405 when reverse proxied with Python Flask

EDIT: Read this github issue and it seemed very similar. My flask logs are showing POST requests as GET requests, so I guess caddy is rewriting them?

1. The problem I’m having:

I have a python flask webserver setup, with a route to accept POST requests:

2. Error messages and/or full log output:

<!doctype html>
<html lang=en>
<title>405 Method Not Allowed</title>
<h1>Method Not Allowed</h1>
<p>The method is not allowed for the requested URL.</p>

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

Installed via the deb repo.

a. System environment:

Ubuntu jammy

b. Command:

Running via systemd.

d. My complete Caddy config:

threat.uno {
reverse_proxy :6081
log {
                output file "/var/log/caddy/access.log"
}
header -Server
header Server "AGL"
header -x-varnish
header -X-Cdn-Serve

}

5. Links to relevant resources:

Please enable the debug global option and show your logs, as asked by the help topic template.

{"level":"error","ts":1691496744.658056,"logger":"http.log.access.log28","msg":"handled request","request":{"remote_ip":"156.134.226.34","remote_port":"65496","client_ip":"156.134.226.34","proto":"HTTP/3.0","method":"POST","host":"threat.uno","uri":"/loginBackend","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0"],"Accept":["*/*"],"Content-Length":["1558"],"Accept-Language":["en-US,en;q=0.5"],"Content-Type":["application/x-www-form-urlencoded; charset=UTF-8"],"Origin":["https://threat.uno"],"Dnt":["1"],"Referer":["https://threat.uno/login"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"X-Requested-With":["XMLHttpRequest"],"Alt-Used":["threat.uno"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Site":["same-origin"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"threat.uno"}},"bytes_read":1558,"user_id":"","duration":0.005630089,"size":153,"status":405,"resp_headers":{"Content-Length":["153"],"Allow":["OPTIONS, POST"],"Via":["1.1 varnish, 1.1 varnish"],"X-Cache":["MISS"],"Date":["Tue, 08 Aug 2023 12:12:24 GMT"],"Content-Type":["text/html; charset=utf-8"],"Age":["0"]}}
{"level":"info","ts":1691496754.418293,"logger":"http.log.access.log28","msg":"handled request","request":{"remote_ip":"156.134.226.34","remote_port":"65496","client_ip":"156.134.226.34","proto":"HTTP/3.0","method":"GET","host":"threat.uno","uri":"/login","headers":{"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Mode":["navigate"],"Dnt":["1"],"Cache-Control":["no-cache"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Pragma":["no-cache"],"Priority":["u=1"],"Alt-Used":["threat.uno"],"Upgrade-Insecure-Requests":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"threat.uno"}},"bytes_read":0,"user_id":"","duration":0.005487666,"size":4768,"status":200,"resp_headers":{"Age":["0"],"Via":["1.1 varnish, 1.1 varnish"],"Accept-Ranges":["bytes"],"X-Cache":["MISS"],"Content-Length":["4768"],"Date":["Tue, 08 Aug 2023 12:12:34 GMT"],"Content-Type":["text/html; charset=utf-8"]}}
{"level":"error","ts":1691496754.9508781,"logger":"http.log.access.log28","msg":"handled request","request":{"remote_ip":"156.134.226.34","remote_port":"65496","client_ip":"156.134.226.34","proto":"HTTP/3.0","method":"GET","host":"threat.uno","uri":"/favicon.ico","headers":{"Accept-Language":["en-US,en;q=0.5"],"Dnt":["1"],"Sec-Fetch-Site":["same-origin"],"Cache-Control":["no-cache"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0"],"Accept-Encoding":["gzip, deflate, br"],"Alt-Used":["threat.uno"],"Sec-Fetch-Dest":["image"],"Pragma":["no-cache"],"Priority":["u=6"],"Accept":["image/avif,image/webp,*/*"],"Referer":["https://threat.uno/login"],"Sec-Fetch-Mode":["no-cors"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"threat.uno"}},"bytes_read":0,"user_id":"","duration":0.004750747,"size":207,"status":404,"resp_headers":{"Content-Type":["text/html; charset=utf-8"],"Age":["0"],"X-Cache":["MISS"],"Via":["1.1 varnish, 1.1 varnish"],"Content-Length":["207"],"Date":["Tue, 08 Aug 2023 12:12:34 GMT"]}}
{"level":"error","ts":1691496763.9127617,"logger":"http.log.access.log28","msg":"handled request","request":{"remote_ip":"156.134.226.34","remote_port":"65496","client_ip":"156.134.226.34","proto":"HTTP/3.0","method":"POST","host":"threat.un ","uri":"/loginBackend","headers":{"Content-Length":["1551"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Origin":["https://threat.uno"],"Sec-Fetch-Dest":["empty"],"Sec-Fetch-Mode":["cors"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0"],"Referer":["https://threat.uno/login"],"Accept":["*/*"],"Content-Type":["application/x-www-form-urlencoded; charset=UTF-8"],"X-Requested-With":["XMLHttpRequest"],"Alt-Used":["threat.uno"],"Pragma":["no-cache"],"Dnt":["1"],"Sec-Fetch-Site":["same-origin"],"Cache-Control":["no-cache"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h3","server_name":"threat.uno"}},"bytes_read":1551,"user_id":"","duration":0.005162085,"size":153,"status":405,"resp_headers":{"Via":["1.1 varnish, 1.1 varnish"],"Date":["Tue, 08 Aug 2023 12:12:43 GMT"],"Age":["0"],"Allow":["OPTIONS, POST"],"X-Cache":["MISS"],"Content-Type":["text/html; charset=utf-8"],"Content-Length":["153"]}}

I don’t see any debug level logs in there. Please enable the debug global option, and show your Caddy logs (i.e. the stdout/stderr output), not your access logs. Please read Keep Caddy Running — Caddy Documentation to understand how to find your logs.

Is there a way to sort logs for just one host? I have other websites that generate a lot of traffic and clog up the logs.

You can use grep to filter things.

Either way, this isn’t looking like a problem with Caddy. The 405 response probably comes from your Python app.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.