几周来我一直无法将我的本地 Gitea 服务器映射到我的子域
git.neroshop.org
。我已经尝试过 nginx 和 caddy,但到目前为止我还没有取得任何成功。现在我正在尝试使用球童,但我不断收到此错误。任何帮助将不胜感激。
$ sudo caddy run --config /etc/caddy/Caddyfile
2023/04/19 21:58:48.815 INFO using provided configuration {"config_file": "/etc/caddy/Caddyfile", "config_adapter": ""}
2023/04/19 21:58:48.817 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2023/04/19 21:58:48.817 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2023/04/19 21:58:48.817 INFO http enabling automatic HTTP->HTTPS redirects{"server_name": "srv0"}
2023/04/19 21:58:48.818 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc000473500"}
2023/04/19 21:58:48.818 INFO http enabling HTTP/3 listener {"addr": ":443"}
2023/04/19 21:58:48.818 INFO failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2023/04/19 21:58:48.818 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2023/04/19 21:58:48.818 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/04/19 21:58:48.818 INFO http enabling automatic TLS certificate management {"domains": ["git.neroshop.org"]}
2023/04/19 21:58:48.818 INFO tls.obtain acquiring lock {"identifier": "git.neroshop.org"}
2023/04/19 21:58:48.834 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2023/04/19 21:58:48.834 INFO tls finished cleaning storage units
2023/04/19 21:58:48.851 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2023/04/19 21:58:48.851 INFO serving initial configuration
2023/04/19 21:58:48.917 INFO tls.obtain lock acquired {"identifier": "git.neroshop.org"}
2023/04/19 21:58:48.917 INFO tls.obtain obtaining certificate {"identifier": "git.neroshop.org"}
2023/04/19 21:58:48.940 INFO http waiting on internal rate limiter {"identifiers": ["git.neroshop.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/04/19 21:58:48.940 INFO http done waiting on internal rate limiter {"identifiers": ["git.neroshop.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/04/19 21:58:49.612 INFO http.acme_client trying to solve challenge {"identifier": "git.neroshop.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/04/19 21:58:49.959 ERROR http.acme_client cleaning up solver {"identifier": "git.neroshop.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.git.neroshop.org\" (usually OK if presenting also failed)"}
2023/04/19 21:58:50.065 ERROR tls.obtain could not get certificate from issuer {"identifier": "git.neroshop.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[git.neroshop.org] solving challenges: presenting for challenge: adding temporary record for zone \"neroshop.org.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1054177917/177201597357) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2023/04/19 21:58:50.067 INFO http waiting on internal rate limiter {"identifiers": ["git.neroshop.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "[email protected]"}
2023/04/19 21:58:50.068 INFO http done waiting on internal rate limiter {"identifiers": ["git.neroshop.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "[email protected]"}
2023/04/19 21:58:51.606 INFO http.acme_client trying to solve challenge {"identifier": "git.neroshop.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2023/04/19 21:58:51.753 ERROR http.acme_client cleaning up solver {"identifier": "git.neroshop.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.git.neroshop.org\" (usually OK if presenting also failed)"}
2023/04/19 21:58:52.158 ERROR tls.obtain could not get certificate from issuer {"identifier": "git.neroshop.org", "issuer": "acme.zerossl.com-v2-DV90", "error": "[git.neroshop.org] solving challenges: presenting for challenge: adding temporary record for zone \"neroshop.org.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/l8ehxyAwOQDz6Z3Egf5SuA) (ca=https://acme.zerossl.com/v2/DV90)"}
2023/04/19 21:58:52.159 ERROR tls.obtain will retry {"error": "[git.neroshop.org] Obtain: [git.neroshop.org] solving challenges: presenting for challenge: adding temporary record for zone \"neroshop.org.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/l8ehxyAwOQDz6Z3Egf5SuA) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 3.241505843, "max_duration": 2592000}
Caddyfile
:
git.neroshop.org {
reverse_proxy 127.0.0.1:3000
tls {
dns cloudflare <CLOUDFLARE_GLOBAL_API_KEY_HERE>
}
}
我的 cloudflare DNS 设置:
我的 Gitea
app.ini
:
APP_NAME = Neroshop: Decentralized P2P marketplace for Monero users
RUN_USER = git
RUN_MODE = prod
[database]
DB_TYPE = sqlite3
HOST = 127.0.0.1
NAME = gitea
USER = gitea
PASSWD =
SCHEMA =
SSL_MODE = disable
CHARSET = utf8
PATH = /var/lib/gitea/data/gitea.db
LOG_SQL = false
[repository]
ROOT = /var/lib/gitea/data/gitea-repositories
[server]
; https://docs.gitea.io/en-us/reverse-proxies/
PROTOCOL = https
SSH_DOMAIN = git.neroshop.org
DOMAIN = git.neroshop.org
HTTP_PORT = 443
;REDIRECT_OTHER_PORT = true
; Port the redirection service should listen on
;PORT_TO_REDIRECT = 443
ROOT_URL = https://git.neroshop.org
DISABLE_SSH = false
SSH_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = <hidden>
OFFLINE_MODE = false
[lfs]
PATH = /var/lib/gitea/data/lfs
[mailer]
ENABLED = false
[service]
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
DISABLE_REGISTRATION = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
REQUIRE_SIGNIN_VIEW = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost
[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true
[cron.update_checker]
ENABLED = false
[session]
PROVIDER = file
[log]
MODE = console
LEVEL = info
ROOT_PATH = /var/lib/gitea/log
ROUTER = console
[repository.pull-request]
DEFAULT_MERGE_STYLE = merge
[repository.signing]
DEFAULT_TRUST_MODEL = committer
[security]
INSTALL_LOCK = true
INTERNAL_TOKEN = <hidden>
PASSWORD_HASH_ALGO = pbkdf2