search

lucaslorentz / caddy-docker-proxy

Caddy as a reverse proxy for Docker
MIT License
2.85k stars 169 forks source link

How to local test caddy with whoami #627

Closed sowinski closed 3 months ago

sowinski commented 3 months ago

Hi,

I want to do some testing on my local machine.

I used your example from the docs which works with a real domain nicely:

But how can I run this in my local machine?

I edited /etc/hosts

127.0.0.1       localhost
127.0.0.1       whoami.example.com

And started both container and get this error of course:

caddy-1  | {"level":"info","ts":1717584209.3414166,"logger":"http","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1706364667","account_contact":[]}
caddy-1  | {"level":"error","ts":1717584212.0552607,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"whoami.example.com","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Error creating new order :: Cannot issue for \"whoami.example.com\": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy"}
caddy-1  | {"level":"error","ts":1717584212.0553057,"logger":"tls.obtain","msg":"will retry","error":"[whoami.example.com] Obtain: [whoami.example.com] creating new order: attempt 1: https://acme-v02.api.letsencrypt.org/acme/new-order: HTTP 400 urn:ietf:params:acme:error:rejectedIdentifier - Error creating new order :: Cannot issue for \"whoami.example.com\": The ACME server refuses to issue a certificate for this domain name, because it is forbidden by policy (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":2.714485807,"max_duration":2592000}

If I ignore this error and try to connect to whoami then i get this error:

curl -v http://whoami.example.com
*   Trying 127.0.0.1:80...
* Connected to whoami.example.com (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: whoami.example.com
> User-Agent: curl/7.81.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://whoami.example.com/
< Server: Caddy
< Date: Wed, 05 Jun 2024 10:46:26 GMT
< Content-Length: 0
< 
* Closing connection 0

curl -v https://whoami.example.com
*   Trying 127.0.0.1:443...
* Connected to whoami.example.com (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Unknown (21):
* TLSv1.3 (IN), TLS alert, internal error (592):
* error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection 0
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error

What can I do to test local?

sowinski commented 3 months ago 
labels:
        caddy: example.com
        caddy.reverse_proxy: "{{upstreams 80}}"
        caddy.tls: "internal"

setting tls to internal was what I was looking for.