0

As you would asume, I'm just starting to work with Docker and Caddy but I'm haven't being able to run it since I'm getting the following error:

Could not start HTTPS server for challenge -> listen tcp :443: bind: permission denied

Here is the docker-compose.yml:

webserver:
    image: jumanjiman/caddy
    depends_on:
      - parse-dashboard
      - loovus
    ports:
      - "80:8000"
      - "443:443"
    links:
      - parse-dashboard
      - parse-server
    volumes:
      - ./production:/prod/
      - ./dist/:/angular/
    command: -port 8000 -host 0.0.0.0 -conf /prod/Caddyfile

Here is the Caddyfile:

qa.loovus.mx:8000

tls contacto@loovus.mx

gzip {
ext .js .css
}

root /angular

proxy /parse parse-server:1337

rewrite / {
if {path} not_match /parse
to {path} /index.html
}

If you can give me any hint, I would really appreciate it.

Thank you in advance!

Neoluis10
  • 1
  • 1
  • 4
  • Can you narrow down the issue? How about running outside of Docker Compose with just `docker run -it -v ./production:/prod jumanjiman/caddy -port 8000 -host 0.0.0.0 -conf /prod/Caddyfile`? Can you also post the `Caddyfile`? There isn't enough information here to reproduce (The image runs fine locally for me). – Andy Shinn May 31 '17 at 18:17
  • Hi @AndyShinn I have updated my question with the information from my Caddyfile. I also tried to run the command you sent but I'm getting the following message: `: create ./production: "./production" includes invalid characters for a local volume name, only "[a-zA-Z0-9][a-zA-Z0-9_.-]" are allowed.If you intended to pass a host directory, use absolute path.` I also tried this way: `docker run -it -v production:/prod jumanjiman/caddy -port 8000 -host 0.0.0.0 -conf production/Caddyfile` `loading Caddyfile via flag: open production/Caddyfile: no such file or directory` Thank you – Neoluis10 May 31 '17 at 22:01
  • Ah, it would need to be the full path. You can use `-v $PWD/production:/prod` instead. – Andy Shinn Jun 01 '17 at 19:34
  • Possible problem, caddy is running as a non root user, so bind to 443 is not possible is CAP_NET_BIND_SERVICE. Can you see wich user is running caddy ? (ps aux inside caddy container) – papey Jun 01 '17 at 20:08
  • Thank you @AndyShinn. I tried again an this is the result: `docker run -it -v $PWD/production:/prod jumanjiman/caddy -port 8000 -host 0.0.0.0 -conf /prod/Caddyfile Activating privacy features...2017/06/02 18:30:41 [qa.loovus.mx] failed to get certificate: [qa.loovus.mx] error presenting token: Could not start HTTP server for challenge -> listen tcp :80: bind: permission denied` @papey, the current user of the webserver container is "caddy"; perhaps I need to give this user some sort of superuser permissions – Neoluis10 Jun 02 '17 at 18:55

1 Answers1

0

After struggling with this matter for so long, I got the right configuration. Here is what I did:

  • Use abiosoft/caddy
  • Left the default ports (80 and 443)
  • Modify the docker-compose file to use this command:

command: -conf /prod/Caddyfile

Because apparently I was overriding the Caddyfile configuration by using the previous command:

command: -port 8000 -host 0.0.0.0 -conf /prod/Caddyfile

Using these modifications I was able to run HTTPS on my website.

Thank you

Neoluis10
  • 1
  • 1
  • 4