Can't deploy discovery server behind caddy in container

I’m running a syncthing discovery server container and a caddy container as reverse proxy via podman rootless. But the discovery server still reports no certificates.

This is my Caddyfile:

{
    debug
}

sync.example.com:10443 {
    tls {
        dns cloudflare ***
        client_auth {
            mode request
        }
    }

    reverse_proxy /* syncthing-discovery:8443 {
        header_up X-Forwarded-For {http.request.remote.host}
        header_up X-Client-Port {http.request.remote.port}
        header_up X-SSL-Cert {http.request.tls.client.certificate_der_base64}
    }
}

and the log of caddy:

{"level":"debug","ts":1659198997.878383,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"syncthing-discovery:8443","duration":0.004028418,"request":{"remote_ip":"10.89.1.15","remote_port":"55602","proto":"HTTP/1.1","method":"POST","host":"sync.example.com:10443","uri":"/","headers":{"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["sync.example.com:10443"],"Content-Type":["application/json"],"Accept-Encoding":["gzip"],"X-Forwarded-For":["10.89.1.15"],"X-Client-Port":["55602"],"X-Ssl-Cert":["MIICH********************37OvaXi2w=="],"User-Agent":["Go-http-client/1.1"],"Content-Length":["133"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"sync.example.com","client_common_name":"syncthing","client_serial":"6081856432655817123"}},"headers":{"Retry-After":["1500"],"X-Content-Type-Options":["nosniff"],"Date":["Sat, 30 Jul 2022 16:36:37 GMT"],"Content-Length":["10"],"Content-Type":["text/plain; charset=utf-8"]},"status":403}

Is there something wrong?

Are you running the discovery server with -http? Is Caddy talking HTTP to it and not HTTPS (I can’t tell from the config snippet)?

All yes. This is the docker-compose.yml of syncthing discovery server:

version: "3"
services:
  syncthing-discovery:
    image: docker.io/t4skforce/syncthing-discovery
    container_name: syncthing-discovery
    hostname: nas-syncthing-discovery
    environment:
      - DISCO_OPTS="-http -debug"
    ports:
      - 22067:22067
    networks:
      - caddy
    restart: unless-stopped

networks:
  caddy:
    external: true

Yeah I don’t know. Maybe show the actual discovery logs in case they have clues, otherwise look at the traffic in detail and troubleshoot accordingly…

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.