Caddy working on Windows not Fedora

Docker Desktop
1

Edit: Looks like I need to read up on firewalld - I just disabled the service and everything works.

Hi hoping for a little guidance. Though this may be more of a Caddy question than a Docker question…

I have been using docker desktop on Windows 10 and 11 for about a year and I am in the process of migrating the whole system to Fedora mostly for GPU pass-through capability for Jellyfin. Nothing here is critical just little self-host apps that sort of thing.

I had previously setup caddy following this self-host guide here. Everything works great in Docker on Windows.

I installed docker desktop on my Fedora system per the Docker documentation and as far as I can tell there are no issue with the install, however Caddy doesn’t work.

I created a network with “docker network create caddy” and can confirm is exists with “docker network ls” driver type is bridge (same as my windows host)
I am using the same docker compose from my windows system to build the container.

services:

  caddy:
    image: caddy
    container_name: caddy
    hostname: caddy
    restart: unless-stopped
    env_file: .env
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./caddy_config:/data
      - ./caddy_data:/config

networks:
  default:
    name: $DOCKER_MY_NETWORK
    external: true

along side this .env file:

# GENERAL
TZ=America/New_York
DOCKER_MY_NETWORK=caddy
MY_DOMAIN=iamnotanengineer.day

and a Caddyfile containing:

whoami.{$MY_DOMAIN} {
	reverse_proxy whoami:80
}

When I create the container this is what I get for output:

~/Docker/Caddy$ docker compose up
[+] Running 1/1
 ✔ Container caddy  Created                                                                        0.2s 
Attaching to caddy
caddy  | {"level":"info","ts":1711905750.9331555,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
caddy  | {"level":"info","ts":1711905750.9349387,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
caddy  | {"level":"info","ts":1711905750.9350572,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy  | {"level":"info","ts":1711905750.9350767,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy  | {"level":"info","ts":1711905750.9352884,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00050a700"}
caddy  | {"level":"info","ts":1711905750.9353452,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
caddy  | {"level":"info","ts":1711905750.935402,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
caddy  | {"level":"info","ts":1711905750.9363732,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
caddy  | {"level":"warn","ts":1711905750.936831,"logger":"tls","msg":"unable to get instance ID; storage clean stamps will be incomplete","error":"open /data/caddy/instance.uuid: no such file or directory"}
caddy  | {"level":"info","ts":1711905750.9369848,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
caddy  | {"level":"info","ts":1711905750.9370017,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["whoami.iamnotanengineer.day"]}
caddy  | {"level":"info","ts":1711905750.9383671,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy  | {"level":"info","ts":1711905750.9383893,"msg":"serving initial configuration"}
caddy  | {"level":"info","ts":1711905750.9478247,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/data/caddy"}
caddy  | {"level":"info","ts":1711905750.9489722,"logger":"tls.obtain","msg":"acquiring lock","identifier":"whoami.iamnotanengineer.day"}
caddy  | {"level":"info","ts":1711905750.949445,"logger":"tls","msg":"finished cleaning storage units"}
caddy  | {"level":"info","ts":1711905750.9563255,"logger":"tls.obtain","msg":"lock acquired","identifier":"whoami.iamnotanengineer.day"}
caddy  | {"level":"info","ts":1711905750.956754,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"whoami.iamnotanengineer.day"}
caddy  | {"level":"info","ts":1711905751.2946918,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["whoami.iamnotanengineer.day"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy  | {"level":"info","ts":1711905751.2947245,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["whoami.iamnotanengineer.day"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy  | {"level":"info","ts":1711905751.6042695,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"whoami.iamnotanengineer.day","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
caddy  | {"level":"error","ts":1711905752.2982302,"logger":"http.acme_client","msg":"challenge failed","identifier":"whoami.iamnotanengineer.day","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"my.public.ipv4.address: Error getting validation data","instance":"","subproblems":[]}}
caddy  | {"level":"error","ts":1711905752.2982714,"logger":"http.acme_client","msg":"validating authorization","identifier":"whoami.iamnotanengineer.day","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"my.public.ipv4.address: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1647052337/256997785297","attempt":1,"max_attempts":3}
caddy  | {"level":"info","ts":1711905753.5479093,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"whoami.iamnotanengineer.day","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
caddy  | {"level":"error","ts":1711905754.2836318,"logger":"http.acme_client","msg":"challenge failed","identifier":"whoami.iamnotanengineer.day","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"my.public.ipv4.address: Fetching http://whoami.iamnotanengineer.day/.well-known/acme-challenge/sPYHlSjbxT9Z5P5zuFj7f_uqqY9Ej166azW8lC1JWfQ: Error getting validation data","instance":"","subproblems":[]}}
caddy  | {"level":"error","ts":1711905754.283668,"logger":"http.acme_client","msg":"validating authorization","identifier":"whoami.iamnotanengineer.day","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"my.public.ipv4.address: Fetching http://whoami.iamnotanengineer.day/.well-known/acme-challenge/sPYHlSjbxT9Z5P5zuFj7f_uqqY9Ej166azW8lC1JWfQ: Error getting validation data","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1647052337/256997790827","attempt":2,"max_attempts":3}
caddy  | {"level":"error","ts":1711905754.283691,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"whoami.iamnotanengineer.day","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - my.public.ipv4.address: Fetching http://whoami.iamnotanengineer.day/.well-known/acme-challenge/sPYHlSjbxT9Z5P5zuFj7f_uqqY9Ej166azW8lC1JWfQ: Error getting validation data"}
caddy  | {"level":"warn","ts":1711905754.2839422,"logger":"http","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
caddy  | {"level":"info","ts":1711905754.7504725,"logger":"http","msg":"generated EAB credentials","key_id":"75XzWcH-pbhcEtWqSiOq3w"}
caddy  | {"level":"info","ts":1711905755.4590178,"logger":"http","msg":"waiting on internal rate limiter","identifiers":["whoami.iamnotanengineer.day"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
caddy  | {"level":"info","ts":1711905755.4590404,"logger":"http","msg":"done waiting on internal rate limiter","identifiers":["whoami.iamnotanengineer.day"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
caddy  | {"level":"info","ts":1711905756.0561452,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"whoami.iamnotanengineer.day","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}

I see errors here about not having UDP size, but I’ve already increased using the below; though given the errors persists maybe these are not adequate:

sysctl -w net.core.rmem_max=2500000
sysctl -w net.core.wmem_max=2500000

I’m at a loss at this point. If anyone can point me in the right direction it would be very helpful. It’s probably something easy considering this is a clean install for the OS and the only app I’ve added is docker, I don’t think there should be much to complicate things.

Edit: Going to explore possible firewall related issues, haven’t gone there yet.