./caddy version
v2.0.0-rc.1 h1:DxUlg4kMisXwXVnWND7KEPl1f+vjFpIOzYpKpfmwyj8=
2. How I run Caddy:
caddy run
a. System environment:
Ubuntu 18.04
b. Command:
caddy run
c. Service/unit/compose file:
NA
d. My complete Caddyfile or JSON config:
localhost:2016 {
respond "Goodbye, world!"
}
3. The problem I’m having:
Following instructions at Caddyfile Quick-start — Caddy Documentation with a basic Caddyfile. Based on the Caddyfile seems it should be listening on port 2016, yet it tries to listen on port 80.
4. Error messages and/or full log output:
2020/04/07 14:59:09.042 ERROR pki.ca.local failed to install root certificate {“error”: “trust not supported”, “certificate_file”: “storage:pki/authorities/local/root.crt”}
run: loading initial config: loading new config: http app module: start: tcp: listening on :80: listen tcp :80: bind: permission denied
5. What I already tried:
Works if I run as root, which is expected for port 80, but trying to understand why it is trying to listen on port 80 to begin with.
The very first line seems to indicate it is using CaddyFile
2020/04/07 14:59:09.000 INFO using adjacent Caddyfile
curl https://localhost:2016
Goodbye, world!
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Will go over the documentation to figure out how to serve an actual domain with DNS, but wanted to point out the issues with the instructions.
2020/04/07 20:42:13.204 INFO using adjacent Caddyfile
2020/04/07 20:42:13.205 INFO admin admin endpoint started {“address”: “localhost:2019”, “enforce_origin”: false, “origins”: [“localhost:2019”]}
2020/04/07 20:42:13.205 INFO http enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2020/04/07 13:42:13 [INFO][cache:0xc00072bb30] Started certificate maintenance routine
2020/04/07 20:42:13.214 INFO tls setting internal issuer for automation policy that has only internal subjects but no issuer configured {“subjects”: [“localhost”]}
2020/04/07 20:42:13.215 INFO tls cleaned up storage units
2020/04/07 20:42:13.238 WARN pki.ca.local installing root certificate (you might be prompted for password) {“path”: “storage:pki/authorities/local/root.crt”}
2020/04/07 13:42:13 Note: NSS support is not available on your platform
2020/04/07 13:42:13 define JAVA_HOME environment variable to use the Java trust
2020/04/07 20:42:13.238 ERROR pki.ca.local failed to install root certificate {“error”: “trust not supported”, “certificate_file”: “storage:pki/authorities/local/root.crt”}
2020/04/07 20:42:13.238 INFO http enabling automatic TLS certificate management {“domains”: [“localhost”]}
2020/04/07 13:42:13 [WARNING] Stapling OCSP: no OCSP stapling for [localhost]: no OCSP server specified in certificate
2020/04/07 20:42:13.239 INFO autosaved config {“file”: “/root/.config/caddy/autosave.json”}
2020/04/07 20:42:13.239 INFO serving initial configuration
It mentions may be prompted for a password, but there was no prompt.
Ah, what happens if you use the latest on master? (You can find CI artifacts to download rather than building from source if you prefer.) We fixed something there recently related to those errors.
#./caddy run
2020/04/08 17:48:13.857 INFO using adjacent Caddyfile
2020/04/08 17:48:13.858 INFO admin admin endpoint started {“address”: “localhost:2019”, “enforce_origin”: false, “origins”: [“localhost:2019”]}
2020/04/08 17:48:13.858 INFO http enabling automatic HTTP->HTTPS redirects {“server_name”: “srv0”}
2020/04/08 10:48:13 [INFO][cache:0xc000279b30] Started certificate maintenance routine
2020/04/08 17:48:13.872 INFO tls setting internal issuer for automation policy that has only internal subjects but no issuer configured {“subjects”: [“localhost”]}
2020/04/08 17:48:13.872 INFO tls cleaned up storage units
2020/04/08 17:48:13.890 WARN pki.ca.local installing root certificate (you might be prompted for password) {“path”: “storage:pki/authorities/local/root.crt”}
2020/04/08 10:48:13 Note: NSS support is not available on your platform
2020/04/08 10:48:13 define JAVA_HOME environment variable to use the Java trust
2020/04/08 17:48:13.890 ERROR pki.ca.local failed to install root certificate {“error”: “trust not supported”, “certificate_file”: “storage:pki/authorities/local/root.crt”}
2020/04/08 17:48:13.890 INFO http enabling automatic TLS certificate management {“domains”: [“localhost”]}
2020/04/08 10:48:13 [WARNING] Stapling OCSP: no OCSP stapling for [localhost]: no OCSP server specified in certificate
2020/04/08 17:48:13.891 INFO autosaved config {“file”: “/root/.config/caddy/autosave.json”}
2020/04/08 17:48:13.891 INFO serving initial configuration
2020/04/08 10:48:46 http: TLS handshake error from 174.136.110.235:15936: local error: tls: bad record MAC
Judging by your paste, it looks like you’re running as root already, so you won’t get a password prompt.
And from this log line:
2020/04/08 17:48:13.890 ERROR pki.ca.local failed to install root certificate {“error”: “trust not supported”, “certificate_file”: “storage:pki/authorities/local/root.crt”}
It seems like your system isn’t supported for the automatic trust store installation for some reason. You can always install the cert manually as a workaround.