1. The problem I’m having:
I am using Caddy in a Docker container as a reverse proxy to backend services. I am also using Tailscale with HTTPS enabled so it creates LetsEncrypt certs.
The problem is that every time the container restarts, the LE certs are lost, and need to be regenerated again. I am trying to figure out the location in the container where the LE certs are saved, so I can add that as a volume so that the existing certs are re-used.
2. Error messages and/or full log output:
I have set the environmenet variable XDG_DATA_HOME=/var/lib
in the container.
When Caddy starts, I can see that it is using the location.
{"level":"info","ts":1682706459.556254,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy"}
When I connect to the service over Tailscale, I can see Caddy creates the LE cert (via Tailscale), and I can access the site, but there are no files in the directory.
# tailscale
2023/04/28 18:35:48 cert("server.taild3f12.ts.net"): registered ACME account.
2023/04/28 18:35:48 cert("server.taild3f12.ts.net"): starting SetDNS call...
2023/04/28 18:35:50 tshttpproxy: CONNECT response from http://proxy.mycompany.com:3128 for target "log.tailscale.io:443" (auth ""): 200 Connection established
2023/04/28 18:35:57 Accept: TCP{100.71.202.19:50865 > 100.126.47.29:443} 40 tcp non-syn
2023/04/28 18:35:59 cert("server.taild3f12.ts.net"): did SetDNS
2023/04/28 18:36:00 cert("server.taild3f12.ts.net"): requesting cert...
2023/04/28 18:36:01 cert("server.taild3f12.ts.net"): got cert
# caddy
{"level":"debug","ts":1682706961.15812,"logger":"tls.handshake","msg":"using externally-managed certificate","remote_ip":"127.0.0.1","remote_port":"39146","sni":"server.taild3f12.ts.net","names":["server.taild3f12.ts.net"],"expiration":1690479362}
The data directory in the container
d3c58d7db47c:/# ls -al /var/lib/caddy
total 8
drwxr-xr-x 2 root root 4096 Apr 28 17:24 .
drwxr-xr-x 1 root root 4096 Apr 28 18:27 ..
3. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
4. How I installed and ran Caddy:
The container is Alpine Linux, with Tailscale and Caddy binaries added.
I have a script the generates the Caddyfile from env vars, and then starts it with
caddy run --config /etc/caddy/Caddyfile --adapter caddyfile --environ
a. System environment:
Docker container running on a Mac
d. My complete Caddy config:
{
debug
}
server.taild3f12.ts.net
reverse_proxy https://server.mycompany.com {
header_up Host server.mycompany.com
header_down Location "^https://server.mycompany.com(.*)$" "https://server.taild3f12.ts.net$1"
}
5. Links to relevant resources:
Env var for data location