1. Caddy version (caddy version):
2.4.6
2. How I run Caddy:
a. System environment:
Docker (own derived image with cloudflare DNS ACME module as shown on the Dockerhub page)
b. Command:
docker-compose up -d
c. Service/unit/compose file:
version: "3.8"
services:
caddy:
image: registry.gitlab.com/my-name/caddy:latest
container_name: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./data:/data
- ./config:/config
networks:
- proxy
d. My complete Caddyfile or JSON config:
(slightly edited as domain name is my personal name, sorry)
Config A
*.mypersonalname.com {
tls {
dns cloudflare API_KEY
}
@synology host synology.mypersonalname.com
handle @synology {
reverse_proxy 10.0.0.10:5001 {
transport http {
tls_insecure_skip_verify
}
}
}
# Fallback for otherwise unhandled domains
handle {
abort
}
encode zstd gzip
}
*.local.mypersonalname.com {
tls {
dns cloudflare API_KEY
}
@pihole host pihole.local.mypersonalname.com
handle @pihole {
reverse_proxy http://10.0.0.10:81 {
transport http {
tls_insecure_skip_verify
}
}
}
# Fallback for otherwise unhandled domains
handle {
abort
}
encode zstd gzip
}
Config B
*.mypersonalname.com {
tls {
dns cloudflare API_KEY
}
@synology host synology.mypersonalname.com
handle @synology {
reverse_proxy 10.0.0.10:5001 {
transport http {
tls_insecure_skip_verify
}
}
}
@pihole host pihole.local.mypersonalname.com
handle @pihole {
reverse_proxy 10.0.0.10:81
}
}
# Fallback for otherwise unhandled domains
handle {
abort
}
encode zstd gzip
}
3. The problem I’m having:
My domain name synology.mypersonalname.com points to my public IP and this all works perfectly from the outside network.
I have an internal pihole system with DNS which redirects this domain to the internal Caddy server IP and this works perfectly as well.
Now I would like to add internal services like the pihole admin dashboard to this configuration without being accessible to the internet. I have set my internal DNS of pihole.local.mypersonalname.com to my Caddy server IP. The internal DNS works, I have verified this with ping and curl.
The configurations above gets me a certificate without a problem but I can not access the service.
I just get a blank page. I have tried both configurations without succes.
I can get all of my services to run on abcd.mypersonalname.com but abcd.local.mypersonalname.com is a problem.
4. Error messages and/or full log output:
Config A:
No response in browser but does show a valid certificate, internal docker log shows a 502 error.
Config B:
browser:
SSL_ERROR_INTERNAL_ERROR_ALERT
Curl:
* Trying 10.0.0.11...
* TCP_NODELAY set
* Connected to pihole.local.mypersonalname.com (10.0.0.11) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS alert, internal error (592):
* error:14004438:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert internal error
* Closing connection 0
curl: (35) error:14004438:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert internal error
5. What I already tried:
A mix of above configurations A and B and various TLS options.