1. The problem I’m having:
I’m having a lot of trouble setting up Caddy with Podman, on Fedora IoT. When I go to https://haddock.cc in my browser, it gives me a 523 error instead of the “Hello, world!” message I’m expecting. This is the output of curl -vL haddock.cc
* Trying 104.21.90.161:80...
* Connected to haddock.cc (104.21.90.161) port 80 (#0)
> GET / HTTP/1.1
> Host: haddock.cc
> User-Agent: curl/7.85.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Sat, 15 Apr 2023 22:09:43 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: max-age=3600
< Expires: Sat, 15 Apr 2023 23:09:43 GMT
< Location: https://haddock.cc/
< Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=syaIIZ70beUNSTsrufAAGj%2FPqZipdHAhRL%2BQKwt2MCOdTPqtp3X9A1XNs2MH3uVbranQIm2%2BZyy1Oktby7N3sHNVluvbyX%2B0jEWW8ZKI51ttVj%2BkNCLqJ%2FEIrvyq"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 7b8783b7bc8aeb5f-SEA
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<
* Ignoring the response-body
* Connection #0 to host haddock.cc left intact
* Clear auth, redirects to port from 80 to 443
* Issue another request to this URL: 'https://haddock.cc/'
* Trying 172.67.202.114:443...
* Connected to haddock.cc (172.67.202.114) port 443 (#1)
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Jun 2 00:00:00 2022 GMT
* expire date: Jun 1 23:59:59 2023 GMT
* subjectAltName: host "haddock.cc" matched cert's "haddock.cc"
* issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: haddock.cc]
* h2h3 [user-agent: curl/7.85.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x559375bc72e0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: haddock.cc
> user-agent: curl/7.85.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 523
< date: Sat, 15 Apr 2023 22:09:43 GMT
< content-length: 0
< cache-control: no-store, no-cache
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eaZAkJpVT1acU6Hl%2FJ3qDSZ9c9DoxdMePYGD%2FJ4RPQ9zSvlJMPBBPW6wPzEyCTyCAcitRg5z3t0qAVA8G%2BwSp9FjetkVPFA61XnhTMcm2JEBgRDmn%2FvZEueSs422"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 7b8783b84d20c77a-SEA
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<
* Connection #1 to host haddock.cc left intact
I tried setting SELinux to permissive mode, but that didn’t help.
2. Error messages and/or full log output:
3. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
4. How I installed and ran Caddy:
Through Podman. I have a custom Dockerfile, so I can use the Cloudflare plugin:
FROM caddy:builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/cloudflare
FROM caddy:latest
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
a. System environment:
OS: Fedora IoT v37.20230413.0
Podman version: 4.4.4
b. Command:
podman run -d --restart=unless-stopped -p 80:80,443:443 -v $PWD/Caddyfile:/etc/caddy/Caddyfile:Z --env-file=.env --name=caddy caddy
d. My complete Caddy config:
(auth) {
forward_auth authelia:9091 {
uri /api/verify?rd=https://auth.haddock.cc
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
}
{
# Global configuration
acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
email {env.PERSONAL_EMAIL}
debug
}
haddock.cc {
respond "HELLO WORLD"
}