I am running a docker host with a public IP.
I am using caddy proxy to route traffic to the correct internal destination (other docker containers).
Port 80 and 433 were bind to caddy container. Caddy is already doing the ssl cert business.
Caddy is forwarding requests for boringproxy domain to ports 8080 or 8433 of boringproxy container host - depends on http or https requests.
I am running the latest version of boringproxy docker image: version: ‘3.7’ (prebuild.yml here on github).
Docker configuration:
cat docker-compose.yml
version: '3.7'
services:
boringproxy:
container_name: boringproxy-server
restart: unless-stopped
ports:
- "8080:80"
- "8443:443"
volumes:
- storage:/storage/
- ssh://.ssh
- /etc/ssl/certs/:/etc/ssl/certs/:ro
command: ["server", "-admin-domain", "test.domain.com", "-acme-email", "me@domain.com", "-accept-ca-terms", "-cert-dir", "/storage/certmagic", "-print-login"]
environment:
USER: "root"
volumes:
storage:
ssh:
From docker logs:
2022/12/01 11:16:32 Starting up
WARNING: Failed to access my-public-ip:80 from the internet
WARNING: Failed to access my-public-ip:443 from the internet
2022/12/01 11:16:34 Automatic agreement to CA terms with email (me@domain.com)
2022/12/01 11:16:41 test.domain.com: obtaining certificate: [test.domain.com] Obtain: [test.domain.com] solving challenges: test.domain.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/849363237/149281510017) (ca=https://acme-v02.api.letsencrypt.org/directory)
In general I do not need ssl for boringproxy at all - is it possible to disable it?
But what is the problem above? Is letsencrypt trying to connect to ports 80/433 of the public ip (no domain)?