I have set up Caddy in docker using the official image. I am using it to proxy my external subdomains (like ha.myhouse.net to 192.168.1.3:8123), and it is working as expected. All the certs get requested, and when I hit the subdomain, I get the proper app hosted locally.
My next thought was to get all of the servers on my internal network (*.home) to behave the same way. I want to be able to put in ha.myserver.home, and have it show me myserver.home:8123. What is happening is that I can ping ha.myserver.home, and I get the correct ip address back, but when I enter the url ha.myserver.home, I get: 404 Site ha.myserver.home is not served on this interface
There are no log entries from Caddy that I can see.
Hmm! I was expecting to see a different problem entirely. Did you restart the container after making the Caddyfile changes, or did you send a USR1 signal to the Caddy process to reload it?
What’s your docker run command / docker-compose.yml service for Caddy?
I’d assume that you’ve volume mounted the Caddyfile directly. I’m wondering if there’s some issue with the Caddyfile changes not being represented inside the container.
You could exec into the container and cat the Caddyfile that Caddy is using inside and just confirm that it does in fact show your ha.myserver.home block?
The Caddyfile is mounted correctly. The contents are the same inside the container as outside the container. I even made a change externall, restarted the container, and verified that /etc/Caddyfile in the container reflected the changes I made.
I was hoping I had messed up the mount, no such luck!
Yeah, just looked over the v2tec image. Seems like --label-enable is fairly new. The container itself was updated a year ago, though… so maybe it’s older than I thought!
I think you might be missing a few lines from the top. Otherwise the first line in the Caddyfile would be root /srv and probably wouldn’t parse very well.
Assuming the first few lines are well formatted, though, I can’t see anything that would cause an issue at a glance through.
Two more questions: What’s the caddy -version, and have you tried using http://pihole.zotac.home and removing the tls off directive?
Sorry about that. I had the ``` on the same line as the start of the file, and it did not show. It is fixed now.
caddy -version shows:
Caddy 0.11.2 (unofficial)
Removing the tls off results in this in the log:
Activating privacy features... 2019/01/29 03:11:42 [INFO][myserver.com] Obtain: Certificate already exists in storage
2019/01/29 03:11:43 [INFO] [ha.zotac.home] acme: Obtaining bundled SAN certificate
2019/01/29 03:11:43 [ha.zotac.home] failed to obtain certificate: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:malformed :: Error creating new order :: Name does not end in a public suffix, url:
exit status 1
Then the entries for ha.zotac.home repeat until I stop the container. It was this error that originally led me to adding the tls off to the config.
No worries, glad we could find a workaround for you.
I’ll have to look into this bug further, though. Your site should have been there (although it should have been on port 2015, not port 80), but according to the output you posted, Caddy wasn’t hosting that site at all. In short - what you had should have worked (to some degree).
Funny enough, that thought crossed my mind, and I had tried using port 2015 instead of 80, just in case. What you proposed works on port 80, so it does all I need it to.