DISCLAIMER
I do not actually own the zero.net
domain,
I am using local self signed certificates, pi-hole
DNS entries, and docker
for all of this
1. Caddy version (caddy version
):
v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=
2. How I run Caddy:
Docker
a. System environment:
Docker
b. Command:
caddy run --config /config/.caddy.conf --adapter caddyfile
c. Service/unit/compose file:
d. My complete Caddyfile or JSON config:
zero.net {
tls /config/certs/zero.net/cert.pem /config/certs/zero.net/key.pem
#respond "TESTING"
reverse_proxy zeronet:43110
}
3. The problem I’m having:
with this config, zeronet says
Forbidden
Invalid host: zero.net
Start the client with --ui_host "zero.net" argument
or access via ip: http://127.0.0.1/
When I alter the runner for zeronet to use that, it error 502’s and caddy gives this error
4. Error messages and/or full log output:
{
"level": "error",
"ts": 1630534595.8635776,
"logger": "http.log.error",
"msg": "dial tcp 172.18.0.3:43110: connect: connection refused",
"request": {
"remote_addr": "172.18.0.1:45610",
"proto": "HTTP/2.0",
"method": "GET",
"host": "zero.net",
"uri": "/",
"headers": {
"Cache-Control": [
"max-age=0"
],
"Upgrade-Insecure-Requests": [
"1"
],
"Accept": [
"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
],
"Sec-Fetch-User": [
"?1"
],
"Sec-Fetch-Dest": [
"document"
],
"Dnt": [
"1"
],
"User-Agent": [
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36 Edg/92.0.902.84"
],
"Sec-Fetch-Site": [
"none"
],
"Accept-Language": [
"en-US,en;q=0.9"
],
"Cookie": [
"_dhc.650644=222fdecf-09a5-47cd-a5f3-5194a9a6f48e"
],
"Sec-Ch-Ua-Mobile": [
"?0"
],
"Sec-Ch-Ua": [
"\"Chromium\";v=\"92\", \" Not A;Brand\";v=\"99\", \"Microsoft Edge\";v=\"92\""
],
"Sec-Fetch-Mode": [
"navigate"
],
"Accept-Encoding": [
"gzip, deflate, br"
]
},
"tls": {
"resumed": true,
"version": 772,
"cipher_suite": 4865,
"proto": "h2",
"proto_mutual": true,
"server_name": "zero.net"
}
},
"duration": 0.0013032,
"status": 502,
"err_id": "8ig2vrzrt",
"err_trace": "reverseproxy.statusError (reverseproxy.go:857)"
}
C:\Users\merith>curl -v https://zero.net
* Rebuilt URL to: https://zero.net/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to zero.net (127.0.0.1) port 443 (#0)
* schannel: SSL/TLS connection with zero.net port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 179 bytes...
* schannel: sent initial handshake data: sent 179 bytes
* schannel: SSL/TLS connection with zero.net port 443 (step 2/3)
* schannel: encrypted data got 1207
* schannel: encrypted data buffer: offset 1207 length 4096
* schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with zero.net port 443
* schannel: clear security context handle
curl: (35) schannel: next InitializeSecurityContext failed: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate.
5. What I already tried:
I tried to find a post I made back when v1 was still supported about this very issue, as I recall it being that the way reverse_proxy works, is the header that is sent from reverse proxy to the proxied target has some shennanigins done inside it to make it so while the webpage portion of zeronet
can detect it is at https://zero.net
, the webserver portion cannot,