1. The problem I’m having:
I am working on a Docker Compose file for an app I want to use. That app doesn’t support HTTPS, only HTTP. I can expose port 3000 in Docker and things work fine. But, you know, HTTP. So, my plan is to modify it to not expose the HTTP port, and instead add Caddy to the Compose file and let it reverse proxy to the app.
But the server I’m running this on will not have ports 80/443/or anything else open to the outside world. We have another reverse proxy on the edge that will handle the certs and directing traffic down to this setup.
So, my goal is to have Caddy use a self-signed cert, which my edge reverse proxy won’t care about, and then I should be able to get all the way down to the app in question.
So far I am unable to work out the command to make that happen.
2. Error messages and/or full log output:
* Host docker-01.owa.local:3001 was resolved.
* IPv6: (none)
* IPv4: 127.0.1.1, 10.10.40.13
* Trying 127.0.1.1:3001...
* Connected to docker-01.owa.local (127.0.1.1) port 3001
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS alert, internal error (592):
* OpenSSL/3.0.13: error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection
curl: (35) OpenSSL/3.0.13: error:0A000438:SSL routines::tlsv1 alert internal error
3. Caddy version:
v2.8.1
4. How I installed and ran Caddy:
a. System environment:
Docker
b. Command:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
c. Service/unit/compose file:
version: '3'
services:
app:
image: image/image:latest
ports:
- 3000:3000
- app-data:/data
restart: always
caddy:
image: caddy:latest
command: caddy reverse-proxy --to app:3000
ports:
- 3001:443
- 3001:443/udp
volumes:
- .:/data
volumes:
app-data:
driver: local
I’ve also tried adding -i at the end of the caddy command, to no avail.
d. My complete Caddy config:
no Caddy config, trying to run single line command