1. Caddy version (caddy version
):
> command docker exec -it caddy caddy version
v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=
2. How I run Caddy:
On Raspberry Pi 3 with docker.
a. System environment:
Raspberry pi 3, docker,
b. Command:
docker-compose -f caddy/docker-compose.yml up -d
c. Service/unit/compose file:
version: "3.8"
services:
caddy:
image: caddy
container_name: caddy
hostname: caddy
env_file: ../.env
restart: unless-stopped
ports:
- "80:80"
- "443:443"
environment:
- DOMAIN
- DOMAIN_LOCAL
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./data:/data
- ./config:/config
networks:
default:
external:
name: $NETWORK
d. My complete Caddyfile or JSON config:
{
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
# External
portainer.{$DOMAIN} {
reverse_proxy {$IP_PORTAINER}:9000
}
home.{$DOMAIN} {
reverse_proxy {$IP_HOMEASSISTANT}:8123
}
# Internal
portainer.{$DOMAIN_LOCAL} {
tls internal
reverse_proxy {$IP_PORTAINER}:9000
}
home.{$DOMAIN_LOCAL} {
tls internal
reverse_proxy {$IP_HOMEASSISTANT}:8123
}
3. The problem I’m having:
I want to access some applications running on local home servers from devices on my network. I have a DNS server set up with custom entries for home.localdomain
and portainer.localdomain
and they both go to the machine running my caddy reverse proxy.
The reverse proxy is working great when i access them externally via their real domain names home.MYDOMAIN.net
and portainer.MYDOMAIN.net
, presumably because i have REAL SSL certificates that caddy got for me from Let’s Encrypt.
When i navigate to home.localdomain
or portainer.localdomain
on my macbook my brower (chrome) gives me ERR_SSL_PROTOCOL_ERROR
.
4. Error messages and/or full log output:
{"level":"info","ts":1603668418.2922635,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1603668418.316451,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1603668418.3181965,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x30c6dc0"}
{"level":"info","ts":1603668418.3364673,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1603668418.3367465,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"warn","ts":1603668418.8076007,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
2020/10/25 23:26:58 Warning: "certutil" is not available, install "certutil" with "apt install libnss3-tools" or "yum install nss-tools" and try again
2020/10/25 23:26:58 define JAVA_HOME environment variable to use the Java trust
2020/10/25 23:26:59 certificate installed properly in linux trusts
{"level":"info","ts":1603668419.18305,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["portainer.MYDOMAIN.net","home.MYDOMAIN.net","portainer.localdomain","home.localdomain"]}
{"level":"info","ts":1603668419.2108123,"logger":"tls","msg":"cleaned up storage units"}
{"level":"warn","ts":1603668419.223545,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [portainer.localdomain]: no OCSP server specified in certificate"}
{"level":"warn","ts":1603668419.2345653,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [home.localdomain]: no OCSP server specified in certificate"}
{"level":"info","ts":1603668419.2359545,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1603668419.236042,"msg":"serving initial configuration"}
5. What I already tried:
I was following this guide:
to get them working using tls internal
I tried uncommenting the line my caddyfile
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
but it didn’t help, i still get the same error. To be honest I don’t know what this line is for, i just kept it in from a tutorial (that also had it commented out). I assume it’s telling Caddy what to use to sign certificates but idk why the tutorial i used kept it commented out.
I tried using tls self_signed
but that looks like its depcrecated.