1. Caddy version (caddy version
):
Caddy 2.0.0h1
2. How I run Caddy:
Caddy as a reverse Proxy
a. System environment:
Debian Jessie
b. Command:
caddy run --watch
c. Service/unit/compose file:
systemd
d. My complete Caddyfile or JSON config:
########V1 Caddyfile########
mesh.mydomain.com {
proxy / 192.168.1.63:443 {
transparent
websocket
}
tls {
protocols tls1.2
}
timeouts none
}
########################
###########Full Caddyfile V2#################
shadowcontrol.mydomain.com {
reverse_proxy 192.168.1.230:80
}
nextcloud.mydomain.com {
reverse_proxy 192.168.1.95:80
}
mail.mydomain.com, secure.mydomain.com, backup.mydomain.com, helpdesk.mydomain.com, monitor.mydomain.com, remote.mydomain.com, traveler.mydomain.com,
reverse_proxy 192.168.1.1:80
}
community.mydomain.com {
reverse_proxy 192.168.1.17:80
}
backup2.mydomain.com {
reverse_proxy 192.168.1.21
}
backup3.mydomain.com {
reverse_proxy 192.168.1.65
}
wordpress.mydomain.com {
reverse_proxy 192.168.1.75:80
}
mesh.mydomain.com {
reverse_proxy 192.168.1.63:443
tls {
protocols tls1.2
}
}
##############################
3. The problem I’m having:
The last directive (mesh.mydomain.com) is producing Handshake errors
4. Error messages and/or full log output:
“proto_mutual”: true, “server_name”: “mesh.mydomain.com”}}, “duration”: 0.001492795, “status”: 502, “err_id”: “jisht93ij”, “err_trace”: “reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:380)”}
2020/05/14 16:25:26.119 ERROR http.log.error tls: first record does not look like a TLS handshake {“request”: {“method”: “GET”, “uri”: “/agent.ashx”, “proto”: “HTTP/1.1”, “remote_addr”: “96.89.67.73:60421”, “host”: “mesh.mydomain.com”, “headers”: {“Upgrade”: [“websocket”], “Connection”: [“Upgrade”], “Sec-Websocket-Key”: [“YSIgONIoHhLrHhZHbmVFR1==”], “Sec-Websocket-Version”: [“13”]}, “tls”: {“resumed”: false, “version”: 772, “ciphersuite”: 4867, “proto”: “”, “proto_mutual”: true, “server_name”: “mesh.mydomain.com”}}, “duration”: 0.001672582, “status”: 502, “err_id”: “kjap0eegz”, “err_trace”: “reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:380)”}
2020/05/14 12:25:27 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/4582566992
2020/05/14 12:25:27 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/4582566992
2020/05/14 12:25:27 [ERROR] error: one or more domains had a problem:
5. What I already tried:
Googled and forum searches for examples of other working Caddyfiles in V2 , but I’m pretty sure my syntax is wrong. I think this may have something to do with http transport or headers or something, but I’m confused on if I need that or not.
6. Links to relevant resources:
This scenario is to connect to a MeshCentral Server, where TLS offloading to Caddy was previously working in V1. It was difficult to get working, but the solution was documented here: