1. Caddy version (caddy version
):
$ caddy version
v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=
2. How I run Caddy:
systemd
a. System environment:
Ubuntu 18.04
d. My complete Caddyfile or JSON config:
{
# This is pointing to Let's Encrypt Staging environment (for dev)
# https://letsencrypt.org/docs/staging-environment/
# This will allow you to get things right before issuing trusted
# certificates and reduce the chance of your running up against rate limits.
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
# causes all certificates to be issued internally by default,
# rather than through a (public) ACME CA such as Let's Encrypt.
# This is useful in development environments.
local_certs
# configure automatic HTTPS. It can either disable it entirely (off)
# or disable only HTTP-to-HTTPS redirects (disable_redirects).
# auto_https off
auto_https disable_redirects
debug
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile
(SecurityHeaders) {
header_up X-Real-IP {remote_host}
header_up X-Forwarded-Proto {scheme}
}
:80, :443 {
tls {
on_demand
}
# Set this path to your site's directory.
root * /opt/ivt/apps/6.0.0/packages/client/spa
# Enable the static file server.
file_server
route /weather/* {
uri replace /weather /socket.io
reverse_proxy * http://localhost:3010 {
import SecurityHeaders
}
}
route /ptz/* {
uri replace /ptz /socket.io
reverse_proxy * http://localhost:3006 {
import SecurityHeaders
}
}
route /liveview/* {
uri replace /liveview /socket.io
reverse_proxy * http://localhost:3004 {
import SecurityHeaders
}
}
route /archive/* {
uri replace /archive /socket.io
reverse_proxy * http://localhost:3003 {
import SecurityHeaders
}
}
route /alarms/* {
uri replace /alarms /socket.io
reverse_proxy * http://localhost:3002 {
import SecurityHeaders
}
}
route /console_socket/* {
uri replace /console_socket /console/socket.io
reverse_proxy * http://localhost:3001 {
import SecurityHeaders
}
}
route /web_app_socket/* {
uri replace /web_app_socket /web/socket.io
reverse_proxy * http://localhost:3001 {
import SecurityHeaders
}
}
route /files/* {
uri replace /files/ /
reverse_proxy * http://localhost:3001 {
import header_options
}
}
route /api/* {
reverse_proxy * http://localhost:3001 {
import header_options
}
}
}
3. The problem I’m having:
In the journal, getting this message:
Dec 08 20:46:26 lance-ubuntu caddy[16093]: {"level":"debug","ts":1607485586.9103239,"logger":"http.stdlib",
"msg":"http: TLS handshake error from [fe80::b1d9:68f3:fcda:a150%enp0s31f6]:62373:
subject name does not qualify for certificate: fe80::db67:46fb:e04e:5397%enp0s31f6"}
4. Error messages and/or full log output:
displayed above
5. What I already tried:
This should just be generating local certs. There’s no domain name used. It’s an IoT device.