Sign Up
Go Pro Sign Up Login

Buy Now and unlock this series

$

49

.99

$

29

.99

yours forever

Become a Pro and unlock everything

$

24

.99

per month

Local SSL With Caddy Server

Now that we have our hosts file updated, we will use Caddy to get http certificates for our dev server
Caddy: https://caddyserver.com/docs/install
For those with homebrew, Caddy can be installed with
 the following command brew install caddy

Downloads

Become a pro to download code and videos

Comments

Hartwig

25 days ago [edited]

@Raul Thank you - that is great resource : curl.exe -A "MS" https://webinstall.dev/caddy | powershell
The issue is as always: does th install consider the PATH. And this one does. Nice install - environment variables were set like magic- called it caddy run and it ran Windows presented me a pop up "do you, honrable user, really really want to install this certificate" and I agreed.

As I had stopped my node app to run, I used a folder nearby, opened with VSC and opened the terminal to start it: nodeauth.dev and all the bells and whistles. Cool. I needed a break.

David Fraser Bergeron

about 1 month ago

I had some trouble getting this running on Firefox on OSX. Kept getting the error: SEC_ERROR_UNKNOWN_ISSUER.

It turns out Firefox has its own keychain for Certificate Authorities, so you need some way to let it know that you want it to use your root/local CA's.

I got it working by setting "security.enterprise_roots.enabled" to 'true' in my firefox "about:config". You can find more info here: https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox

Hope this saves someone some time!

Panos

4 months ago

In case it helps someone, to get it to work in big sur i had to manually delete the contents of : /Users/[MY_USER]/Library/Application Support/Caddy

I installed it using brew in the past and might have had some old config files.

Jon Deavers

5 months ago

Hello. I am stuck trying to get Caddy to serve my files. I've tried troubleshooting online and the terminology used in the solutions found is way above my pay grade. When I run "caddy run" I get the following warning:

tls stapling OCSP {"error": "no OCSP stapling for [nodeauth.dev]: no OCSP server specified in certificate"}

Then when I try to hit the "nodeauth.dev" in my browser I get:

http.log.error dial tcp 127.0.0.1:3000: connectex: No connection could be made because the target machine actively refused it. {"request": {"remote_addr": "127.0.0.1:55031", "proto": "HTTP/2.0", "method": "GET", "host": "nodeauth.dev", "uri": "/", "headers": {"Accept-Encoding": ["gzip, deflate, br"], "Cache-Control": ["max-age=0"], "Sec-Ch-Ua": ["" Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90""], "Upgrade-Insecure-Requests": ["1"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Sec-Fetch-Site": ["none"], "Sec-Fetch-User": ["?1"], "Sec-Fetch-Dest": ["document"], "Sec-Ch-Ua-Mobile": ["?0"], "Dnt": ["1"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"], "Sec-Fetch-Mode": ["navigate"], "Accept-Language": ["en-US,en;q=0.9,la;q=0.8"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "nodeauth.dev"}}, "duration": 2.0236174, "status": 502, "err_id": "gxz6vw282", "err_trace": "reverseproxy.statusError (reverseproxy.go:783)"}

The hosts file looks like this:

localhost name resolution is handled within DNS itself.

127.0.0.1       localhost
::1             localhost
127.0.0.1  nodeauth.dev

I am on windows and had followed part 1 and part 2 line for line up to this point. Any guidance is appreciated. Thanks!

User avatar

Raul

5 months ago

@Jason Long If you're on Windows I'd suggest you check out this documentation https://webinstall.dev/caddy/ instead of what's on the tutorial. Looks like it will also require some Firewall updates, let me know if you think this is not related to your issue though.

Jason Long

5 months ago

Has anyone had any issues with this process on Windows? I'm still getting privacy error warnings from Chrome and am having issues finding guidance.

Mark Volkmann

5 months ago

Finally got the caddy server running in macOS. I don't know why I needed to do this, but changing my Caddyfile to the following (added the http_port line) fixed the issue I was hitting where it said port 80 was in use.

{ http_port 8089 local_certs }

nodeauth.dev { reverse_proxy 127.0.0.1:3000 }

Mark Volkmann

5 months ago

I haven't been able to get this to work on macOS. caddy run gives me this output:

2021/04/14 17:26:09.114 INFO using adjacent Caddyfile 2021/04/14 17:26:09.115 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]} 2021/04/14 17:26:09.116 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0003c6e00"} 2021/04/14 17:26:09.123 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443} 2021/04/14 17:26:09.123 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"} 2021/04/14 17:26:09.259 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"} run: loading initial config: loading new config: http app module: start: tcp: listening on :80: listen tcp :80: bind: address already in use

But as far as I can see from using the lsof command, I don't have any processing listening on port 80.

Bradley

6 months ago [edited]

To help others on any Ubuntu flavor I had to do the following to get Caddy reverse proxy working:

  1. Install using steps outlined on caddyserver(dot)com/docs/install#debian-ubuntu-raspbian
  2. Disable Caddy as a systemctl service otherwise port :2019 will be in use: sudo systemctl disable caddy
  3. If bind address in use error for port 443 then run: sudo setcap CAP_NET_BIND_SERVICE=+eip $(which caddy)
  4. If you cannot hit the nodeauth.dev URL and get certificate errors such as NET::ERR_CERT_AUTHORITY_INVALID or SEC_ERROR_UNKNOWN_ISSUER then we can try caddy trust/untrust.
  5. Install certutil: sudo apt install libss3-tools
  6. If Java is not installed on your system then install it so caddy trust can install to Java cert chain. I recommend installing Java using sdkman at sdkman(dot)io
  7. Run caddy trust: caddy trust
  8. If this does not fix then untrust and retrust caddy untrust && caddy trust
  9. Chromium based browsers worked for me but on Firefox enable the about:config property 'security.enterprise_roots.enabled' to true.

Want to join the conversation?

Become a Pro member today!