1. Caddy version (caddy version
):
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=
2. How I run Caddy:
Caddy is runned via a systemd service. Caddy was installed via the official repo ( https://apt.fury.io/caddy/ )
a. System environment:
Debian 11 Bullseye
b. Command:
caddy service restart
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
{
# General Options
admin off
# TLS Options
email mail@gmail.com
}
@tls
tls{
protocols tls1.3
}
# Config reverse Proxy
hyperviseur.domaine.fr {
reverse_proxy 192.168.1.50:80
@tls
}
bitwarden.domaine.fr {
reverse_proxy 192.168.1.50:8080
@tls
}
zabbix.domaine.fr {
reverse_proxy 192.168.1.120:80
@tls
}
fog.domaine.fr {
reverse_proxy 192.168.1.140:80
@tls
}
wiki.domaine.fr {
reverse_proxy 192.168.1.170:80
@tls
}
3. The problem I’m having:
I want to not repeat the tls directive, i tried with a named matcher like this:
@tls1.3 {
tls {
protocols tls1.3
}
4. Error messages and/or full log output:
service caddy status
● caddy.service - Caddy
Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2021-01-01 12:58:23 CET; 31s ago
Docs: https://caddyserver.com/docs/
Process: 21793 ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile (code=exited, status=1/FAILURE)
Main PID: 21793 (code=exited, status=1/FAILURE)
janv. 01 12:58:23 debian-reverse caddy[21793]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
janv. 01 12:58:23 debian-reverse caddy[21793]: HOME=/var/lib/caddy
janv. 01 12:58:23 debian-reverse caddy[21793]: LOGNAME=caddy
janv. 01 12:58:23 debian-reverse caddy[21793]: USER=caddy
janv. 01 12:58:23 debian-reverse caddy[21793]: INVOCATION_ID=8b05406d37d64793b5503e88d015ab1a
janv. 01 12:58:23 debian-reverse caddy[21793]: JOURNAL_STREAM=8:279619
janv. 01 12:58:23 debian-reverse caddy[21793]: {"level":"info","ts":1609502303.9332616,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
janv. 01 12:58:23 debian-reverse caddy[21793]: run: adapting config using caddyfile: cannot define a matcher outside of a site block: '@tls'
janv. 01 12:58:23 debian-reverse systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
janv. 01 12:58:23 debian-reverse systemd[1]: caddy.service: Failed with result 'exit-code'.
5. What I already tried:
I’ve added the tls directive in each website block
6. Links to relevant resources:
I looked here maybe i’m wrong