1. Output of caddy version
:
v2.5.2 h1:eCJdLyEyAGzuQTa5Mh3gETnYWDClo1LjtQm2q9RNZrs=
2. How I run Caddy:
Under docker and listening on :80 and :443
a. System environment:
Docker on debian
b. Command:
docker restart caddy
c. Service/unit/compose file:
version: '3.9'
services:
caddy:
image: 'caddy:latest'
container_name: 'caddy'
restart: always
ports:
- '80:80'
- '443:443'
volumes:
- './Caddyfile:/etc/caddy/Caddyfile'
- './caddy_config:/config'
- './caddy_data:/data'
networks:
- webgateway
networks:
webgateway:
external: true
d. My complete Caddy config:
{
debug
}
http://glpi-test.exemple.fr {
handle /plugins/fusioninventory/ {
rewrite * /front/inventory.php
reverse_proxy http://glpi
}
handle {
redir https://glpi-test.exemple.fr{uri} 308
}
}
https://glpi-test.exemple.fr {
reverse_proxy glpi
rewrite /plugins/fusioninventory/ /front/inventory.php
encode gzip
tls internal
}
3. The problem I’m having:
I’m having this message also the lifetime is only for 12h.
4. Error messages and/or full log output:
Example of some logs when I restart caddy container.
{"level":"info","ts":1662022544.543957,"logger":"admin","msg":"stopped previous server","address":"tcp/localhost:2019"}
{"level":"info","ts":1662022544.5439808,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
{"level":"info","ts":1662022545.5124028,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1662022545.5134559,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":14}
{"level":"info","ts":1662022545.5142753,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1662022545.5145247,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0005540e0"}
{"level":"info","ts":1662022545.5149813,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1662022545.5149958,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"warn","ts":1662022545.5150056,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
{"level":"info","ts":1662022545.528168,"logger":"pki.ca.local","msg":"root certificate is already trusted by system","path":"storage:pki/authorities/local/root.crt"}
{"level":"debug","ts":1662022545.5283196,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
{"level":"debug","ts":1662022545.5283628,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
{"level":"info","ts":1662022545.5283701,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["glpi-test.exemple.fr"]}
{"level":"info","ts":1662022545.528363,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1662022545.5289001,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"warn","ts":1662022545.5289724,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [glpi-test.exemple.fr]: no OCSP server specified in certificate","identifiers":["glpi-test.exemple.fr"]}
{"level":"debug","ts":1662022545.5289843,"logger":"tls.cache","msg":"added certificate to cache","subjects":["glpi-test.exemple.fr"],"expiration":1662042220,"managed":true,"issuer_key":"local","hash":"cb24c530f3c0dbec5455ee3e72c001675a1f9df749f21eca8ce4527861412a93","cache_size":1,"cache_capacity":10000}
{"level":"info","ts":1662022545.5290875,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1662022545.5290964,"msg":"serving initial configuration"}
{"level":"info","ts":1662022880.5496376,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
{"level":"warn","ts":1662022880.5497053,"msg":"exiting; byeee!! đź‘‹","signal":"SIGTERM"}
{"level":"info","ts":1662022880.5525012,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc0005540e0"}
{"level":"info","ts":1662022880.5538657,"logger":"admin","msg":"stopped previous server","address":"tcp/localhost:2019"}
{"level":"info","ts":1662022880.5539005,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}
{"level":"info","ts":1662022881.5112975,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1662022881.512584,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":14}
{"level":"info","ts":1662022881.513337,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1662022881.5135903,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00037e540"}
{"level":"info","ts":1662022881.5138211,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1662022881.513833,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"warn","ts":1662022881.513843,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
{"level":"info","ts":1662022881.5280483,"logger":"pki.ca.local","msg":"root certificate is already trusted by system","path":"storage:pki/authorities/local/root.crt"}
{"level":"info","ts":1662022881.528191,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"debug","ts":1662022881.528245,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
{"level":"debug","ts":1662022881.528304,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
{"level":"info","ts":1662022881.5283103,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["glpi-test.exemple.fr"]}
{"level":"warn","ts":1662022881.5286298,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [glpi-test.exemple.fr]: no OCSP server specified in certificate","identifiers":["glpi-test.exemple.fr"]}
{"level":"debug","ts":1662022881.5286417,"logger":"tls.cache","msg":"added certificate to cache","subjects":["glpi-test.exemple.fr"],"expiration":1662042220,"managed":true,"issuer_key":"local","hash":"cb24c530f3c0dbec5455ee3e72c001675a1f9df749f21eca8ce4527861412a93","cache_size":1,"cache_capacity":10000}
{"level":"info","ts":1662022881.5287273,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1662022881.528807,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1662022881.5288162,"msg":"serving initial configuration"}
5. What I already tried:
I tried to change lifetime of the certificat, put email address, path of the certificat with “/data/caddy/pki/authorities/local/*” key and crt… But it doesn’t work. So, I tried a lot of things lol.