为 Gitea 服务器设置 caddy 反向代理时遇到问题

几周来我一直无法将我的本地 Gitea 服务器映射到我的子域

git.neroshop.org

。我已经尝试过 nginx 和 caddy，但到目前为止我还没有取得任何成功。现在我正在尝试使用球童，但我不断收到此错误。任何帮助将不胜感激。

$ sudo caddy run --config /etc/caddy/Caddyfile
2023/04/19 21:58:48.815 INFO    using provided configuration    {"config_file": "/etc/caddy/Caddyfile", "config_adapter": ""}
2023/04/19 21:58:48.817 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2023/04/19 21:58:48.817 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2023/04/19 21:58:48.817 INFO    http    enabling automatic HTTP->HTTPS redirects{"server_name": "srv0"}
2023/04/19 21:58:48.818 INFO    tls.cache.maintenance   started background certificate maintenance  {"cache": "0xc000473500"}
2023/04/19 21:58:48.818 INFO    http    enabling HTTP/3 listener    {"addr": ":443"}
2023/04/19 21:58:48.818 INFO    failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2023/04/19 21:58:48.818 INFO    http.log    server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2023/04/19 21:58:48.818 INFO    http.log    server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2023/04/19 21:58:48.818 INFO    http    enabling automatic TLS certificate management   {"domains": ["git.neroshop.org"]}
2023/04/19 21:58:48.818 INFO    tls.obtain  acquiring lock  {"identifier": "git.neroshop.org"}
2023/04/19 21:58:48.834 INFO    tls cleaning storage unit   {"description": "FileStorage:/root/.local/share/caddy"}
2023/04/19 21:58:48.834 INFO    tls finished cleaning storage units
2023/04/19 21:58:48.851 INFO    autosaved config (load with --resume flag)  {"file": "/root/.config/caddy/autosave.json"}
2023/04/19 21:58:48.851 INFO    serving initial configuration
2023/04/19 21:58:48.917 INFO    tls.obtain  lock acquired   {"identifier": "git.neroshop.org"}
2023/04/19 21:58:48.917 INFO    tls.obtain  obtaining certificate   {"identifier": "git.neroshop.org"}
2023/04/19 21:58:48.940 INFO    http    waiting on internal rate limiter    {"identifiers": ["git.neroshop.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/04/19 21:58:48.940 INFO    http    done waiting on internal rate limiter   {"identifiers": ["git.neroshop.org"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2023/04/19 21:58:49.612 INFO    http.acme_client    trying to solve challenge   {"identifier": "git.neroshop.org", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2023/04/19 21:58:49.959 ERROR   http.acme_client    cleaning up solver  {"identifier": "git.neroshop.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.git.neroshop.org\" (usually OK if presenting also failed)"}
2023/04/19 21:58:50.065 ERROR   tls.obtain  could not get certificate from issuer   {"identifier": "git.neroshop.org", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[git.neroshop.org] solving challenges: presenting for challenge: adding temporary record for zone \"neroshop.org.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme-v02.api.letsencrypt.org/acme/order/1054177917/177201597357) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2023/04/19 21:58:50.067 INFO    http    waiting on internal rate limiter    {"identifiers": ["git.neroshop.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "[email protected]"}
2023/04/19 21:58:50.068 INFO    http    done waiting on internal rate limiter   {"identifiers": ["git.neroshop.org"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "[email protected]"}
2023/04/19 21:58:51.606 INFO    http.acme_client    trying to solve challenge   {"identifier": "git.neroshop.org", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
2023/04/19 21:58:51.753 ERROR   http.acme_client    cleaning up solver  {"identifier": "git.neroshop.org", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.git.neroshop.org\" (usually OK if presenting also failed)"}
2023/04/19 21:58:52.158 ERROR   tls.obtain  could not get certificate from issuer   {"identifier": "git.neroshop.org", "issuer": "acme.zerossl.com-v2-DV90", "error": "[git.neroshop.org] solving challenges: presenting for challenge: adding temporary record for zone \"neroshop.org.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/l8ehxyAwOQDz6Z3Egf5SuA) (ca=https://acme.zerossl.com/v2/DV90)"}
2023/04/19 21:58:52.159 ERROR   tls.obtain  will retry  {"error": "[git.neroshop.org] Obtain: [git.neroshop.org] solving challenges: presenting for challenge: adding temporary record for zone \"neroshop.org.\": got error status: HTTP 400: [{Code:6003 Message:Invalid request headers}] (order=https://acme.zerossl.com/v2/DV90/order/l8ehxyAwOQDz6Z3Egf5SuA) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 3.241505843, "max_duration": 2592000}

Caddyfile

：

git.neroshop.org {
    reverse_proxy 127.0.0.1:3000
    tls {
        dns cloudflare <CLOUDFLARE_GLOBAL_API_KEY_HERE>
    }   
}

我的 cloudflare DNS 设置：

API 令牌设置（当前处于活动状态）：

我的 Gitea

app.ini

:

APP_NAME = Neroshop: Decentralized P2P marketplace for Monero users
RUN_USER = git
RUN_MODE = prod

[database]
DB_TYPE  = sqlite3
HOST     = 127.0.0.1
NAME     = gitea
USER     = gitea
PASSWD   = 
SCHEMA   = 
SSL_MODE = disable
CHARSET  = utf8
PATH     = /var/lib/gitea/data/gitea.db
LOG_SQL  = false

[repository]
ROOT = /var/lib/gitea/data/gitea-repositories

[server]
; https://docs.gitea.io/en-us/reverse-proxies/
PROTOCOL            = https
SSH_DOMAIN          = git.neroshop.org
DOMAIN              = git.neroshop.org
HTTP_PORT           = 443
;REDIRECT_OTHER_PORT = true
; Port the redirection service should listen on
;PORT_TO_REDIRECT    = 443
ROOT_URL            = https://git.neroshop.org
DISABLE_SSH         = false
SSH_PORT            = 22
LFS_START_SERVER    = true
LFS_JWT_SECRET      = <hidden>
OFFLINE_MODE        = false

[lfs]
PATH = /var/lib/gitea/data/lfs

[mailer]
ENABLED = false

[service]
REGISTER_EMAIL_CONFIRM            = false
ENABLE_NOTIFY_MAIL                = false
DISABLE_REGISTRATION              = false
ALLOW_ONLY_EXTERNAL_REGISTRATION  = false
ENABLE_CAPTCHA                    = false
REQUIRE_SIGNIN_VIEW               = false
DEFAULT_KEEP_EMAIL_PRIVATE        = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING       = true
NO_REPLY_ADDRESS                  = noreply.localhost

[openid]
ENABLE_OPENID_SIGNIN = true
ENABLE_OPENID_SIGNUP = true

[cron.update_checker]
ENABLED = false

[session]
PROVIDER = file

[log]
MODE      = console
LEVEL     = info
ROOT_PATH = /var/lib/gitea/log
ROUTER    = console

[repository.pull-request]
DEFAULT_MERGE_STYLE = merge

[repository.signing]
DEFAULT_TRUST_MODEL = committer

[security]
INSTALL_LOCK       = true
INTERNAL_TOKEN     = <hidden>
PASSWORD_HASH_ALGO = pbkdf2