Trouble setting up Caddy with Podman

1. The problem I’m having:

I’m having a lot of trouble setting up Caddy with Podman, on Fedora IoT. When I go to https://haddock.cc in my browser, it gives me a 523 error instead of the “Hello, world!” message I’m expecting. This is the output of curl -vL haddock.cc

*   Trying 104.21.90.161:80...
* Connected to haddock.cc (104.21.90.161) port 80 (#0)
> GET / HTTP/1.1
> Host: haddock.cc
> User-Agent: curl/7.85.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Sat, 15 Apr 2023 22:09:43 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: max-age=3600
< Expires: Sat, 15 Apr 2023 23:09:43 GMT
< Location: https://haddock.cc/
< Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=syaIIZ70beUNSTsrufAAGj%2FPqZipdHAhRL%2BQKwt2MCOdTPqtp3X9A1XNs2MH3uVbranQIm2%2BZyy1Oktby7N3sHNVluvbyX%2B0jEWW8ZKI51ttVj%2BkNCLqJ%2FEIrvyq"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 7b8783b7bc8aeb5f-SEA
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<
* Ignoring the response-body
* Connection #0 to host haddock.cc left intact
* Clear auth, redirects to port from 80 to 443
* Issue another request to this URL: 'https://haddock.cc/'
*   Trying 172.67.202.114:443...
* Connected to haddock.cc (172.67.202.114) port 443 (#1)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
*  start date: Jun  2 00:00:00 2022 GMT
*  expire date: Jun  1 23:59:59 2023 GMT
*  subjectAltName: host "haddock.cc" matched cert's "haddock.cc"
*  issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: haddock.cc]
* h2h3 [user-agent: curl/7.85.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x559375bc72e0)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: haddock.cc
> user-agent: curl/7.85.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 523
< date: Sat, 15 Apr 2023 22:09:43 GMT
< content-length: 0
< cache-control: no-store, no-cache
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eaZAkJpVT1acU6Hl%2FJ3qDSZ9c9DoxdMePYGD%2FJ4RPQ9zSvlJMPBBPW6wPzEyCTyCAcitRg5z3t0qAVA8G%2BwSp9FjetkVPFA61XnhTMcm2JEBgRDmn%2FvZEueSs422"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 7b8783b84d20c77a-SEA
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
<
* Connection #1 to host haddock.cc left intact

I tried setting SELinux to permissive mode, but that didn’t help.

2. Error messages and/or full log output:

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

Through Podman. I have a custom Dockerfile, so I can use the Cloudflare plugin:

FROM caddy:builder AS builder

RUN xcaddy build \
    --with github.com/caddy-dns/cloudflare

FROM caddy:latest

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

a. System environment:

OS: Fedora IoT v37.20230413.0
Podman version: 4.4.4

b. Command:

podman run -d --restart=unless-stopped -p 80:80,443:443 -v $PWD/Caddyfile:/etc/caddy/Caddyfile:Z --env-file=.env --name=caddy caddy

d. My complete Caddy config:

(auth) {
        forward_auth authelia:9091 {
                uri /api/verify?rd=https://auth.haddock.cc
                copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
        }
}

{
        # Global configuration
        acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
        email {env.PERSONAL_EMAIL}
        debug
}

haddock.cc {
        respond "HELLO WORLD"
}

Is that correct syntax? I don’t think I’ve ever seen that.

523 comes from Cloudflare. It means it wasn’t able to connect to your server. Make sure your DNS is correct, make sure your firewall and port forwarding are correctly set up, allowing traffic on port 443.

This isn’t a problem with Caddy, it’s a networking problem between Cloudflare and your server.

Well, I feel dumb. I totally forgot to allow 80 and 443 through my firewall. Thank you!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.