1. My Caddy version (caddy -version
):
Caddy v1.0.4 (h1:wwuGSkUHo6RZ3oMpeTt7J09WBB87X5o+IZN4dKehcQE=)
2. How I run Caddy:
systemd
a. System environment:
uname -a
Linux fnando 4.15.0-74-generic #84-Ubuntu SMP Thu Dec 19 08:06:28 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
d. My complete Caddyfile:
mydomain.dev http://mydomain.dev *.mydomain.dev http://*.mydomain.dev {
tls {
dns route53
}
proxy / :5000 {
transparent
}
}
* {
tls {
dns route53
ask http://localhost:5000/valid-acme-host
}
proxy / :5000 {
transparent
}
}
3. The problem I’m having:
I’m trying to use Caddy as a proxy server for my heroku app. It’s the classic “customer’s CNAME pointing to your subdomains” use case. Let’s say I have a CNAME sample.mydomain.dev
pointing to propitious-gnu-7335.mydomain.dev
.
My idea is using Caddy to automatically manage my own certs (the first block), while proxying every other hosts (which I don’t know beforehand) to the app. The second block (*
) would then ask my app if a cert should be issued or not, following tls.ask
requirements.
Is there any way of enabling a *
matcher like the one I’m trying? Am I missing something or isn’t this scenario supported at all?
Alternatively, is there any way I can provide certs via a HTTP call, bypassing Caddy’s ACME support entirely? Something like:
tls {
ask_certs https://localhost:5000/certs
}
4. Error messages and/or full log output:
There’s no error log other than:
Jan 24 22:13:17 fnando caddy[1593]: http: TLS handshake error from 104.200.132.222:4780: no certificate available for 'sample.mydomain.dev'
Notice that the application never receives the tls.ask
call.
5. What I already tried:
If I use sample.fnando.com
instead of *
, then the tls.ask
requirement works as expected, but that’s not something I wouldn’t like to manage myself (creating config files, reloading Caddy, etc).
mydomain.dev http://mydomain.dev *.mydomain.dev http://*.mydomain.dev {
tls {
dns route53
}
proxy / :5000 {
transparent
}
}
sample.mydomain.dev {
tls {
dns route53
ask http://localhost:5000/valid-acme-host
}
proxy / :5000 {
transparent
}
}