Trouble connection to static file server with custom domain reliably

1. Caddy version (caddy version):

2.0.0 and 2.2.1

2. How I run Caddy:

linux service

a. System environment:

  • binary on Ubuntu 20.20 Hetzner vps
  • GoDaddy domain

b. Command:

systemctl start/stop/status caddy

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

cooksies.xyz {
  root * /etc/caddy/site
  encode zstd gzip
  templates
  file_server browse

  basicauth * {
    <USER_REDACTED> <HASH_REDACTED>
  }
}

3. The problem I’m having:

I can’t establish a reliable connection to the domain

Sometimes fails:

  • Chrom(e/ium): ERR_CONNECTION_CLOSED

Sometimes fails (more often than chrome)

  • Firefox: Error is: PR_END_OF_FILE_ERROR

Never works:

  • Safari: “Could not establish secure connection”

In the cases where https (and https forwarding) doesn’t work: when I enter the domain without https, I get a blank page.

4. Error messages and/or full log output:

Oct 16 10:49:13 ubuntu-2gb-nbg1-1 systemd[1]: Started Caddy.
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: caddy.HomeDir=/var/lib/caddy
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: runtime.GOOS=linux
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: runtime.GOARCH=amd64
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: runtime.Compiler=gc
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: runtime.NumCPU=1
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: runtime.GOMAXPROCS=1
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: runtime.Version=go1.14.2
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: os.Getwd=/
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: LANG=en_US.UTF-8
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: HOME=/var/lib/caddy
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: LOGNAME=caddy
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: USER=caddy
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: INVOCATION_ID=d651b0b20c0044008e6faddc1d1c638e
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: JOURNAL_STREAM=9:73229
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: {"level":"info","ts":1602838154.059734,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: {"level":"info","ts":1602838154.0619287,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["127.0.0.1:2019","localhost:2019","[::1]:2019"]}
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: {"level":"info","ts":1602838154.0623279,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: {"level":"info","ts":1602838154.062468,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: {"level":"info","ts":1602838154.0637488,"logger":"tls","msg":"cleaned up storage units"}
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: {"level":"info","ts":1602838154.0646257,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["cooksies.xyz"]}
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: 2020/10/16 10:49:14 [INFO][cache:0xc0006ae320] Started certificate maintenance routine
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: {"level":"info","ts":1602838154.0753667,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Oct 16 10:49:14 ubuntu-2gb-nbg1-1 caddy[9084]: {"level":"info","ts":1602838154.0755067,"msg":"serving initial configuration"}

5. What I already tried:

  • Different browsers: Chromium most stable, but still buggy
  • GoDaddy Domain panel shows no error
  • Github Issues searched for specific errors, no results
  • downgraded to 2.0.0, same behavior

Any help is appreciated, thanks. Does this sound like a DNS issue or caddy tls issue? Thanks!

Try without basicauth, does it work better?

There’s a known issue with Safari, it doesn’t seem to handle basic auth very well. See this thread: