V1 > v2 : HTTPS on Docker doesn't work

1. Caddy version (caddy version):

v2

2. How I run Caddy:

First, I’m new In Caddy and certificats implementation

I have a registred domain “mydomain.com” and many docker services runing on my server (node, kibana, mysql, …). I used Caddy v1 to access my main domain “mydomain.com” only.

After that I migrate to Caddy v2 and he generates certificates for “www.mydomain.com” with (www) -New installation-. It works fine with the official docker image : https://hub.docker.com/_/caddy

Now, I want to use Caddy v2 as a reverse-proxy to access my domain and all my sub-domains “*.mydomain.com” using the one new certificate (not using old ones)

My actual configuration is :

  • docker-compose :
version: "3.5"
services:
  rproxy-auto:
    image: caddy
    container_name: rproxy-auto
#    user: "${UID}:${GID}"
    ports:
      - 80:80
      - 443:443
      - 2015:2015
      - 2019:2019
      - 2020:2020
    volumes:
      - ./data:/data
      - ./www:/usr/share/caddy
      - ./config:/config
      - ./Caddyfile:/etc/caddy/Caddyfile
  • Caddyfile (see the confi section)

a. System environment:

Docker installed on Debian Jessie

b. Command:

docker-compose up --build -d

c. Service/unit/compose file:

d. My complete Caddyfile or JSON config:

http://mydomain.com {
   redir mydomain.com{uri}
}

mydomain.com {
   reverse_proxy 12.1.1.1:9000
}

service1.mydomain.com {
   reverse_proxy 12.1.1.1:9001
}

service2.mydomain.com {
   reverse_proxy 12.1.1.1:9002
}

3. The problem I’m having:

If we refer to the documentation we have many ways to configure Caddy v2. But I don’t find this details in documentation :

  • Where we must put configuration files (Caddyfile or .json) on docker
  • When Caddy v2 load the configuration file (startup of the docker, after each edit, after Caddy reload) ?

4. Error messages and/or full log output:

Dosen’t work :

5. What I already tried:

6. Links to relevant resources:

Thanks a lot for your help :slight_smile:

Welcome @simoroco

Our docs actually do cover this:

There is no single, conventional place for you to put your config files. Put them wherever makes the most sense to you.

At startup. If you want it to reload after every edit, use the --watch flag: https://caddyserver.com/docs/command-line#caddy-run

Thanks.

It’s very clear now and I have a correct Caddyfile v2 format. Thank’s perfect.

But, I’m facing another problem. The error :

too many certificates already issued for exact set of domains:

I don’t have the private keys anymore but I know that I can revoke old ones using HTTP ports on the server. I found this solution :

certbot certonly --manual --preferred-challenges=http -d {domain.com}
certbot revoke --cert-path {key}.pem

But I doesn’t work !
Can you help please

Great, glad you got that working at least!

Please read how Let’s Encrypt rate limits work here: https://letsencrypt.org/docs/rate-limits/

Revoking certificates does not reset rate limits , because the resources used to issue those certificates have already been consumed.

Please do not revoke certificates to try to get around rate limits, it won’t work, and it just adds unnecessary pressure to the PKI.

On the Caddy page at Docker Hub, please read the docs with :warning: A note about persisted data” – very important. :slight_smile:

This topic was automatically closed after 30 days. New replies are no longer allowed.