I have my own CA certificate and from it i create leaf certificates. This works on nginx proxy. I did some tests docker setup with caddy as proxy and nginx as upstream server. It worked too (caddy proxied connection when nginx cert was singed with cert pointed in tls_trusted_ca_certs, and didn’t when i used some other certs)
1. The problem I’m having:
I created leaf certs for my IPMI device. I uploaded them there. When i uncomment tls_trusted_ca_certs
with CA cert i used to sign this cert it just gives 502 without any good track in log. If i switch to tls_insecure_skip_verify
it works fine again.
Sidenote: i could not use nginx proxy to HTTPS at all with this IPMI panel. Only HTTP worked fine. The last update of this IPMI firmware was like from end of 2016.
2. Error messages and/or full log output:
(last parts of it)
{"level":"error","ts":1709230777.297701,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"32872","client_ip":"192.168.20.31","proto":"HTTP/2.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/","headers":{"Cookie":[],"Cache-Control":["max-age=0"],"Upgrade-Insecure-Requests":["1"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Sec-Fetch-User":["?1"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Sec-Fetch-Mode":["navigate"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Gpc":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":0.593591133,"size":0,"status":502,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
{"level":"info","ts":1709230898.2379928,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"43294","client_ip":"192.168.20.31","proto":"HTTP/1.1","method":"GET","host":"ipmi.domanweb.ovh","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Accept-Encoding":["gzip, deflate"],"Accept-Language":["en-US,en;q=0.9"],"Connection":["keep-alive"],"Upgrade-Insecure-Requests":["1"]}},"bytes_read":0,"user_id":"","duration":0.000040968,"size":0,"status":308,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Connection":["close"],"Location":["https://ipmi.domanweb.ovh/"]}}
{"level":"error","ts":1709230930.5117965,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"36894","client_ip":"192.168.20.31","proto":"HTTP/2.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/","headers":{"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Accept-Language":["en-US,en;q=0.9"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Google Chrome\";v=\"122\""]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":0.592870507,"size":0,"status":502,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
{"level":"info","ts":1709231733.833617,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"35446","client_ip":"192.168.20.31","proto":"HTTP/2.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/","headers":{"Sec-Fetch-Dest":["document"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Ch-Ua-Mobile":["?0"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Sec-Gpc":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":0.973773181,"size":3283,"status":200,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Content-Length":["3283"],"Content-Type":["text/html"],"Date":["Thu, 29 Feb 2024 18:35:33 GMT"]}}
{"level":"info","ts":1709231735.1101668,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"35446","client_ip":"192.168.20.31","proto":"HTTP/2.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/css/basic.css","headers":{"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Sec-Fetch-Mode":["no-cors"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Dest":["style"],"Referer":["https://ipmi.domanweb.ovh/"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept":["text/css,*/*;q=0.1"],"Sec-Gpc":["1"],"Accept-Language":["en-US,en;q=0.5"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":1.241764584,"size":3416,"status":200,"resp_headers":{"Date":["Thu, 29 Feb 2024 18:35:33 GMT"],"Content-Type":["text/css"],"Accept-Ranges":["bytes"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Etag":["\"227435816\""],"Last-Modified":["Thu, 01 Jan 1970 00:00:00 GMT"],"Content-Length":["3416"]}}
{"level":"info","ts":1709231735.4065282,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"35446","client_ip":"192.168.20.31","proto":"HTTP/2.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/images/logo.gif","headers":{"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept-Language":["en-US,en;q=0.5"],"Referer":["https://ipmi.domanweb.ovh/"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"Sec-Gpc":["1"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Dest":["image"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":1.537926214,"size":2562,"status":200,"resp_headers":{"Content-Length":["2562"],"Date":["Thu, 29 Feb 2024 18:35:35 GMT"],"Content-Type":["image/gif"],"Accept-Ranges":["bytes"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Etag":["\"2091750424\""],"Last-Modified":["Thu, 01 Jan 1970 00:00:00 GMT"]}}
{"level":"info","ts":1709231735.5386176,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"35446","client_ip":"192.168.20.31","proto":"HTTP/2.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/js/utils.js","headers":{"Accept":["*/*"],"Sec-Gpc":["1"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Mode":["no-cors"],"Referer":["https://ipmi.domanweb.ovh/"],"Accept-Encoding":["gzip, deflate, br"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Dest":["script"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":1.670186581,"size":28761,"status":200,"resp_headers":{"Date":["Thu, 29 Feb 2024 18:35:35 GMT"],"Content-Type":["text/javascript"],"Accept-Ranges":["bytes"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Etag":["\"1804155033\""],"Last-Modified":["Thu, 01 Jan 1970 00:00:00 GMT"],"Content-Length":["28761"]}}
{"level":"info","ts":1709231735.8100681,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"35446","client_ip":"192.168.20.31","proto":"HTTP/2.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/js/prototype.js","headers":{"Sec-Fetch-Mode":["no-cors"],"Accept-Encoding":["gzip, deflate, br"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Sec-Fetch-Site":["same-origin"],"Cookie":[],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Dest":["script"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept":["*/*"],"Sec-Gpc":["1"],"Accept-Language":["en-US,en;q=0.5"],"Referer":["https://ipmi.domanweb.ovh/"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":0.263511202,"size":73774,"status":200,"resp_headers":{"Date":["Thu, 29 Feb 2024 18:35:35 GMT"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Content-Type":["text/javascript"],"Accept-Ranges":["bytes"],"Etag":["\"3918070424\""],"Last-Modified":["Thu, 01 Jan 1970 00:00:00 GMT"],"Content-Length":["73774"]}}
{"level":"info","ts":1709231736.1468704,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"35446","client_ip":"192.168.20.31","proto":"HTTP/2.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/js/lang/English/lang_str.js","headers":{"Referer":["https://ipmi.domanweb.ovh/"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":[],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Dest":["script"],"Sec-Fetch-Mode":["no-cors"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Sec-Gpc":["1"],"Sec-Fetch-Site":["same-origin"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Accept":["*/*"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Sec-Ch-Ua-Mobile":["?0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":0.598225507,"size":92281,"status":200,"resp_headers":{"Date":["Thu, 29 Feb 2024 18:35:35 GMT"],"Content-Type":["text/javascript"],"Accept-Ranges":["bytes"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Etag":["\"1072304795\""],"Last-Modified":["Thu, 01 Jan 1970 00:00:00 GMT"],"Content-Length":["92281"]}}
{"level":"info","ts":1709231736.4259777,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"35446","client_ip":"192.168.20.31","proto":"HTTP/2.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Cookie":[],"Sec-Gpc":["1"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Dest":["image"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"Sec-Fetch-Mode":["no-cors"],"Sec-Ch-Ua-Mobile":["?0"],"Referer":["https://ipmi.domanweb.ovh/"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":0.261844011,"size":3283,"status":200,"resp_headers":{"Content-Length":["3283"],"Content-Type":["text/html"],"Date":["Thu, 29 Feb 2024 18:35:36 GMT"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
{"level":"info","ts":1709231831.5158,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"42266","client_ip":"192.168.20.31","proto":"HTTP/2.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/","headers":{"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Gpc":["1"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":0.977947975,"size":3283,"status":200,"resp_headers":{"Alt-Svc":["h3=\":443\"; ma=2592000"],"Content-Length":["3283"],"Content-Type":["text/html"],"Date":["Thu, 29 Feb 2024 18:37:11 GMT"],"Server":["Caddy"]}}
{"level":"info","ts":1709231832.7599049,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"42266","client_ip":"192.168.20.31","proto":"HTTP/2.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/css/basic.css","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Accept":["text/css,*/*;q=0.1"],"Sec-Gpc":["1"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Dest":["style"],"Referer":["https://ipmi.domanweb.ovh/"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Site":["same-origin"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":1.208088136,"size":3416,"status":200,"resp_headers":{"Alt-Svc":["h3=\":443\"; ma=2592000"],"Last-Modified":["Thu, 01 Jan 1970 00:00:00 GMT"],"Content-Length":["3416"],"Date":["Thu, 29 Feb 2024 18:37:11 GMT"],"Content-Type":["text/css"],"Accept-Ranges":["bytes"],"Etag":["\"227435816\""],"Server":["Caddy"]}}
{"level":"info","ts":1709231833.0036688,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"42266","client_ip":"192.168.20.31","proto":"HTTP/2.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/images/logo.gif","headers":{"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Dest":["image"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"Sec-Gpc":["1"],"Referer":["https://ipmi.domanweb.ovh/"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":1.451468659,"size":2562,"status":200,"resp_headers":{"Accept-Ranges":["bytes"],"Etag":["\"2091750424\""],"Last-Modified":["Thu, 01 Jan 1970 00:00:00 GMT"],"Content-Length":["2562"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Date":["Thu, 29 Feb 2024 18:37:12 GMT"],"Content-Type":["image/gif"]}}
{"level":"info","ts":1709231833.079379,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"42266","client_ip":"192.168.20.31","proto":"HTTP/2.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/js/utils.js","headers":{"Referer":["https://ipmi.domanweb.ovh/"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Sec-Gpc":["1"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Dest":["script"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept":["*/*"],"Sec-Fetch-Site":["same-origin"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":1.527404537,"size":28761,"status":200,"resp_headers":{"Last-Modified":["Thu, 01 Jan 1970 00:00:00 GMT"],"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Content-Length":["28761"],"Date":["Thu, 29 Feb 2024 18:37:12 GMT"],"Content-Type":["text/javascript"],"Accept-Ranges":["bytes"],"Etag":["\"1804155033\""]}}
{"level":"info","ts":1709231833.2723022,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"50524","client_ip":"192.168.20.31","proto":"HTTP/3.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/js/prototype.js","headers":{"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Sec-Ch-Ua-Mobile":["?0"],"Cookie":[],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Sec-Gpc":["1"],"Referer":["https://ipmi.domanweb.ovh/"],"Accept":["*/*"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Dest":["script"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":0.187695637,"size":73774,"status":200,"resp_headers":{"Server":["Caddy"],"Content-Length":["73774"],"Date":["Thu, 29 Feb 2024 18:37:13 GMT"],"Content-Type":["text/javascript"],"Accept-Ranges":["bytes"],"Etag":["\"3918070424\""],"Last-Modified":["Thu, 01 Jan 1970 00:00:00 GMT"]}}
{"level":"info","ts":1709231833.508555,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"50524","client_ip":"192.168.20.31","proto":"HTTP/3.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/js/lang/English/lang_str.js","headers":{"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Dest":["script"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Sec-Gpc":["1"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept":["*/*"],"Referer":["https://ipmi.domanweb.ovh/"],"Cookie":[]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":0.422315348,"size":92281,"status":200,"resp_headers":{"Content-Type":["text/javascript"],"Accept-Ranges":["bytes"],"Etag":["\"1072304795\""],"Last-Modified":["Thu, 01 Jan 1970 00:00:00 GMT"],"Content-Length":["92281"],"Date":["Thu, 29 Feb 2024 18:37:13 GMT"],"Server":["Caddy"]}}
{"level":"info","ts":1709231833.7801886,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"50524","client_ip":"192.168.20.31","proto":"HTTP/3.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/","headers":{"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Sec-Gpc":["1"],"Sec-Fetch-Dest":["image"],"Referer":["https://ipmi.domanweb.ovh/"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Sec-Fetch-Site":["same-origin"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Mode":["no-cors"],"Cookie":[],"Sec-Ch-Ua-Mobile":["?0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":0.256876211,"size":3283,"status":200,"resp_headers":{"Content-Type":["text/html"],"Date":["Thu, 29 Feb 2024 18:37:13 GMT"],"Server":["Caddy"],"Content-Length":["3283"]}}
{"level":"error","ts":1709231881.8017359,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"40704","client_ip":"192.168.20.31","proto":"HTTP/3.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/","headers":{"Cache-Control":["max-age=0"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Sec-Fetch-Site":["none"],"Upgrade-Insecure-Requests":["1"],"Sec-Gpc":["1"],"Accept-Language":["en-US,en;q=0.5"],"Cookie":[],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Linux\""],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Sec-Fetch-User":["?1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":0.597591393,"size":0,"status":502,"resp_headers":{"Date":["Thu, 29 Feb 2024 18:38:01 GMT"],"Server":["Caddy"]}}
{"level":"error","ts":1709231890.418403,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_ip":"192.168.20.31","remote_port":"40704","client_ip":"192.168.20.31","proto":"HTTP/3.0","method":"GET","host":"ipmi.domanweb.ovh","uri":"/","headers":{"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Upgrade-Insecure-Requests":["1"],"Sec-Ch-Ua":["\"Chromium\";v=\"122\", \"Not(A:Brand\";v=\"24\", \"Brave\";v=\"122\""],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Cookie":[],"Cache-Control":["max-age=0"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"],"Sec-Gpc":["1"],"Sec-Ch-Ua-Mobile":["?0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"ipmi.domanweb.ovh"}},"bytes_read":0,"user_id":"","duration":0.597187352,"size":0,"status":502,"resp_headers":{"Server":["Caddy"],"Date":["Thu, 29 Feb 2024 18:38:10 GMT"]}}
3. Caddy version:
2.7.6
4. How I installed and ran Caddy:
Docker compose
a. System environment:
Ubuntu 22.04, Docker version 24.0.7, build afdd53b
b. Command:
docker compose up -d
c. Service/unit/compose file:
version: "3.9"
services:
caddy:
container_name: caddy
# https://hub.docker.com/_/caddy
image: caddy-local:${DOCKER_WEBPROXY_VERSION}
build:
context: .
dockerfile: docker/Dockerfile
args:
- DOCKER_WEBPROXY_VERSION
cap_add:
- NET_ADMIN
environment:
- CLOUDFLARE_API_TOKEN
- ACME_AGREE=true
volumes:
- $PWD/src/Caddyfile:/etc/caddy/Caddyfile:ro
- $PWD/src/enabled:/etc/caddy/enabled:ro
- $PWD/src/imports:/etc/caddy/imports:ro
- htpasswd-volume:/etc/caddy/passwords:ro
# =================
- ${DOCKER_VOLUME_CADDY_DATA}:/data
- ${DOCKER_VOLUME_CADDY_CONFIG}:/config
- ${DOCKER_VOLUME_CADDY_SSL}:/etc/caddy/ssl:ro
# mkdir -p volumes/logs && chmod g+w volumes/logs && sudo chown 101:1000 volumes/logs
- ${DOCKER_VOLUME_CADDY_VHOST_LOGS}:/var/log/caddy
ports:
- "80:80" # TODO: set it to IP and use caddy only for closed services?
- "443:443"
- "443:443/udp"
restart: always
volumes:
htpasswd-volume:
# https://caddy.community/t/how-to-guide-caddy-v2-cloudflare-dns-01-via-docker/8007
ARG DOCKER_WEBPROXY_VERSION
FROM caddy:builder AS builder
RUN caddy-builder github.com/caddy-dns/cloudflare
FROM caddy:${DOCKER_WEBPROXY_VERSION}
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
d. My complete Caddy config:
Caddyfile
import /etc/caddy/imports
import /etc/caddy/enabled/*
/etc/caddy/enabled/ipmi.domanweb.ovh
ipmi.domanweb.ovh:443 {
log {
output file /var/log/caddy/ipmi.domanweb.ovh.log
}
# import ssl_self_signed
import ssl_letsencrypt_domanweb_ovh
# you may use multiple imports
@denied not {
import v20_ips
}
respond @denied "Access Denied" 403
reverse_proxy {
to 192.168.20.13:443
transport http {
tls
# tls_insecure_skip_verify
import proxy_verify
}
}
}
/etc/caddy/imports
(v5_ips) {
remote_ip 192.168.5.0/24
}
(v10_ips) {
remote_ip 192.168.10.0/24
}
(v20_ips) {
remote_ip 192.168.20.0/24
}
(ssl_self_signed) {
tls internal
}
(proxy_verify) {
tls_trusted_ca_certs /etc/caddy/ssl/domanCA.pem
}
(ssl_letsencrypt_domanweb_ovh) {
tls domanpanda@gmail.com {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
}
leaf certificate on upstream server
# openssl x509 -in $LEAF_FILE_PATH.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:5c:92:8a:69:0f:0b:c9:32:a9:d3:2f:cd:22:0d:10:66:2e:81:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = PL, ST = Lubelskie, L = Lublin, O = Siec Homelab, CN = Siec Homelab
Validity
Not Before: Feb 29 17:53:43 2024 GMT
Not After : Jul 13 17:53:43 2025 GMT
Subject: C = PL, ST = Lubelskie, L = Lublin, O = Doman Corp, OU = Team Domana, CN = ipmi.domanweb.ovh
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b6:3e:00:45:71:d3:fc:58:f7:43:95:24:40:6c:
95:7b:aa:fa:15:9a:eb:5e:4e:22:e0:33:a0:b9:79:
1a:54:95:ff:e5:7d:f5:1c:dc:10:10:4a:35:f1:28:
56:24:fa:56:30:82:17:63:e1:ae:5e:c9:b4:fa:0c:
b4:fc:f7:2d:1a:db:d4:e6:e7:a8:d3:41:77:e1:c9:
89:2a:62:d5:f5:2b:fb:0a:5a:85:dd:f2:d2:08:be:
d4:41:8f:84:4e:60:5b:d0:ca:aa:d1:93:53:76:13:
9c:2f:b9:cc:93:18:be:96:99:b7:12:db:2e:1d:d9:
1d:af:3b:40:0a:5f:d1:00:93:a4:41:9e:db:27:a0:
91:ec:47:ff:53:d1:a8:b9:c0:06:ed:af:0f:42:0d:
7c:55:e2:e0:4d:7d:12:7b:c2:41:a7:64:e2:6e:af:
56:84:aa:10:b5:8f:ef:69:be:38:bf:02:35:81:9e:
a0:a6:fb:5c:c3:b5:d7:bb:df:fb:97:94:56:1b:fd:
b5:80:38:53:fc:bd:52:0d:01:9d:31:84:ab:52:f3:
ff:aa:42:1a:23:1c:0f:dd:f0:e2:5a:72:d8:cc:41:
a3:28:6e:e2:0e:37:53:e3:54:12:be:c9:61:c4:3b:
06:de:dd:cb:4f:7a:cd:1f:66:5c:e3:8f:8e:94:34:
59:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:ipmi.domanweb.lan, DNS:192.168.20.13
X509v3 Subject Key Identifier:
3D:8D:A2:14:F6:BE:34:94:9B:01:6A:72:40:71:C5:2D:89:55:83:65
X509v3 Authority Key Identifier:
4C:AA:A1:CD:D2:13:74:E5:7A:D3:9C:38:7E:DC:86:CD:3B:D2:3C:1C
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
98:5d:1f:a5:22:91:c4:8d:1c:c0:8b:a7:85:19:07:44:f7:d6:
e6:52:4f:cc:b2:7c:00:d6:7f:9c:74:e1:06:7d:dd:24:b2:88:
dc:f1:9a:99:cb:d3:da:3a:76:6d:9f:72:a0:d6:cc:5b:80:d2:
d4:f5:3b:7a:1a:50:18:de:32:cc:56:e7:98:5d:b7:70:c6:4d:
44:9c:a8:2a:f7:c8:44:a2:f8:d8:f9:d1:1a:e7:a1:7e:c0:1a:
f3:00:1d:17:1e:a9:56:34:eb:76:fa:4f:68:93:0d:45:57:22:
3e:8d:ae:fd:4a:9d:16:98:1e:5b:21:e2:88:aa:2a:8d:ba:8f:
13:ca:e4:ab:6d:8b:d5:9e:44:5b:b7:c6:88:9d:ff:2d:6c:8c:
fc:b6:8b:2c:27:b3:21:a9:ce:21:76:2d:15:1e:5f:6e:03:ab:
18:25:25:bf:e8:ec:30:9a:f1:24:38:6e:a7:8a:c4:93:18:a9:
5c:94:82:5d:c5:05:f1:8d:26:af:69:f6:89:1b:bc:5f:b7:cf:
34:12:7f:53:23:d9:59:98:70:86:7d:57:d2:76:b9:7d:53:97:
0e:65:ea:d6:7b:42:b6:21:63:0d:ac:a4:e9:f4:d2:be:10:db:
45:71:57:29:90:68:07:f6:de:04:3f:e4:78:e9:df:89:38:92:
17:a2:22:a4:47:4a:93:28:04:fe:49:9e:12:80:6b:bc:78:87:
cf:0c:62:b2:32:39:93:85:69:1b:a4:e9:00:a1:91:d4:76:47:
4d:1c:e4:ab:e7:82:2f:6a:8a:e7:c5:72:e0:f4:30:1f:34:da:
46:74:d5:a8:92:09:c8:51:d2:41:80:f4:bb:86:17:21:eb:7c:
35:8f:59:0c:a9:01:6f:45:5e:7f:b2:95:0b:0f:db:e0:89:a0:
fa:fc:57:c3:fe:45:fa:5c:9a:01:2e:ec:d8:22:ba:86:68:8d:
72:ee:6e:70:0a:2c:70:d8:1d:91:fb:b8:79:37:12:65:30:ee:
ad:30:d4:de:f8:a4:90:47:8d:a2:a0:63:b3:7d:28:40:46:9d:
79:ec:29:4e:62:f9:5e:af:70:32:ae:ea:c6:e1:d5:d9:b1:94:
08:66:57:b0:88:9d:f5:49:a4:8a:b5:9d:68:4c:88:43:c4:c2:
15:24:f6:cf:48:4d:a5:9e:0a:e8:27:c5:83:3b:87:17:5e:df:
c8:16:78:92:ec:c4:31:0b:81:00:c4:26:06:c2:97:ea:ce:a3:
f3:26:38:98:9a:37:b1:d3:9e:60:dd:7e:7b:dc:82:ff:cd:2c:
68:b0:21:48:7d:07:7c:bf:2c:39:6f:81:51:90:88:60:e9:cf:
19:61:35:14:98:20:23:68