On-demand TLS error on caddy

Question

On-demand TLS error on caddy

dolciss opened this issue a year ago · comments

Since this morning I have been unable to connect to my sandbox PDS and when I checked Caddy's logs there were errors.

Error: loading initial config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: provisioning automation policy 0: on-demand TLS cannot be enabled without an 'ask' endpoint to prevent abuse; please refer to documentation for details

So I added to the Caddy file referring to the following post and it started working again
https://bsky.app/profile/ubanis.com/post/3k453hmbgfm2y (bsky.social Post)

{
        email my-email-address
        on_demand_tls {
                ask http://localhost:3000
        }
}

I'm sorry I don't know the details, but is it necessary to reflect this in install.sh?

Yun KwangSeon · Answer 1 · Sun Aug 06 2023 13:08:31 GMT+0800 (China Standard Time)

I had the same problem, and I suffered because the URL could not be checked, but I fixed it like this.
This is the entire contents of the file.

vi /pds/caddy/etc/caddy/Caddyfile

{
    email {your-email-address}
    on_demand_tls {
        ask http://localhost:3000
    }
}

*.{your-domain}, {your-domain} {
    tls {
        on_demand
    }
    reverse_proxy http://localhost:3000
}

L-tan · Answer 2 · Sat Aug 12 2023 09:14:18 GMT+0800 (China Standard Time)

It was reflected in commit 6e51174, so I will close it
thanks for the update @Jacob2161 !