search

caddyserver / caddy

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
https://caddyserver.com
Apache License 2.0
58.42k stars 4.04k forks source link

Support sending ACME challenge with proxy #2054

Closed htfy96 closed 6 years ago

htfy96 commented 6 years ago

1. What version of Caddy are you using (caddy -version)?

0.10.11

2. What are you trying to do?

To setup a HTTPS server through automatic HTTPS.

3. What is your entire Caddyfile?

mirrors-v2.sjtug.org {
    root /mnt
    tls {
        dns dnspod
    }
}

4. How did you run Caddy (give the full command and describe the execution environment)?

In a docker container, with http{s}_proxy/DNSPOD_API_KEY configured. caddy -conf /Caddyfile.

5. Please paste any relevant HTTP request(s) here.

N/A

6. What did you expect to see?

The challenge-response process of ACME should be sent through given http{s}_proxy.

7. What did you see instead (give full error messages and/or log)?

caddy    | Email address: Activating privacy features... 
caddy    | Your sites will be served over HTTPS automatically using Let's Encrypt.
caddy    | By continuing, you agree to the Let's Encrypt Subscriber Agreement at:
caddy    |   https://acme-v01.api.letsencrypt.org/terms
caddy    | Please enter your email address so you can recover your account if needed.
caddy    | You can leave it blank, but you'll lose the ability to recover your account.
caddy    | 2018/03/04 10:14:25 get directory at 'https://acme-v01.api.letsencrypt.org/directory': failed to get json "https://acme-v01.api.letsencrypt.org/directory": Get https://acme-v01.api.letsencrypt.org/directory: dial tcp 23.76.67.207:443: i/o timeout
caddy    | Email address: caddy exited with code 1

8. How can someone who is starting from scratch reproduce the bug as minimally as possible?

Try caddy in networks where letsencrypt.org is blocked.

mholt commented 6 years ago

Hmm yes we should allow this. @xenolf I think Go supports proxy from environment, we can probably use that, right?

mholt commented 6 years ago

I can't find anything in Caddy that would be blocking this; my suggestion for now is to try taking this upstream to xenolf/lego and try completing a challenge using only lego itself, with your proxy configured in environment, and then see if that works. If not, then it should be an issue filed with lego. Thanks!