Can`t access to local site vaultwarden

I use [Caddy with DNS challenge](for local using)
Container “caddy” logs show me:

"tls.obtain","msg":"certificate obtained successfully"

Container “vaultwarden” logs show me:

FO] No .env file found.
[2021-04-30 21:35:41.315][vaultwarden][INFO] JWT keys don't exist, checking if OpenSSL is available...
OpenSSL 1.1.1d  10 Sep 2019
[2021-04-30 21:35:41.325][vaultwarden][INFO] OpenSSL detected, creating keys...
Generating RSA private key, 2048 bit long modulus (2 primes)
e is 65537 (0x010001)
writing RSA key
writing RSA key
[2021-04-30 21:35:41.624][vaultwarden][INFO] Keys created correctly.
Running migration 20180114171611
...
Running migration 20210315163412
[2021-04-30 21:35:41.764][parity_ws][INFO] Listening for new connections on 0.0.0.0:3012.
[2021-04-30 21:35:41.766][start][INFO] Rocket has launched from http://0.0.0.0:80

I go to server ip http : //192.168.1.90/ get redirect to https : //192.168.1.90/ and then get error ERR_SSL_PROTOCOL_ERROR

What have I done wrong?

version: '3'

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    environment:
      - WEBSOCKET_ENABLED=true  # Enable WebSocket notifications.
    volumes:
      - ./vw-data:/data

  caddy:
    image: caddy:2
    container_name: caddy
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./caddy:/usr/bin/caddy  # Your custom build of Caddy.
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./caddy-config:/config
      - ./caddy-data:/data
    environment:
      - DOMAIN=vaultwarden.*****.duckdns.org  # Your domain.
      - EMAIL=r*******@yandex.ru       # The email address to use for ACME registration.
      - DUCKDNS_TOKEN=2********-****-****-****-***********9         # Your Duck DNS token.
      - LOG_FILE=/data/access.log

I find my error.

Need set up domain to local address 192.168.1.90 in DuckDNS settings.

Can you elaborate this, please?

Only using this instruction.

And this topic say me duckdns settings.

If you don’t already have an account, create one at https://www.duckdns.org/. Create a subdomain for your vaultwarden instance (e.g., my-vw.duckdns.org ), setting its IP to your vaultwarden host’s private IP (e.g., 192.168.1.100 ). Make note of your account’s token (a string in UUID format). Caddy will need this token to solve the DNS challenge.

ip address of my rasp pi with docker
and now vaultwarden work in local network. no ssl error.

I can access to my vaultwarden only using this address 'https://vaultwarden.*****.duckdns.org

If i use ip address https://192.168.1.91 i got error ERR_SSL_PROTOCOL_ERROR

these are my settings and it works fine with caddy as reverse proxy. i use opnsense & add a host override in Unbound

services:
 vaultwarden:
  image: vaultwarden/server:latest
  container_name: bitwarden
  restart: always
  volumes:
      - /opt/bitwarden/newdata:/data/
  ports:
    - 8088:80
    - 3012:3012
  environment:
    LOG_FILE: '/opt/bitwarden/bitwarden.log'
    LOG_LEVEL: 'debug'
    EXTENDED_LOGGING: 'true'
    WEB_VAULT_ENABLED: 'true'
    WEBSOCKET_ENABLED: 'true'
    WEBSOCKET_PORT: '3012'
    ADMIN_TOKEN: 'xxx'
    SIGNUPS_ALLOWED: 'true'
    DATABASE_URL: "mysql://bitwarden_rs:12345@192.168.11.67:3306/bitwarden_rs"

CADDY SETTINGS

vaultwarden.foo.com {
  # The negotiation endpoint is also proxied to Rocket
  reverse_proxy /notifications/hub/negotiate 192.168.11.74:8088

  # Notifications redirected to the websockets server
  reverse_proxy /notifications/hub 192.168.11.74:3012

  # Proxy the Root directory to Rocket
  reverse_proxy 192.168.11.74:8088

  header {
       # Enable cross-site filter (XSS) and tell browser to block detected attacks
       X-XSS-Protection "1; mode=block"
       # Disallow the site to be rendered within a frame (clickjacking protection)
       X-Frame-Options "DENY"
       # Prevent search engines from indexing (optional)
       X-Robots-Tag "none"
       # Server name removing
       -Server
   }
}