I am trying to use Caddy as reverse proxy running into docker both for accessing some services from outside my local network and also access some other services only inside my network (but with SSL)
4. Error messages and/or full log output:
Error during parsing: cannot create both ACME and internal certificate issuers
Is there a way this can be achieved or i need to use @blocked not remote_ip 192.168.1.0/24 respond @blocked "Nope" 403 this block and use all subdomains in ACME?
The comment in the code around that error message is:
// some tls subdirectives are shortcuts that implicitly configure issuers, and the
// user can also configure issuers explicitly using the issuer subdirective; the
// logic to support both would likely be complex, or at least unintuitive
I think the problem maybe your combining resolvers with internal, since resolvers configures an ACME issuer, and internal configures a self-signed issuer. Which one do you mean to use there? That is why there is an error. The implicit configuration is contradictory or at least confusing.
(You can specify multiple issuers, but you have to do it explicitly using the issuer sub-directive.)
for this part I would like to get services inside my lan certificates (self-signed) and I have an record in my local dns pointing .server.local to the IP in the reverse_proxy section
tls internal doesn’t care about DNS at all, it will just create a cert for you no matter how the domain resolves.
You only need on_demand if you don’t know the domains up-front, but in this case you told Caddy specifically of the domain it should issue, as the site address.
Just do tls internal and remove both on_demand and resolvers there.