1. Caddy version (caddy version
):
v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=
2. How I run Caddy:
I run Caddy through a Windows service with WinSW.
a. System environment:
OS: Windows Server 2019 Datacenter
b. Command:
I'm not using commands to run Caddy, just the service.
c. Service/unit/compose file:
n/a
d. My complete Caddyfile or JSON config:
example.com {
handle_path /api* {
reverse_proxy localhost:3001
}
handle {
root * C:\Web\Webs\ExternalWeb
encode gzip
file_server
}
}
example.domain.local {
tls internal
handle_path /api* {
reverse_proxy localhost:3001
}
handle {
root * C:\Web\Webs\ExternalWeb
encode gzip
file_server
}
}
localhost {
tls internal
handle_path /api* {
reverse_proxy localhost:3001
}
handle {
root * C:\Web\Webs\ExternalWeb
file_server
}
}
3. The problem I’m having:
I asked a related question here yesterday: Getting HTTPS working on localhost in Windows
Now I am trying to connect to example.domain.local from a different machine and am once again getting the Warning: Potential Security Risk Ahead
warning.
Now I’m pretty sure this paragraph from francislavoie’s answer is what I need to do:
If you’re trying to connect from a different machine, then you’ll need to do the cert installation on those machines as well. You can either do it manually, or you can run
caddy trust
on those machines, using the--address
flag to point to the admin endpoint of your Caddy instance – note that the admin endpoint only listens onlocalhost:2019
by default, so you’d need to change that to:2019
to allow other machines on your network to access it – keep in mind this is risky though because then anyone on the network can change Caddy’s config or shut it down etc.
But I have questions and figured it was a different enough problem that required starting a new topic. So first, I need to install the cert manually or run caddy trust
on that second machine. I figured out how to install a SSL certificate manually from that other link: https://technixleo.com/create-locally-trusted-ssl-certificates-with-mkcert-on-windows/ But I’m not sure if that is what I need to do. Secondly, Caddy is not installed on the second machine, so how do I run caddy trust
. I wouldn’t think I would need to install caddy on the second machine just to access a website, would I? I’ll probably have more questions about the other sentences too, but this should get me started.
4. Error messages and/or full log output:
5. What I already tried:
I did try enabling “security.enterprise_roots.enabled” in Firefox on the second machine. But I know why that didn’t work, there is no certificate on that machine for Firefox to find. Somehow I have to tell it to use the cert on the original machine.