU: VMware SVGA II Adapter
b. Command:
# I am running as a system daemon
systems start caddy
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy web server
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
PrivateTmp=true
ProtectHome=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
# The Caddyfile is an easy way to configure your Caddy web server.
#
# https://caddyserver.com/docs/caddyfile
# The configuration below serves a welcome page over HTTP on port 80. To use
# your own domain name with automatic HTTPS, ensure your A/AAAA DNS record is
# pointing to this machine's public IP, then replace `http://` with your domain
# name. Refer to the documentation for full instructions on the address
# specification.
#
# https://caddyserver.com/docs/caddyfile/concepts#addresses
http:// {
# Set this path to your site's directory.
root * /usr/share/caddy
# Enable the static file server.
file_server
# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8080
# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000
# Refer to the directive documentation for more options.
# https://caddyserver.com/docs/caddyfile/directives
}
# As an alternative to editing the above site block, you can add your own site
# block files in the Caddyfile.d directory, and they will be included as long
# as they use the .caddyfile extension.
import Caddyfile.d/*.caddyfile
cloud.liyumfi.net {
tls internal
reverse_proxy localhost:8080 {
# Use https with a self signed cert between Caddy and Cells
transport http {
tls
tls_insecure_skip_verify
}
}
}
monitor.liyumfi.net {
tls internal
reverse_proxy localhost:3000 {
# Use https with a self signed cert between Caddy and Cells
transport http {
tls
tls_insecure_skip_verify
}
}
}
liyumfi.net {
tls internal
root * /var/www/liyumfiportal/
file_server
}
erp.liyumfi.net {
tls internal
reverse_proxy localhost:8085 {
# Use https with a self signed cert between Caddy and Cells
transport http {
tls
tls_insecure_skip_verify
}
}
}