Well, I have it "working", but I'm not sure it's right :-)
3 items of note:
1) (and this I don't believe I should have to do, but...)
Add:
insecure_skip_verify
to the proxy
2) There is currently a bug in the "transparent" preset for caddy - this is
fixed in the current code, but the last 0.9 release it doesn't work - see
below for the manual fix
3) I don't need to auth in the caddy, since ccmlistore will do it
That leaves me with:
camlistore.xxxxxxx.com {
gzip
log /var/log/caddy/camlistore_access.log
errors /var/log/caddy/camlistore_error.log
proxy / https://localhost:3179/ {
insecure_skip_verify
header_upstream Host {host}
header_upstream X-Real-IP {remote}
header_upstream X-Forwarded_For {remote}
header_upstream X-Forwarded-Proto {scheme}
# transparent
}
}
On Thursday, July 28, 2016 at 11:36:25 PM UTC-4, [email protected]
wrote:
>
> I've seen a reference to getting Caddy (caddyserver.com) as a proxy for
> Camlistore...
>
> Anybody have a Caddyfile (and server config) that they would share?
>
> It seems straightforward, but I can't get the certificates right.
>
> I have the server config pointing to the same cert files as caddy, but I
> get:
>
> 2016/07/28 23:12:24 http: TLS handshake error from [::1]:39144: remote
> error: bad certificate
>
> This is what I have now:
>
> server-config.json
>
> {
> "auth": "userpass:xxxxx:xxxxx:+localhost",
> "listen": ":3179",
> "baseURL": "https://camlistore.xxxxxxx.com";,
> "identity": "AA091CD8",
> "identitySecretRing":
> "/home/bdillahu/.config/camlistore/identity-secring.gpg",
> "blobPath": "/home/bdillahu/var/camlistore/blobs",
> "packRelated": true,
> "levelDB": "/home/bdillahu/var/camlistore/index.leveldb",
> "dbNames": null,
> "https": true,
> "httpsCert": "/etc/ssl/caddy/.caddy/acme/
> acme-v01.api.letsencrypt.org/sites/camlistore.xxxxxxx.com/camlistore.xxxxxxx.com.crt
> ",
> "httpsKey": "/etc/ssl/caddy/.caddy/acme/
> acme-v01.api.letsencrypt.org/sites/camlistore.xxxxxxx.com/camlistore.xxxxxxx.com.key
> "
> }
>
>
> Caddyfile:
>
> camlistore.xxxxxxx.com {
> gzip
> log /var/log/caddy/camlistore_access.log
> errors /var/log/caddy/camlistore_error.log
> proxy / https://localhost:3179/ {
> transparent
> }
> basicauth / xxxxx xxxxxxx
> }
>
>
--
You received this message because you are subscribed to the Google Groups
"Camlistore" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
