Unable to reach admin endpoint when running in docker

Oliver_Schuster · July 15, 2021, 2:25pm

1. Caddy version (`caddy version`):

Version v2.4.2 h1:chB106RlsIaY4mVEyq9OQM5g/9lHYVputo/LAX2ndFg=,

2. How I run Caddy:

executing the following windows batch file:

startCaddy.cmd

@echo off
SET CONTAINER_NAME=my_caddy
SET CADDY_FILEPATH=c:\develop\test\caddy\
SET CADDY_DATA_FOLDER=c:\develop\test\caddy\data

REM try to stop if it is stuck running
docker stop %CONTAINER_NAME%

docker run  -d ^
            -p 80:80 ^
            -p 443:443 ^
            -p 2015:2015 ^
            -p 2016:2016 ^
            -p 2019:2019 ^
            -p 2020:2020 ^
            -p 5551:5551 ^
            -v %CADDY_FILEPATH%/Caddyfile:/etc/caddy/Caddyfile ^
            --rm ^
            --name %CONTAINER_NAME% ^
            caddy

a. System environment:

docker image “caddy:2.4.2-alpine”. Hosted on a Windows 10 machine

b. Command:

C:\develop\test\caddy>startCaddy.cmd
my_caddy
90674245da51d0822d82bc1f2ad705f261d8dac14cfdb5e16d27161ebac39585

C:\develop\test\caddy>curl localhost:80
Hello, world!
C:\develop\test\caddy>curl localhost:2016
Client sent an HTTP request to an HTTPS server.

C:\develop\test\caddy>curl localhost:2020/config/
curl: (52) Empty reply from server

C:\develop\test\caddy>curl https://localhost:2016
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile config:

{
	admin localhost:2020
	auto_https off
}

localhost:80 {
	respond "Hello, world!"
}

localhost:2016 {
	respond "Goodbye, world!"
}
.

3. The problem I’m having:

On port 2016 it demands https, although I did not configure that.
Port 2020 only returns an empty response from outside of the container, though I specified it in the docker run command.

Basically I’m interested in hosting caddy in a docker container and being able to access everything I configure in the caddyfile from the outside. I tried different port numbers for the admin console but that did not change the behavior, I still get an empty response from the admin endpoint. Obviously also the auto_https option is ignored (2016 demands https).

4. Error messages and/or full log output:

5. What I already tried:

I extended the docker image with curl:

FROM caddy:2.4.2-alpine
# replace the repository entries from https to http
# see https://gitlab.alpinelinux.org/alpine/aports/-/issues/11768
RUN sed -i -e 's/https/http/' /etc/apk/repositories
RUN apk --no-cache add --update curl

and could verify that I can access the admin endpoint from within the container. Still not accessible from the outside.

I also tried the caddy:2.4.3-alpine image before and only switched back to 2.4.2 for a tryout.

6. Links to relevant resources:

francislavoie · July 15, 2021, 4:54pm

localhost resolves to 127.0.0.1, meaning Caddy will only accept requests coming from 127.0.0.1, i.e. only requests coming from inside its own container. If you need to make it accessible from outside, you’ll need to switch it to admin :2020 to listen on all interfaces.

Caddy defaults to HTTPS by default. If you want to use HTTP, then specify http:// in front of the site address. The reason localhost:80 doesn’t default to HTTPS is because 80 is the HTTP port.

Oliver_Schuster · July 16, 2021, 10:00am

Thanks Francis.
With your help I got it working now, using the following Caddyfile:

{
	admin :2020
}

localhost:80 {
	respond "Hello, world!"
}

http://localhost:2016 {
	respond "Goodbye, world!"
}

system · August 14, 2021, 2:26pm

This topic was automatically closed after 30 days. New replies are no longer allowed.