1. Caddy version (caddy version
):
v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=
2. How I run Caddy:
Over Command Line
a. System environment:
Using golang:latest docker image, built using xcaddy, command: xcaddy build --with github.com/caddy-dns/cloudflare --with github.com/hairyhenderson/caddyprom --with github.com/caddyserver/ntlm-transport --with github.com/greenpau/caddy-auth-saml
b. Command:
caddy validate -config caddy.json
c. My complete Caddyfile or JSON config:
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":80"
],
"routes": [
{
"match": [
{
"host": [
"rproxy-ka.prod.server1.us"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"body": "gbus rvpx v0.54",
"handler": "static_response"
}
]
}
]
}
],
"terminal": true
}
]
},
"srv1": {
"listen": [
":443"
],
"routes": [
{
"match": [
{
"host": [
"one3.prod.globi.us"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"group": "group5",
"handle": [
{
"handler": "rewrite",
"uri": "/one3{http.request.uri}"
}
],
"match": [
{
"path": [
"/"
]
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.request.host}"
],
"X-Forwarded-For": [
"{http.request.remote}"
],
"X-Forwarded-Port": [
"{http.request.port}"
],
"X-Forwarded-Proto": [
"{http.request.scheme}"
],
"X-Real-Ip": [
"{http.request.remote}"
]
}
}
},
"upstreams": [
{
"dial": "ruprod:80"
}
]
}
]
}
]
}
],
"terminal": true
},
{
"match": [
{
"host": [
"dvgw.prod.server1.us"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.request.host}"
],
"X-Forwarded-For": [
"{http.request.remote}"
],
"X-Forwarded-Port": [
"{http.request.port}"
],
"X-Forwarded-Proto": [
"{http.request.scheme}"
],
"X-Real-Ip": [
"{http.request.remote}"
]
}
}
},
"upstreams": [
{
"dial": "ruprod:8181"
}
]
}
]
}
]
}
],
"terminal": true
},
{
"match": [
{
"host": [
"one1.prod.server1.us"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.request.host}"
],
"X-Forwarded-For": [
"{http.request.remote}"
],
"X-Forwarded-Port": [
"{http.request.port}"
],
"X-Forwarded-Proto": [
"{http.request.scheme}"
],
"X-Real-Ip": [
"{http.request.remote}"
]
}
}
},
"upstreams": [
{
"dial": "10.200.0.168:3000"
}
]
}
]
}
]
}
],
"terminal": true
},
{
"match": [
{
"host": [
"dckr.int.server1.org"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.request.host}"
],
"X-Forwarded-For": [
"{http.request.remote}"
],
"X-Forwarded-Port": [
"{http.request.port}"
],
"X-Forwarded-Proto": [
"{http.request.scheme}"
],
"X-Real-Ip": [
"{http.request.remote}"
]
}
}
},
"upstreams": [
{
"dial": "10.200.0.176:9000"
}
]
}
]
}
]
}
],
"terminal": true
},
{
"match": [
{
"host": [
"docs.server1.us"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.request.host}"
],
"X-Forwarded-For": [
"{http.request.remote}"
],
"X-Forwarded-Port": [
"{http.request.port}"
],
"X-Forwarded-Proto": [
"{http.request.scheme}"
],
"X-Real-Ip": [
"{http.request.remote}"
]
}
}
},
"upstreams": [
{
"dial": "10.44.0.5:8081"
}
]
}
]
}
]
}
],
"terminal": true
},
{
"match": [
{
"host": [
"support.server1.us"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.request.host}"
],
"X-Forwarded-For": [
"{http.request.remote}"
],
"X-Forwarded-Port": [
"{http.request.port}"
],
"X-Forwarded-Proto": [
"{http.request.scheme}"
],
"X-Real-Ip": [
"{http.request.remote}"
]
}
}
},
"upstreams": [
{
"dial": "10.44.0.5:8091"
}
]
}
]
}
]
}
],
"terminal": true
},
{
"match": [
{
"host": [
"seismic-idp.lsa.prod.server1.us"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.request.host}"
],
"X-Forwarded-For": [
"{http.request.remote}"
],
"X-Forwarded-Port": [
"{http.request.port}"
],
"X-Forwarded-Proto": [
"{http.request.scheme}"
],
"X-Real-Ip": [
"{http.request.remote}"
]
}
}
},
"upstreams": [
{
"dial": "10.44.0.5:8095"
}
]
}
]
}
]
}
],
"terminal": true
},
{
"match": [
{
"host": [
"one2.prod.globi.us"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.request.host}"
],
"X-Forwarded-For": [
"{http.request.remote}"
],
"X-Forwarded-Port": [
"{http.request.port}"
],
"X-Forwarded-Proto": [
"{http.request.scheme}"
],
"X-Real-Ip": [
"{http.request.remote}"
]
}
}
},
"upstreams": [
{
"dial": "10.43.10.18:80"
}
]
}
]
}
]
}
],
"terminal": true
},
{
"match": [
{
"host": [
"one4.prod.globi.us"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Host": [
"{http.request.host}"
],
"X-Forwarded-For": [
"{http.request.remote}"
],
"X-Forwarded-Port": [
"{http.request.port}"
],
"X-Forwarded-Proto": [
"{http.request.scheme}"
],
"X-Real-Ip": [
"{http.request.remote}"
]
}
}
},
"transport": {
"protocol": "http",
"tls": {
"insecure_skip_verify": true
}
},
"upstreams": [
{
"dial": "10.200.0.175:443"
}
]
}
]
}
]
}
],
"terminal": true
}
],
"tls_connection_policies": [
{
"match": {
"sni": [
"one1.prod.globi.us"
]
}
},
{
"match": {
"sni": [
"one2.prod.globi.us"
]
}
},
{
"match": {
"sni": [
"one3.prod.globi.us"
]
}
},
{}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"subjects": [
"one1.prod.server1.us",
"one2.prod.server1.us",
"one3.prod.server1.us",
"support.server1.us",
"docs.server1.us",
"seismic-idp.lsa.prod.server1.us"
],
"issuer": {
"challenges": {
"dns": {
"provider": {
"api_token": "removed",
"name": "cloudflare"
}
}
},
"email": "removed",
"module": "acme"
}
},
{
"issuer": {
"email": "removed",
"module": "acme"
}
}
]
}
}
}
}
3. The problem I’m having:
When trying to verify this config on this specific version, it fails. On v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=
built exactly the same way, its considered valid. What’s wrong with it?
4. Error messages and/or full log output:
{"level":"info","ts":1640754676.0914085,"msg":"using provided configuration","config_file":"/builds/globius/caddy-autoci/caddy.json","config_adapter":""} validate: loading http app module: provision http: getting tls app: loading tls app module: decoding module config: tls: json: unknown field "issuer"
5. What I already tried:
- Not sure what to try here, I checked the TLS formatting, and it matched up properly with the documentation.