1. Caddy version (caddy version
):
v2.4.0-beta.1 => /src/caddy
2. How I run Caddy:
a. System environment:
Host OS: Linux SMP Debian 4.19.132-1 (2020-07-24) x86_64 GNU/Linux
Docker Base Image: caddy:2.0.0-builder along with GitHub - caddy-dns/cloudflare: Caddy module: dns.providers.cloudflare
b. Command:
sudo docker-compose -f caddy-compose.yml up -d
c. Service/unit/compose file:
caddy-compose.yml
version: "3.7"
services:
caddy:
build: ./dns-dockerfile
container_name: caddy
hostname: caddy
restart: unless-stopped
ports:
- "80:80"
- "443:443"
environment:
- MY_DOMAIN=$MY_DOMAIN
- CLOUDFLARE_API_TOKEN=$CLOUDFLARE_API_TOKEN
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro
- /data/caddy/data:/data
- /data/caddy/config:/config
networks:
default:
external:
name: $DOCKER_MY_NETWORK
Dockerfile
FROM caddy:2.0.0-builder AS builder
RUN caddy-builder \
github.com/caddy-dns/cloudflare
FROM caddy:2.0.0
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
d. My complete Caddyfile or JSON config:
{
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
key_type rsa4096
}
(proxy_template) {
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
}
www.{$MY_DOMAIN} {$MY_DOMAIN} {
reverse_proxy /.well-known/matrix/* https://matrix.{$MY_DOMAIN} {
header_up Host {http.reverse_proxy.upstream.hostport}
}
import proxy_template
}
matrix.{$MY_DOMAIN}, dimension.{$MY_DOMAIN}, element.{$MY_DOMAIN}, jitsi.{$MY_DOMAIN} {
import proxy_template
reverse_proxy matrix-nginx-proxy:8080
}
matrix.{$MY_DOMAIN}:8448 {
reverse_proxy matrix-nginx-proxy:8448
}
3. The problem I’m having:
The way my setup works is is that a request that goes through my caddy server will be redirected to an nginx server (the reasoning for this is complicated) and then it is forwarded to my matrix server (which is just a normal server).
What I ideally want is the connection between the client and caddy to be protected with SSL. However, I don’t care about encrpyting the connection between caddy and nginx. Now when caddy is forwarding the request to nginx, it is throwing an error since caddy is making an https request when nginx expects http.
Nginx throws the following error to me:
error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Looking at this answer on stackoverflow curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number - Stack Overflow, it looks like the solution is that the proxy should use HTTP CONNECT to make sure that it is not using SSL when proxying to nginx.
Basically sending an http request to caddy works. Since caddy just forwards an http request to nginx and it doesn’t throw an error. But I want to connection between caddy and client to be https but connection between caddy and nginx to be http.
And for some reason I am not facing this problem when requesting matrix.mydomain
. The problem only happens when requesting matrix.mydomain:8448
. So the problem only occurs on port 8448 and not on port 80.
Is there anyway to do this with Caddy?
4. Error messages and/or full log output:
Here’s the error from nginx: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I don’t get any new logs in Caddy when I make this request so nothing to add there