Hi, this is my first time posting i hope i did everything good .
I’ve search a lot on my problem but anything i tried failed so my last hope is here .
Thanks in advance for your time and help.
1. Output of caddy version
:
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I run Caddy: (This is my actual config)
My docker is host on an debian vm on an truenas host
I use xcady to build caddy with ovh features rename it “caddy”
I run caddy on a docker container via a docker-compose file and use a Caddyfile to setup a self hosted vaultwarden
On my OVH account i added an A entry for home-vaultwarden.flq.ovh → 192.168.2.5
docker-compose.yml
caddy:
image: caddy:2
container_name: home-caddy
restart: always
ports:
- 80:80
- 443:443
networks:
homenetwork:
ipv4_address: 192.168.2.6
volumes:
- ./caddy/caddy:/usr/bin/caddy
- ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
- ./caddy/caddy-config:/config
- ./caddy/caddy-data:/data
environment:
DOMAIN: "https://home-vaultwarden.flq.ovh"
EMAIL: "myemail"
LOG_FILE: "/data/access.log"
ENDPOINT: "ovh-eu"
APPLICATION_KEY: "MYAPPLICATION_KEY"
APPLICATION_SECRET: "MYAPPLICATION_SECRET"
CONSUMER_KEY: "MYCONSUMER_KEY"
vaultwarden:
image: vaultwarden/server
container_name: home-vaultwarden
networks:
homenetwork:
ipv4_address: 192.168.2.5
restart: always
environment:
WEBSOCKET_ENABLED: "true"
volumes:
- ./vaultwarden/vaultwarden-data:/data
Caddyfile
{$DOMAIN}:443 {
log {
level INFO
output file {$LOG_FILE} {
roll_size 10MB
roll_keep 10
}
}
# Use the ACME DNS-01 challenge to get a cert for the configured domain.
tls {
dns ovh {
endpoint {$ENDPOINT}
application_key {$APPLICATION_KEY}
application_secret {$APPLICATION_SECRET}
consumer_key {$CONSUMER_KEY}
}
}
# This setting may have compatibility issues with some browsers
# (e.g., attachment downloading on Firefox). Try disabling this
# if you encounter issues.
# encode gzip
# Notifications redirected to the WebSocket server
reverse_proxy /notifications/hub home-vaultwarden:3012
# Proxy everything else to Rocket
reverse_proxy home-vaultwarden:80
}
3. The problem I’m having:
I can’t join my vaultwarden via HTTPS only working on HTTP
4. Error messages and/or full log output:
Log of my caddy in portainer
{"level":"info","ts":1666717918.6710472,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1666717918.6722085,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1666717918.7030625,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1666717918.7033775,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1666717918.7033987,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1666717918.717901,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000296150"}
{"level":"info","ts":1666717918.7398272,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1666717918.7400386,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
{"level":"info","ts":1666717918.7415555,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1666717918.7426543,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1666717918.7427006,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1666717918.7427113,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["home-vaultwarden.flq.ovh"]}
{"level":"info","ts":1666717918.8268254,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1666717918.8375309,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1666717918.8375502,"msg":"serving initial configuration"}
{"level":"info","ts":1666735918.9226694,"logger":"tls.cache.maintenance","msg":"advancing OCSP staple","identifiers":["home-vaultwarden.flq.ovh"],"from":1667037598,"to":1667339998}
Log of my vaultwarden in portainer
/--------------------------------------------------------------------\
| Starting Vaultwarden |
| Version 1.26.0 |
|--------------------------------------------------------------------|
| This is an *unofficial* Bitwarden implementation, DO NOT use the |
| official channels to report bugs/features, regardless of client. |
| Send usage/configuration questions or feature requests to: |
| https://vaultwarden.discourse.group/ |
| Report suspected bugs/issues in the software itself at: |
| https://github.com/dani-garcia/vaultwarden/issues/new |
\--------------------------------------------------------------------/
FO] No .env file found.
[2022-10-26 08:27:13.272][vaultwarden::api::notifications][INFO] Starting WebSockets server on 0.0.0.0:3012
[2022-10-26 08:27:13.273][start][INFO] Rocket has launched from http://0.0.0.0:80
curl -Iv http://home-vaultwarden.flq.ovh --> OK show vaultwarden page
curl -Iv https://home-vaultwarden.flq.ovh
* Trying 192.168.2.5:443...
* connect to 192.168.2.5 port 443 failed: Connection refused
* Failed to connect to home-vaultwarden.flq.ovh port 443 after 34 ms: Connection refused
* Closing connection 0
curl: (7) Failed to connect to home-vaultwarden.flq.ovh port 443 after 34 ms: Connection refused
5. What I already tried:
I’ve tried :
Add ROCKET_PORT on vaultwarden environement
changed reverse proxy hostname to IP changed port
remove my network settings to the default docker
rebuild rebuild and rebuild my caddy (cause i wasn’t sure of myself)
6. Links to relevant resources:
A possibility to use local ip instead domain · Discussion #1491 · dani-garcia/vaultwarden · GitHub
Using Docker Compose · dani-garcia/vaultwarden Wiki · GitHub