1. Caddy version (caddy version
):
v2.2.2 h1:Ha3bvEvkb/GLGEX648/qI5zTt6uJCnfQhZHmZBxhzDY=
2. How I run Caddy:
installed “apt install caddy”
through systemctl command.
a. System environment:
Ubuntu 20.04.1 LTS virtualised on vmware esxi
b. Command:
systemctl run caddy
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
{
debug
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
www.theg.vg
{
reverse_proxy 192.168.10.200:80
}
3. The problem I’m having:
i’m debuting completely on Caddy server.
i’m trying to redirect my personnal website running on Synology to caddy server, both running on the same network at home.
simple reverse proxy to allow external access to the url www.theg.vg → to get the webpage from outside my home.
FW and NAT is working. but once i try to connect it time out on 80 and in port 443 it got a TLS handshake error
4. Error messages and/or full log output:
Dec 13 18:01:16 celestine systemd[1]: caddy.service: Succeeded.
Dec 13 18:01:16 celestine systemd[1]: Stopped Caddy.
Dec 13 18:01:16 celestine systemd[1]: Started Caddy.
Dec 13 18:01:16 celestine caddy[13759]: caddy.HomeDir=/var/lib/caddy
Dec 13 18:01:16 celestine caddy[13759]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Dec 13 18:01:16 celestine caddy[13759]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Dec 13 18:01:16 celestine caddy[13759]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Dec 13 18:01:16 celestine caddy[13759]: caddy.Version=v2.2.2
Dec 13 18:01:16 celestine caddy[13759]: runtime.GOOS=linux
Dec 13 18:01:16 celestine caddy[13759]: runtime.GOARCH=amd64
Dec 13 18:01:16 celestine caddy[13759]: runtime.Compiler=gc
Dec 13 18:01:16 celestine caddy[13759]: runtime.NumCPU=1
Dec 13 18:01:16 celestine caddy[13759]: runtime.GOMAXPROCS=1
Dec 13 18:01:16 celestine caddy[13759]: runtime.Version=go1.15.5
Dec 13 18:01:16 celestine caddy[13759]: os.Getwd=/
Dec 13 18:01:16 celestine caddy[13759]: LANG=en_US.UTF-8
Dec 13 18:01:16 celestine caddy[13759]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Dec 13 18:01:16 celestine caddy[13759]: HOME=/var/lib/caddy
Dec 13 18:01:16 celestine caddy[13759]: LOGNAME=caddy
Dec 13 18:01:16 celestine caddy[13759]: USER=caddy
Dec 13 18:01:16 celestine caddy[13759]: INVOCATION_ID=3083c7103b9c484abc6c55504cb2e6cb
Dec 13 18:01:16 celestine caddy[13759]: JOURNAL_STREAM=9:63884
Dec 13 18:01:16 celestine caddy[13759]: {"level":"info","ts":1607882476.294547,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Dec 13 18:01:16 celestine caddy[13759]: {"level":"info","ts":1607882476.2963278,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
Dec 13 18:01:16 celestine caddy[13759]: {"level":"debug","ts":1607882476.297375,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
Dec 13 18:01:16 celestine caddy[13759]: {"level":"info","ts":1607882476.2981422,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Dec 13 18:01:16 celestine caddy[13759]: {"level":"info","ts":1607882476.2982664,"msg":"serving initial configuration"}
Dec 13 18:01:16 celestine caddy[13759]: {"level":"info","ts":1607882476.298512,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0004783f0"}
Dec 13 18:01:16 celestine caddy[13759]: {"level":"info","ts":1607882476.2991412,"logger":"tls","msg":"cleaned up storage units"}
Dec 13 18:02:19 celestine caddy[13759]: {"level":"debug","ts":1607882539.9893303,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.168.10.100:35878: no certificate available for 'www.theg.vg'"}
and the test
PS C:\> Invoke-WebRequest -Uri http://www.theg.vg
Invoke-WebRequest : Impossible de se connecter au serveur distant
Au caractère Ligne:1 : 1
+ Invoke-WebRequest -Uri http://www.theg.vg
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation : (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
PS C:\> Invoke-WebRequest -Uri https://www.theg.vg
Invoke-WebRequest : La demande a été abandonnée : Impossible de créer un canal sécurisé SSL/TLS.
Au caractère Ligne:1 : 1
+ Invoke-WebRequest -Uri https://www.theg.vg
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation : (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
5. What I already tried:
i checked if the certificate is present,and it is:
root@celestine:/var/lib/caddy/.local/share/caddy/certificates/acme-staging-v02.api.letsencrypt.org-directory/www.theg.vg# ls -la
total 20
drwx------ 2 caddy caddy 4096 Dec 12 23:11 .
drwx------ 3 caddy caddy 4096 Dec 13 17:01 ..
-rw------- 1 caddy caddy 3262 Dec 12 23:11 www.theg.vg.crt
-rw------- 1 caddy caddy 158 Dec 12 23:11 www.theg.vg.json
-rw------- 1 caddy caddy 227 Dec 12 23:11 www.theg.vg.key
i tested the Caddyfile to use only http/80 to test the chain and it work, but once i move to https it failed
{
debug
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
auto_https off
}
http://www.theg.vg
{
reverse_proxy 192.168.10.200:80
}
thanks for your help.