Unable to have https for localhost application

1. Output of caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

I have installed caddy via sudo apt install caddy. Then I have started my Go application on localhost:8080. I have created Caddyfile with localhost and reverse_proxy but I still get untrusted site message when I visit the site. First i did run it with systemctl start/stop caddy and still untrusted. Then I run it with sudo caddy reverse_proxy --to localhost:8080 and get the same result.

a. System environment:

Linux Mint, systemctl

b. Command:

Paste command here.
systemctl start/stop caddy
sudo caddy reverse_proxy --to localhost:8080

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. -->

d. My complete Caddy config:

localhost {
  reverse_proxy localhost:8080

3. The problem I’m having:

I am trying to proxy my GoLang application to have https.

4. Error messages and/or full log output:

2022/12/07 18:49:11.677	INFO	using provided configuration	{"config_file": "Caddyfile", "config_adapter": ""}
2022/12/07 18:49:11.678	WARN	Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies	{"adapter": "caddyfile", "file": "Caddyfile", "line": 1}
2022/12/07 18:49:11.679	INFO	admin	admin endpoint started	{"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//"]}
2022/12/07 18:49:11.679	INFO	http	server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS	{"server_name": "srv0", "https_port": 443}
2022/12/07 18:49:11.679	INFO	http	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2022/12/07 18:49:11.679	INFO	tls.cache.maintenance	started background certificate maintenance	{"cache": "0xc0001faee0"}
2022/12/07 18:49:11.679	INFO	tls	cleaning storage unit	{"description": "FileStorage:/root/.local/share/caddy"}
2022/12/07 18:49:11.679	INFO	tls	finished cleaning storage units
2022/12/07 18:49:11.685	INFO	pki.ca.local	root certificate is already trusted by system	{"path": "storage:pki/authorities/local/root.crt"}
2022/12/07 18:49:11.685	INFO	http	enabling HTTP/3 listener	{"addr": ":443"}
2022/12/07 18:49:11.685	INFO	failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2022/12/07 18:49:11.685	INFO	http.log	server running	{"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2022/12/07 18:49:11.685	INFO	http.log	server running	{"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2022/12/07 18:49:11.685	INFO	http	enabling automatic TLS certificate management	{"domains": ["localhost"]}
2022/12/07 18:49:11.685	WARN	tls	stapling OCSP	{"error": "no OCSP stapling for [localhost]: no OCSP server specified in certificate", "identifiers": ["localhost"]}
2022/12/07 18:49:11.685	INFO	autosaved config (load with --resume flag)	{"file": "/root/.config/caddy/autosave.json"}
2022/12/07 18:49:11.685	INFO	serving initial configuration
^X^C2022/12/07 18:50:19.337	INFO	shutting down	{"signal": "SIGINT"}
2022/12/07 18:50:19.337	WARN	exiting; byeee!! 👋	{"signal": "SIGINT"}
2022/12/07 18:50:19.339	INFO	tls.cache.maintenance	stopped background certificate maintenance	{"cache": "0xc0001faee0"}
2022/12/07 18:50:19.339	INFO	admin	stopped previous server	{"address": "localhost:2019"}
2022/12/07 18:50:19.339	INFO	shutdown complete	{"signal": "SIGINT", "exit_code": 0}

5. What I already tried:

Documentation and Youtube/Tiktok tutorials.

6. Links to relevant resources:

As you are not using a domain name, you can’t get a certificate from Let’sEncrypt or ZeroSSL so you need to use Caddy internal CA to issue certificates. You can enable it with the tls internal directive, something like this:

localhost {
  tls internal
  reverse_proxy localhost:8080

Thank you for your answer, I did add that ‘tls internal’ but it doesn’t work for me, still untrusted. Main problem is that I saw on Tiktok how guy use Caddy to have https for localhost. I tried everything I could find on the internet but no progress.

Self-signed (internal) certs won’t be trusted by clients on other systems unless they install trust for Caddy’s root.

@plorenzo Btw, tls internal is the default for localhost so that won’t make a difference and is unneeded there, actually. :slight_smile: I appreciate your help!!

1 Like

Can you tell me how to do it or provide some references/links? thanks!

That totally depends on the OS/client accessing the server. I would start by google searching things like “how to add certificate to Linux Mint trust store” or “how to add cert to Firefox trust store”

This topic was automatically closed after 30 days. New replies are no longer allowed.