No 443 port listener about caddy-docker-proxy HOT 11 CLOSED

That's what's causing the issue though, have a look at the caddy docs on what that's meant to be used for.

The -port should be used for the TLS/SSL port so it shouldn't be set to 80. If anything it should be set to 443 and only if you're using self_signed certs, if you're just using http then you don't need todo anything apart from disable tls using tls off or using http://domain.tld:80.

Ref: caddyserver/caddy#1673 (comment)

from caddy-docker-proxy.

ports exposed from host with

    ports:
    - 80:80
    - 443:443

DNAT looks ok...

iptables -t nat -vnL | grep 443
    2   104 DNAT       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 to:172.19.0.3:443

from caddy-docker-proxy.

Maybe related to #26

from caddy-docker-proxy.

It looks like a bug in caddy, but I don't know...

Started caddy with -port 80 to move the default port from 2015 to http/80. That is important to serve sites without tls on default port 80. But some times -port 80 removes the https/443 listener.

So site get an LE cert, user is redirected to 443, but caddy haven't a 443 listener...?!

Problem isn't persistent over all installations. Started with docker run ... it works fine for some days, but lose the listener http/80 after some days.
Started caddy with -port 80 as docker stack no chance to get it listen to 443, but get certificates and clients are redirected to 443 with an error message.

Removed -port 80 and 443 is working again. But if I'll deploy an website without tls now :80 is needed for http/80 because auf default port 2015.

from caddy-docker-proxy.

You shouldn't need to use -port unless you're using self_signed certs.

Make sure if you're wanting a site without tls use something like this.

http://domain.tld:80 {
    tls off
}

This seems more like an issue with how you're using caddy than this plugin.

from caddy-docker-proxy.

At the moment I use it without -port and just with <domain>:80 if needed to disable tls.

from caddy-docker-proxy.

Shouldn't tls off and domain.com serve the website on the default port? Default port is 2015. I tried to change the default port 2015 with -port 80.

-port
The default port to listen on. This is usually used with -host to quickly get simple sites up and running without a Caddyfile.

Is it really only https port related? I know additional options -http-port and -https-port, but -port should be change the default listen port I think...

from caddy-docker-proxy.

Why do you want to change the default port though? HTTP is served on 80 and HTTPS is served on 2015 or the -port number if you're using self_signed certs.

I think this and the port 80 issue can be closed.

from caddy-docker-proxy.

I tried to change the port because http for example.com is served on port 2015 instead of 80. And after some days caddy-docker-proxy changed listen port during reload from 80+443 to 2015+443. And without a tcp port listener on port 80 http won't work...

We can close the issue because it works with example.com:80 as workaround.

from caddy-docker-proxy.

Thanks @pwFoo

For the record. That's caddy behavior, this plugin doesn't change it.

So, the solution is to change site address to force it to use the desired port.
Following Caddy docs: https://caddyserver.com/docs/http-caddyfile

from caddy-docker-proxy.

So any domain without tls (tls off) uses port 2015

localhost # Host: localhost; Port: 2015

So yes, it's caddy behavior... Workaround add port to domain.

Closed

from caddy-docker-proxy.