Caddy will not bind to non-tailscale interfaces if tsnet can not start #99
Description
I experienced an internet outage and for unrelated reasons had to restart the host running caddy with the tailscale plugin.
After the host came back up none of the tcp4/0.0.0.0 binds would work
In order to gain local access to the services bound to tcp4/0.0.0.0 I had to modify the caddyfile to remove tailscale/* binds from the configuration blocks and restart caddy.
Here is a minimal repo config that I believe would reproduce this issue
:80 {
bind tailscale/public-ingress
handle public.example.com {
respond 'public'
}
}
*.example.com:80 {
bind tcp4/0.0.0.0 tailscale/private-ingress
handle private.example.com {
respond 'private'
}
}
# dns/tls config omitted for simplicity. modified to bind to port 80. Normally this would be bound to 443 but the port does not seem relevant to the issue With this setup if tailscale is not reachable by tsnet tcp4/0.0.0.0 bind does not work. Both tailscale/ binds must be removed for caddy to respond to traffic on tcp4/0.0.0.0
I do realize this is a bit of an edge case since most deployments wouldn't be in this situation, but figured it would be valuable to report it anyway