Can't get certificates when using proxy

ZZROTDesign / alpine-caddy

Alpine Linux Docker Container running Caddyserver

MIT License

105 stars 35 forks source link

Can't get certificates when using proxy #9

Closed msis closed 8 years ago

msis commented 8 years ago

When following the proxy example, I can only get the certificate for a top level node.

I get an error :

Activating privacy features...2016/06/27 21:33:40 [gitserver.www.xxx.yyy.zzz] failed to get certificate: acme: Error 400 - urn:acme:error:connection - DNS problem: NXDOMAIN looking up A for gitserver.www.xxx.yyy.zzz

And then the container crashes.

Any idea how to resolve this issue?

kilpatty commented 8 years ago

Hey msis, you are most likely getting this error because you have not yet added the proper DNS for the domain that you are trying to verify. If you are trying to get a certificate for a sub-domain using caddy, you need to make sure that the sub domain has an A record in your DNS.

Here is a small guide on how to add a DNS for a subdomain on Digital Ocean. https://www.digitalocean.com/community/tutorials/how-to-set-up-and-test-dns-subdomains-with-digitalocean-s-dns-panel

I'm going to close this for now, let me know if anything else arises.

msis commented 8 years ago

Thanks @Skilgarriff ! You're right. I haven't set up a subdomain. I thaught it would work anyway.

I have another question then: I want Caddy to send incoming traffic under xxx.yyy.zzz/git to gitserver and keep the rest of the traffic handled with webserver.

My Caddyfile looks like the following:

xxx.yyy.zzz {

        proxy / webserver:80 {
                proxy_header Host {host}
                proxy_header X-Real-IP {remote}
                proxy_header X-Forwarded-Proto {scheme}
        }

        header / {
                #Include any headers for your site here
        }

        proxy git/ gitserver:3000 {
                proxy_header Host {host}
                proxy_header X-Real-IP {remote}
                proxy_header X-Forwarded-Proto {scheme}
        }

        gzip

        tls me@xxx.yyy  #Your email for Let's Encrypt Verification
}

But accessing https://xxx.yyy.zzz/git is then handled by webserver.

kilpatty commented 8 years ago

@msis No problem! This is more of a issue for Caddy, but I'm happy to help with this as well! To do that you would want to configure your caddyfile as so:

xxx.yyy.zzz {
    proxy / webserver:80 {
            except /git
            proxy_header Host {host}
            proxy_header X-Real-IP {remote}
            proxy_header X-Forwarded-Proto {scheme}  
    }

    header / {
            #Include any headers for your site here
    }

    proxy /git gitserver:3000 {
            proxy_header Host {host}
            proxy_header X-Real-IP {remote}
            proxy_header X-Forwarded-Proto {scheme}
    }

    gzip

    tls me@xxx.yyy  #Your email for Let's Encrypt Verification
}

That should do the trick! You want to add the except /git underneath the proxy for / and then make sure that the second proxy is formatted as /git.