Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Caddyfile fails to load when a hostname is specified #21

Open
adamlesinski opened this issue Oct 5, 2023 · 2 comments
Open

Caddyfile fails to load when a hostname is specified #21

adamlesinski opened this issue Oct 5, 2023 · 2 comments

Comments

@adamlesinski
Copy link

adamlesinski commented Oct 5, 2023
edited

My goal is to host a web service behind tailscale, and leverage tailscale's ability to know which user is connecting as an auth mechanism.

I want my service, running as tailscale device my-node, to be accessible over a custom domain name foo.bar.com (placeholder). Once the node is registered with tailscale, I want to set the DNS A record for foo.bar.com to point at my-node's tailscale IP.

I have the following Caddyfile:

{
    order tailscale_auth after basicauth
}

foo.bar.com:443 {
    bind tailscale/my-node
    tailscale_auth

    respond "Success!"
}

I generated a TS_AUTHKEY and set it in caddy's environment before running caddy run --config /etc/config/Caddyfile. I get the following error:

Error: loading initial config: loading new config: http app module: start: listen udp 100.97.63.133:443: bind: cannot assign requested address

I tried changing bind tailscale/my-node to bind tailscale/ and got:

Error: loading initial config: loading new config: http app module: start: listening on tailscale/:443: missing port in address

The error goes away when I drop foo.bar.com from the route directive.
@adamlesinski
Copy link
Author

Is this related to https://github.com/tailscale/caddy-tailscale#https-support ? I am managing my own certs (using a DNS-specific provider challenge) so I am not relying on tailscale's cert issuance.

@willnorris
Copy link
Member

so, we've changed quite a bit in the plugin since you filed this issue, so I'm wondering if you'd be willing to try again. I setup a similar config, and ended up getting the error:

Error: loading initial config: loading new config: http app module: start: starting HTTP/3 QUIC listener: listen udp: lookup caddytest: no such host

Disabling HTTP3 solved, so I ended up with a config of:

{
  order tailscale_auth after basicauth
  auto_https off
  servers {
    protocols h1 h2
  }
  tailscale {
    ephemeral
  }
}

caddytest.willnorris.net:443 {
  tls domain.cert.pem private.key.pem
  bind tailscale/caddytest
  tailscale_auth
  templates
  respond `Hello, {{placeholder "http.auth.user.id"}}`
}

Note I'm using static TLS cert files rather than using caddy's https support, though I'm not sure that matters for this. So if you get a chance, try again and let me know if still run into the same issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@willnorris @adamlesinski