caddy: QUIC server doesn't get a working TLS config

1. What version of Caddy are you running (`caddy -version`)?

master, with golang 1.8.

2. What are you trying to do?

Run a HTTP/2 and QUIC proxy. Using the 0.9.5 binary, it works, but runs into the common panic with POSTs and QUIC that has been fixed since 0.9.5. Swapping out the 0.9.5 binary with a build of master, produced by running build.bash, the QUIC portion listens on port 443 but just doesn’t work. Debugging it further, it appears that the QUIC server doesn’t get any certificate info in its config.

3. What is your entire Caddyfile?

https://subdomain.mydomain.com {
      gzip
      tls /etc/caddy/certs/mydomain.com.crt /etc/caddy/certs/mydomain.com.key
      
      proxy / 172.17.0.3:80 {
        header_upstream Host {host}
        header_upstream X-Real-IP {remote}
        header_upstream X-Forwarded-For {remote}
        header_upstream X-Forwarded-Proto {scheme}
      }
}

Those are valid wildcard certs that work with HTTP/2, and work with HTTP/2+QUIC using the 0.9.5 binary. Switching it to use Auto HTTPS with Lets Encrypt, the problem remains the same.

4. How did you run Caddy (give the full command and describe the execution environment)?

/usr/bin/caddy -quic --conf /etc/caddy/conf/Caddyfile --log stdout

5. What did you expect to see?

Chrome and the quic_client in the chromium source should be able to talk to the server via QUIC. With the 0.9.5 binary, they are.

6. What did you see instead (give full error messages and/or log)?

With a build of master, and QUIC debug logging enabled, I get this when trying to do a QUIC request:

Internal error: no matching certificate found
Closing session with error: no matching certificate found

I added more debugging in lucas-clemente/quic-go around that certificate error, and it appears that there is just no certificate info in the config that it gets. It still works over HTTP/2, and browsers are happy with the certs they get, but no QUIC.

7. How can someone who is starting from scratch reproduce this behavior as minimally as possible?

Try to run a QUIC config that was working with 0.9.5, using a build of master. Try to make a request with a QUIC client, and it will probably fail.

caddy: QUIC server doesn't get a working TLS config

1. What version of Caddy are you running (`caddy -version`)?

2. What are you trying to do?

3. What is your entire Caddyfile?

4. How did you run Caddy (give the full command and describe the execution environment)?

5. What did you expect to see?

6. What did you see instead (give full error messages and/or log)?

7. How can someone who is starting from scratch reproduce this behavior as minimally as possible?

About this issue

Most upvoted comments

caddy: QUIC server doesn't get a working TLS config

1. What version of Caddy are you running (caddy -version)?

2. What are you trying to do?

3. What is your entire Caddyfile?

4. How did you run Caddy (give the full command and describe the execution environment)?

5. What did you expect to see?

6. What did you see instead (give full error messages and/or log)?

7. How can someone who is starting from scratch reproduce this behavior as minimally as possible?

About this issue

Most upvoted comments

1. What version of Caddy are you running (`caddy -version`)?