1. The problem I’m having:
I am running running Caddy to provide a reverse proxy to a streamlit service. The service runs on a VPS with a FQD of myexample.com but streamlit has a bind address 127.0.0.1, i.e. it is not reachable from outside, because I would like to add SSL through Caddy.
Unfortunately, I am getting a series of errors when trying to connect to it through Caddy:
- https://myexample.com: Client sent an HTTP request to an HTTPS server.
- http://myexample.com: redirects to port from 80 to 0 → Failed to connect to myexample.com port 0
See below for the detailed error logs.
2. Error messages and/or full log output:
1st error
curl -vL https://myexample.com
* Trying x.x.x.x:443...
* Connected to myexample.com (x.x.x.x) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: CN=myexample.com
* start date: Apr 10 20:31:59 2024 GMT
* expire date: Jul 9 20:31:58 2024 GMT
* subjectAltName: host "myexample.com" matched cert's "myexample.com"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://myexample.com/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: myexample.com]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.4.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: myexample.com
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/2 400
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< content-type: text/plain; charset=utf-8
< date: Fri, 03 May 2024 19:53:59 GMT
<
Client sent an HTTP request to an HTTPS server.
* Connection #0 to host myexample.com left intact
2nd error
curl -vL myexample.com
* Trying x.x.x.x:80...
* Connected to myexample.com (x.x.x.x) port 80
> GET / HTTP/1.1
> Host: myexample.com
> User-Agent: curl/8.4.0
> Accept: */*
>
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://myexample.com:0/
< Server: Caddy
< Date: Fri, 03 May 2024 20:00:56 GMT
< Content-Length: 0
<
* Closing connection
* Clear auth, redirects to port from 80 to 0
* Issue another request to this URL: 'https://myexample.com:0/'
* Trying x.x.x.x:0...
* Immediate connect fail for x.x.x.x: Can't assign requested address
* Failed to connect to myexample.com port 0 after 2 ms: Couldn't connect to server
* Closing connection
curl: (7) Failed to connect to myexample.com port 0 after 2 ms: Couldn't connect to server
3. Caddy version:
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
4. How I installed and ran Caddy:
Debian package
a. System environment:
Debian 6.1.76-1 (2024-02-01) x86_64 GNU/Linux
b. Command:
sudo systemctl reload caddy
c. Service/unit/compose file:
standard file of Debian installation (no change)
d. My complete Caddy config:
myexample.com {
tls ssl@myexample.com
reverse_proxy 127.0.0.1:8501
}