Using Caddy as proxy on a VM on same LAN, getting error

[Klagio]

Below the log. Any chance to take out the certificate part?

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing... 
-----------------------------------------------------------
 Add-on: Asterisk
 PBX server for SIP devices like doorbells and phones
-----------------------------------------------------------
 Add-on version: 0.3.3
 You are running the latest version of this add-on.
 System: Home Assistant OS 7.1  (amd64 / qemux86-64)
 Home Assistant Core: 2021.12.8
 Home Assistant Supervisor: 2021.12.2
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 01-log-level.sh: executing... 
[cont-init.d] 01-log-level.sh: exited 0.
[cont-init.d] asterisk.sh: executing... 
[19:19:30] INFO: Configuring certificate...
[19:19:30] FATAL: Certificate file at /ssl/fullchain.pem was not found
[cont-init.d] asterisk.sh: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] 99-message.sh: executing... 
-----------------------------------------------------------
                Oops! Something went wrong.

 We are so sorry, but something went terribly wrong when
 starting or running this add-on.

 Be sure to check the log above, line by line, for hints.
-----------------------------------------------------------
[cont-finish.d] 99-message.sh: exited 0.
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
s6-nuke: fatal: unable to kill: No such process

[TECH7Fox]

Asterisk requires a certificate for the secure websocket. Without it the generated extensions would never work, even on LAN.

I'm not experienced with caddy, but is there not a way to get certificates in the /ssl folder?

[Klagio]

Asterisk requires a certificate for the secure websocket. Without it the generated extensions would never work, even on LAN.

I'm not experienced with caddy, but is there not a way to get certificates in the /ssl folder?

Will try, my settings is the following

A VM ubuntu machine that only has Caddy, in which the file Caddy is forwarding to appropriate VM as following

a.{$MY_DOMAIN} {
    reverse_proxy 192.168.1.12:8888
}

audio18.{$MY_DOMAIN} {
    reverse_proxy 192.168.1.221:80
}

audio19.{$MY_DOMAIN} {
    reverse_proxy 192.168.1.18:3000
}

b.{$MY_DOMAIN} {
    reverse_proxy 192.168.1.12:8123
}

plus many other redirects.

Then in Cloudflare I have

[Klagio]

The above settings I have since 3 years and works perfectly, very easy, and I use tons of redirects for maybe 50 servers.

The Asterisk server would be

asterisk.mydomain.com

In CLOUFLARE I will put as CNAME asterisk

and in Caddy file I would add

asterisk.{$MY_DOMAIN} {
    reverse_proxy 192.168.1.12:PORT   # ( 192.168.1.12 is the LAN addfress of Home Assistant, and PORT is whatever port is needed for Asterisk)
}

Caddy will take care of the certificate things.

Any chance to make this possible?

Or alternatively can you please tell me which is the port I need to use?

[TECH7Fox]

Asterisk uses port 8089 for tls.

[Klagio]

Ok, I checked my Caddy they have a privatekey and a certificate (inside there are 3, not sure why) [Jan 11 16:50:44] ERROR[505]: iostream.c:552 ast_iostream_close: SSL_shutdown() failed: error:00000001:lib(0):func(0):reason(1), Internal SSL error

So I guess I choose not correct one. Very newb questions the certificate do have to be like this? Or do I have to take out the line BEGIN CERTIFICATE and END CERTIFICATE?

-----BEGIN CERTIFICATE-----
MIIEYDCCA0igAwIBAgISA+bWScZAu58ThqMG5p5kTUcNMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
...................................................................................
8RpyKnRFnNd8t3OnCgSFXxLk3Ok=
-----END CERTIFICATE-----

[Klagio]

Also some error in LOG

[Jan 12 08:39:03]  Loading func_pjsip_aor.so.
[Jan 12 08:39:03]   == Registered custom function 'PJSIP_AOR'
[Jan 12 08:39:03]   == func_pjsip_aor.so => (Get information about a PJSIP AOR)
[Jan 12 08:39:03]  Loading res_pjsip_endpoint_identifier_anonymous.so.
[Jan 12 08:39:03]   == res_pjsip_endpoint_identifier_anonymous.so => (PJSIP Anonymous endpoint identifier)
[Jan 12 08:39:03]  Loading app_speech_utils.so.
[Jan 12 08:39:03]   == Registered application 'SpeechCreate'
[Jan 12 08:39:03]   == Registered application 'SpeechLoadGrammar'
[Jan 12 08:39:03]   == Registered application 'SpeechUnloadGrammar'
[Jan 12 08:39:03]   == Registered application 'SpeechActivateGrammar'
[Jan 12 08:39:03]   == Registered application 'SpeechDeactivateGrammar'
[Jan 12 08:39:03]   == Registered application 'SpeechStart'
[Jan 12 08:39:03]   == Registered application 'SpeechBackground'
[Jan 12 08:39:03]   == Registered application 'SpeechDestroy'
[Jan 12 08:39:03]   == Registered application 'SpeechProcessingSound'
[Jan 12 08:39:03]   == Registered custom function 'SPEECH'
[Jan 12 08:39:03]   == Registered custom function 'SPEECH_SCORE'
[Jan 12 08:39:03]   == Registered custom function 'SPEECH_TEXT'
[Jan 12 08:39:03]   == Registered custom function 'SPEECH_GRAMMAR'
[Jan 12 08:39:03]   == Registered custom function 'SPEECH_ENGINE'
[Jan 12 08:39:03]   == Registered custom function 'SPEECH_RESULTS_TYPE'
[Jan 12 08:39:03]   == app_speech_utils.so => (Dialplan Speech Applications)
[Jan 12 08:39:03]  Loading res_ari_asterisk.so.
[Jan 12 08:39:03]   == res_ari_asterisk.so => (RESTful API module - Asterisk resources)
[Jan 12 08:39:03]  Loading res_ari_sounds.so.
[Jan 12 08:39:03]   == res_ari_sounds.so => (RESTful API module - Sound resources)
[Jan 12 08:39:03]  Loading res_ari_recordings.so.
[Jan 12 08:39:03]   == res_ari_recordings.so => (RESTful API module - Recording resources)
[Jan 12 08:39:03]  Loading res_stasis_answer.so.
[Jan 12 08:39:03]   == res_stasis_answer.so => (Stasis application answer support)
[Jan 12 08:39:03]  Loading func_pjsip_endpoint.so.
[Jan 12 08:39:03]   == Registered custom function 'PJSIP_ENDPOINT'
[Jan 12 08:39:03]   == func_pjsip_endpoint.so => (Get information about a PJSIP endpoint)
[Jan 12 08:39:03]  Loading res_ari_applications.so.
[Jan 12 08:39:03]   == res_ari_applications.so => (RESTful API module - Stasis application resources)
[Jan 12 08:39:03]  Loading func_pjsip_contact.so.
[Jan 12 08:39:03]   == Registered custom function 'PJSIP_CONTACT'
[Jan 12 08:39:03]   == func_pjsip_contact.so => (Get information about a PJSIP contact)
[Jan 12 08:39:03]  Loading res_ari_events.so.
[Jan 12 08:39:03]   == WebSocket registered sub-protocol 'ari'
[Jan 12 08:39:03]   == res_ari_events.so => (RESTful API module - WebSocket resource)
[Jan 12 08:39:03]  Loading res_stasis_playback.so.
[Jan 12 08:39:03]   == res_stasis_playback.so => (Stasis application playback support)
[Jan 12 08:39:03]  Loading res_ari_channels.so.
[Jan 12 08:39:03]   == res_ari_channels.so => (RESTful API module - Channel resources)
[Jan 12 08:39:03]  Loading res_ari_bridges.so.
[Jan 12 08:39:03]   == res_ari_bridges.so => (RESTful API module - Bridge resources)
[Jan 12 08:39:03]  Loading res_ari_playbacks.so.
[Jan 12 08:39:03]   == res_ari_playbacks.so => (RESTful API module - Playback control resources)
[Jan 12 08:39:03]  Loading res_manager_devicestate.so.
[Jan 12 08:39:03]   == Manager registered action DeviceStateList
[Jan 12 08:39:03]   == res_manager_devicestate.so => (Manager Device State Topic Forwarder)
[Jan 12 08:39:03]  Loading res_manager_presencestate.so.
[Jan 12 08:39:03]   == Manager registered action PresenceStateList
[Jan 12 08:39:03]   == res_manager_presencestate.so => (Manager Presence State Topic Forwarder)
[Jan 12 08:39:03]  Loading app_queue.so.
[Jan 12 08:39:03]   == Registered application 'Queue'
[Jan 12 08:39:03]   == Registered application 'AddQueueMember'
[Jan 12 08:39:03]   == Registered application 'RemoveQueueMember'
[Jan 12 08:39:03]   == Registered application 'PauseQueueMember'
[Jan 12 08:39:03]   == Registered application 'UnpauseQueueMember'
[Jan 12 08:39:03]   == Registered application 'QueueLog'
[Jan 12 08:39:03]   == Registered application 'QueueUpdate'
[Jan 12 08:39:03]   == Manager registered action QueueStatus
[Jan 12 08:39:03]   == Manager registered action QueueSummary
[Jan 12 08:39:03]   == Manager registered action QueueAdd
[Jan 12 08:39:03]   == Manager registered action QueueRemove
[Jan 12 08:39:03]   == Manager registered action QueuePause
[Jan 12 08:39:03]   == Manager registered action QueueLog
[Jan 12 08:39:03]   == Manager registered action QueuePenalty
[Jan 12 08:39:03]   == Manager registered action QueueMemberRingInUse
[Jan 12 08:39:03]   == Manager registered action QueueRule
[Jan 12 08:39:03]   == Manager registered action QueueReload
[Jan 12 08:39:03]   == Manager registered action QueueReset
[Jan 12 08:39:03]   == Manager registered action QueueChangePriorityCaller
[Jan 12 08:39:03]   == Registered custom function 'QUEUE_VARIABLES'
[Jan 12 08:39:03]   == Registered custom function 'QUEUE_EXISTS'
[Jan 12 08:39:03]   == Registered custom function 'QUEUE_MEMBER'
[Jan 12 08:39:03]   == Registered custom function 'QUEUE_MEMBER_COUNT'
[Jan 12 08:39:03]   == Registered custom function 'QUEUE_MEMBER_LIST'
[Jan 12 08:39:03]   == Registered custom function 'QUEUE_GET_CHANNEL'
[Jan 12 08:39:03]   == Registered custom function 'QUEUE_WAITING_COUNT'
[Jan 12 08:39:03]   == Registered custom function 'QUEUE_MEMBER_PENALTY'
[Jan 12 08:39:03]   == app_queue.so => (True Call Queueing)
[Jan 12 08:39:03] WARNING[383]: loader.c:2381 load_modules: Some non-required modules failed to load.
[Jan 12 08:39:03] ERROR[383]: loader.c:2396 load_modules: res_timing_dahdi declined to load.
[Jan 12 08:39:03] ERROR[383]: loader.c:2396 load_modules: Failed to resolve dependencies for res_stir_shaken
[Jan 12 08:39:03] ERROR[383]: loader.c:2396 load_modules: res_stir_shaken declined to load.
[Jan 12 08:39:03] ERROR[383]: loader.c:2396 load_modules: res_pjsip_transport_websocket declined to load.
[Jan 12 08:39:03] ERROR[383]: loader.c:2396 load_modules: cdr_sqlite3_custom declined to load.
[Jan 12 08:39:03] ERROR[383]: loader.c:2396 load_modules: cel_sqlite3_custom declined to load.
[Jan 12 08:39:03] ERROR[383]: loader.c:2396 load_modules: Failed to resolve dependencies for res_http_media_cache
[Jan 12 08:39:03] ERROR[383]: loader.c:2396 load_modules: res_http_media_cache declined to load.
[Jan 12 08:39:03] ERROR[383]: loader.c:2396 load_modules: Failed to resolve dependencies for res_pjsip_stir_shaken
[Jan 12 08:39:03] ERROR[383]: loader.c:2396 load_modules: res_pjsip_stir_shaken declined to load.
[Jan 12 08:39:03] WARNING[413]: chan_sip.c:35461 deprecation_notice: chan_sip has no official maintainer and is deprecated.  Migration to
[Jan 12 08:39:03] WARNING[413]: chan_sip.c:35462 deprecation_notice: chan_pjsip is recommended.  See guides at the Asterisk Wiki:
[Jan 12 08:39:03] WARNING[413]: chan_sip.c:35463 deprecation_notice: https://wiki.asterisk.org/wiki/display/AST/Migrating+from+chan_sip+to+res_pjsip
[Jan 12 08:39:03] WARNING[413]: chan_sip.c:35464 deprecation_notice: https://wiki.asterisk.org/wiki/display/AST/Configuring+res_pjsip
[Jan 12 08:39:03] Asterisk Ready.

[TECH7Fox]

do I have to take out the line BEGIN CERTIFICATE and END CERTIFICATE?

No, that is fine.

You can check the certificate by going to https://<ha-ip>:8089/ws. It should say Upgrade Required.

Also some error in LOG

That's also normal. The modules are auto loaded so some non-required modules fail.

Did you place/copy the certificate in /ssl and set the correct file names?

[Klagio]

You can check the certificate by going to https://192.168.1.12:8089/ws. It should say Upgrade Required.

No I receive ERR_CONNECTION_REFUSED

I guess a problem with the certificates? (Yes I copied the certificates in \192.168.1.12\ssl

[TECH7Fox]

I think so. Only other thing I can think of is the file names set in the addon config.

Otherwise, I suggest checking the certificate domain.