1. The problem I’m having:
In our company, I have an Ubuntu server that is not visible from the internet and until recently could only be accessed on port 22. I want to use it for local testing of webapps and therefore asked for ports 80 and 443 to be open.
As a minimal test, I run python -m http.server 8080
and then test port 80 with sudo caddy reverse-proxy --from :80 --to :8080
- this works.
However, where I try port 443 with sudo caddy reverse-proxy --to :8080
, I get SSL_ERROR_INTERNAL_ERROR_ALERT
in my browser.
Using curl -vL https://or-miniserver.sintef.no
returns:
* Host or-miniserver.sintef.no:443 was resolved.
* IPv6: (none)
* IPv4: 10.218.6.71
* Trying 10.218.6.71:443...
* Connected to or-miniserver.sintef.no (10.218.6.71) port 443
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
* closing connection #0
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
What am I missing? (This is the first time I am trying Caddy…)
2. Error messages and/or full log output:
Log from the terminal:
$ sudo caddy reverse-proxy --to :8080
2025/04/30 08:34:10.400 WARN admin admin endpoint disabled
2025/04/30 08:34:10.400 INFO http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "proxy", "https_port": 443}
2025/04/30 08:34:10.400 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {"server_name": "proxy"}
2025/04/30 08:34:10.400 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0004b4780"}
2025/04/30 08:34:10.401 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"}
2025/04/30 08:34:10.401 INFO http enabling HTTP/3 listener {"addr": ":443"}
2025/04/30 08:34:10.401 INFO http.log server running {"name": "proxy", "protocols": ["h1", "h2", "h3"]}
2025/04/30 08:34:10.401 WARN http HTTP/2 skipped because it requires TLS {"network": "tcp", "addr": ":80"}
2025/04/30 08:34:10.401 WARN http HTTP/3 skipped because it requires TLS {"network": "tcp", "addr": ":80"}
2025/04/30 08:34:10.401 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2025/04/30 08:34:10.401 INFO http enabling automatic TLS certificate management {"domains": ["localhost"]}
2025/04/30 08:34:10.401 INFO caddy proxying {"from": "https://localhost", "to": [":8080"]}
2025/04/30 08:34:10.405 INFO tls storage cleaning happened too recently; skipping for now {"storage": "FileStorage:/root/.local/share/caddy", "instance": "4482d726-f6ad-4a1d-9a82-f8d87d0d8e76", "try_again": "2025/05/01 08:34:10.405", "try_again_in": 86399.999999728}
2025/04/30 08:34:10.405 INFO tls finished cleaning storage units
3. Caddy version:
v2.10.0 h1:fonubSaQKF1YANl8TXqGcn4IbIRUDdfAkpcsfI/vX5U=
4. How I installed and ran Caddy:
a. System environment:
Ubuntu 22.04.5 LTS, on bare metal
Installed from PPA, following instructions from [Install — Caddy Documentation]
b. Command:
sudo caddy reverse-proxy --to :8080
c. Service/unit/compose file:
N/A
d. My complete Caddy config:
No config file