The HTTPS is not working, only HTTP

Vildnex · December 22, 2023, 8:13pm

1. The problem I’m having:

I am trying to access my QNAP Server via HTTPS but is not working, although the HTTP works just fine for some reason even if I have the redirect in place.

2. Error messages and/or full log output:

HTTPS (curl -vL https://MY_DOMAIN.com:myport/):

*   Trying MY_IP:myport...
* Connected to MY_DOMAIN.com (MY_IP) port myport (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* (5454) (IN), , Unknown (72):
* error:0A00010B:SSL routines::wrong version number
* Closing connection 0
curl: (35) error:0A00010B:SSL routines::wrong version number

HTTP(curl -vL http://MY_DOMAIN.com:myport/):

*   Trying MY_IP:myport...
* Connected to MY_DOMAIN (MY_IP) port myport (#0)
> GET / HTTP/1.1
> Host: MY_DOMAIN:myport
> User-Agent: curl/7.81.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Fri, 22 Dec 2023 19:58:00 GMT
< Server:  
< X-Frame-Options: SAMEORIGIN
< Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'self' ; worker-src 'self' blob:
< Content-type: text/html; charset=UTF-8
< Last-modified: Thu, 09 Nov 2023 21:45:33 GMT
< Accept-Ranges: bytes
< Content-length: 580
< Vary: Accept-Encoding
< X-XSS-Protection: 1; mode=block
< Strict-Transport-Security: max-age=0
< X-Content-Type-Options: nosniff
< 
<html style="background:#007cef">
<head>
<meta http-equiv="expires" content="0">
<script type='text/javascript'>
pr=(document.location.protocol == 'https:') ? 'https' : 'http';
pt=(location.port == '') ? '' : ':' + location.port;
redirect_suffix = "/redirect.html?count="+Math.random();
if(location.hostname.indexOf(':') == -1)
{
location.href=pr+"://"+location.hostname+pt+redirect_suffix;
}
else	//could be ipv6 addr
{
var url = "";
url=pr+"://["+ location.hostname.replace(/[\[\]]/g, '') +"]"+pt+redirect_suffix;
location.href = url;
}
</script>
</head>
<body>
</body>
</html>
* Connection #0 to host MY_DOMAIN left intact

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

I’ve installed it via docker-compose file:

version: "3.7"

services:
  caddy:
    image: caddy:latest
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - /share/homes/myuser/CaddyConf/Caddyfile:/etc/caddy/Caddyfile
      - /share/homes/myuser/ssl_certs:/ssl_certs
      - caddy_config:/config
      - /share/Movies:/Movies
    stdin_open: true  # Equivalent to -i
    tty: true  # Equivalent to -t

volumes:
  caddy_config:

5. Caddyfile:

{
    debug
}

MY_DOMAIN {
    reverse_proxy /* 192.168.0.98:8085
    reverse_proxy /jellyfin/* 192.168.0.98:8096
    reverse_proxy /nextcloud* 192.168.0.98:8888
    tls /ssl_certs/MY_DOMAIN_2023.crt /ssl_certs/myserver.key

    #Redirection from HTTP to HTTPS
    @http {
        protocol http
    }
    redir @http https://{host}{uri}
}

Mohammed90 · December 22, 2023, 8:56pm

Can you please share the full details without redactions? For instance, the value of the Server header here is redacted

but your config doesn’t have the header handler, which means either the shared config is incomplete or the log was manipulated. I can’t know if the response comes from Caddy or some other server on your NAS without such details.

My only guess for now, it isn’t Caddy answering your curl request because no sufficient information are included to prove this.

Vildnex · December 23, 2023, 8:36am

I am not sure how to do that… I mean I am a noob here and still trying to learn Caddy. The configuration file that I shared is complete, I mean that is the one I am using, and I am trying to make sense of why is not working.
So if you help me to make sense of this and make it work, I would be grateful.

Vildnex · December 23, 2023, 9:06pm

@Mohammed90 so… could you please help me to figurate out how can I fix it? Or at leat to pin point the problem? I would really appreciate this if possible

Mohammed90 · December 24, 2023, 7:01am

I don’t use QNAP myself, so I cannot give exact instructions. However, I found this link which says QNAP system uses the ports 80 and 443, and that you need to change them in order to let Caddy use them (see step 0):

Qnap - How-to configure Caddy2 on QNAP NAS | Forum des NAS : Synology, Qnap, Asustor… (forum-nas.fr)

system · January 23, 2024, 7:01am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.