Aborting with incomplete response - photoprismpi

Eambo · April 14, 2024, 8:26pm

1. The problem I’m having:

Hi all, and thanks in advance for any suggestions/help you can offer.

I’m trying to run photoprismpi which comes with caddy pre-installed, and having issues getting things set up properly.

I can connect fine via local network and photoprism works okay
I can connect fine via http and photoprism works okay
When I run caddy, I don’t seem to get any errors - UNTIL I try to connect
I’m getting an error related to “aborting with incomplete response” and not able to load anything
My DNS is configured through Cloudflare with Cloudflare’s DNS obfuscating features disabled - my public IP is exposed directly.

2. Error messages and/or full log output:

Apr 14 20:16:09 photoprismpi caddy[6859]: {"level":"debug","ts":1713125769.5529103,"logger":"events","msg":"event","name":"tls_get_certificate","id":"ffdb461b-28ca-4be2-a141-d67485b64954","origin":"tls","data":{"client_hello":{"CipherSuites":[47802,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"photos.jemgaming.co.uk","SupportedCurves":[43690,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[6682,772,771],"RemoteAddr":{"IP":"86.172.178.154","Port":60159,"Zone":""},"LocalAddr":{"IP":"192.168.68.90","Port":443,"Zone":""}}}}
Apr 14 20:16:09 photoprismpi caddy[6859]: {"level":"debug","ts":1713125769.5535808,"logger":"tls.handshake","msg":"choosing certificate","identifier":"photos.jemgaming.co.uk","num_choices":1}
Apr 14 20:16:09 photoprismpi caddy[6859]: {"level":"debug","ts":1713125769.5536587,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"photos.jemgaming.co.uk","subjects":["photos.jemgaming.co.uk"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"1629ba3bbc1dff764db442e0a62c976f4d38f5ff593f33a24275dbb6002badb3"}
Apr 14 20:16:09 photoprismpi caddy[6859]: {"level":"debug","ts":1713125769.5537088,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"86.172.178.154","remote_port":"60159","subjects":["photos.jemgaming.co.uk"],"managed":true,"expiration":1720895711,"hash":"1629ba3bbc1dff764db442e0a62c976f4d38f5ff593f33a24275dbb6002badb3"}
Apr 14 20:16:09 photoprismpi caddy[6859]: {"level":"debug","ts":1713125769.5709314,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"127.0.0.1:443","total_upstreams":1}
Apr 14 20:16:09 photoprismpi caddy[6859]: {"level":"debug","ts":1713125769.5726206,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:443","duration":0.001474353,"request":{"remote_ip":"86.172.178.154","remote_port":"60159","client_ip":"86.172.178.154","proto":"HTTP/2.0","method":"GET","host":"photos.jemgaming.co.uk","uri":"/library/login","headers":{"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0"],"Sec-Fetch-Site":["cross-site"],"X-Forwarded-For":["86.172.178.154"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua":["\"Microsoft Edge\";v=\"123\", \"Not:A-Brand\";v=\"8\", \"Chromium\";v=\"123\""],"X-Forwarded-Host":["photos.jemgaming.co.uk"],"Sec-Fetch-Dest":["document"],"Accept-Language":["en-GB,en;q=0.9,en-US;q=0.8"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Windows\""],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"photos.jemgaming.co.uk"}},"headers":{},"status":400}
Apr 14 20:16:09 photoprismpi caddy[6859]: {"level":"error","ts":1713125769.5735304,"logger":"http.handlers.reverse_proxy","msg":"reading from backend","error":"read tcp 127.0.0.1:59152->127.0.0.1:443: read: connection reset by peer"}
Apr 14 20:16:09 photoprismpi caddy[6859]: {"level":"error","ts":1713125769.5737624,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","upstream":"127.0.0.1:443","duration":0.001474353,"request":{"remote_ip":"86.172.178.154","remote_port":"60159","client_ip":"86.172.178.154","proto":"HTTP/2.0","method":"GET","host":"photos.jemgaming.co.uk","uri":"/library/login","headers":{"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0"],"Sec-Fetch-Site":["cross-site"],"X-Forwarded-For":["86.172.178.154"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua":["\"Microsoft Edge\";v=\"123\", \"Not:A-Brand\";v=\"8\", \"Chromium\";v=\"123\""],"X-Forwarded-Host":["photos.jemgaming.co.uk"],"Sec-Fetch-Dest":["document"],"Accept-Language":["en-GB,en;q=0.9,en-US;q=0.8"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Windows\""],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"photos.jemgaming.co.uk"}},"error":"reading: read tcp 127.0.0.1:59152->127.0.0.1:443: read: connection reset by peer"}
Apr 14 20:17:17 photoprismpi caddy[6859]: {"level":"debug","ts":1713125837.4073222,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"127.0.0.1:443","total_upstreams":1}
Apr 14 20:17:17 photoprismpi caddy[6859]: {"level":"debug","ts":1713125837.4097202,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:443","duration":0.002034643,"request":{"remote_ip":"86.172.178.154","remote_port":"60159","client_ip":"86.172.178.154","proto":"HTTP/2.0","method":"GET","host":"photos.jemgaming.co.uk","uri":"/library/login","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Site":["cross-site"],"Accept-Encoding":["gzip, deflate, br, zstd"],"X-Forwarded-Proto":["https"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept-Language":["en-GB,en;q=0.9,en-US;q=0.8"],"X-Forwarded-For":["86.172.178.154"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0"],"Sec-Ch-Ua":["\"Microsoft Edge\";v=\"123\", \"Not:A-Brand\";v=\"8\", \"Chromium\";v=\"123\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Dest":["document"],"X-Forwarded-Host":["photos.jemgaming.co.uk"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"photos.jemgaming.co.uk"}},"headers":{},"status":400}
Apr 14 20:17:17 photoprismpi caddy[6859]: {"level":"error","ts":1713125837.4108896,"logger":"http.handlers.reverse_proxy","msg":"reading from backend","error":"read tcp 127.0.0.1:59890->127.0.0.1:443: read: connection reset by peer"}
Apr 14 20:17:17 photoprismpi caddy[6859]: {"level":"error","ts":1713125837.411224,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","upstream":"127.0.0.1:443","duration":0.002034643,"request":{"remote_ip":"86.172.178.154","remote_port":"60159","client_ip":"86.172.178.154","proto":"HTTP/2.0","method":"GET","host":"photos.jemgaming.co.uk","uri":"/library/login","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Site":["cross-site"],"Accept-Encoding":["gzip, deflate, br, zstd"],"X-Forwarded-Proto":["https"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept-Language":["en-GB,en;q=0.9,en-US;q=0.8"],"X-Forwarded-For":["86.172.178.154"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0"],"Sec-Ch-Ua":["\"Microsoft Edge\";v=\"123\", \"Not:A-Brand\";v=\"8\", \"Chromium\";v=\"123\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Dest":["document"],"X-Forwarded-Host":["photos.jemgaming.co.uk"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"photos.jemgaming.co.uk"}},"error":"reading: read tcp 127.0.0.1:59890->127.0.0.1:443: read: connection reset by peer"}
Apr 14 20:17:19 photoprismpi caddy[6859]: {"level":"debug","ts":1713125839.460916,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"127.0.0.1:443","total_upstreams":1}
Apr 14 20:17:19 photoprismpi caddy[6859]: {"level":"debug","ts":1713125839.463186,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:443","duration":0.001911145,"request":{"remote_ip":"86.172.178.154","remote_port":"60159","client_ip":"86.172.178.154","proto":"HTTP/2.0","method":"GET","host":"photos.jemgaming.co.uk","uri":"/library/login","headers":{"Sec-Ch-Ua-Platform":["\"Windows\""],"X-Forwarded-Proto":["https"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0"],"Sec-Fetch-Dest":["document"],"X-Forwarded-For":["86.172.178.154"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua":["\"Microsoft Edge\";v=\"123\", \"Not:A-Brand\";v=\"8\", \"Chromium\";v=\"123\""],"Sec-Ch-Ua-Mobile":["?0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-User":["?1"],"X-Forwarded-Host":["photos.jemgaming.co.uk"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Accept-Language":["en-GB,en;q=0.9,en-US;q=0.8"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["cross-site"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"photos.jemgaming.co.uk"}},"headers":{},"status":400}
Apr 14 20:17:19 photoprismpi caddy[6859]: {"level":"error","ts":1713125839.4643373,"logger":"http.handlers.reverse_proxy","msg":"reading from backend","error":"read tcp 127.0.0.1:59900->127.0.0.1:443: read: connection reset by peer"}
Apr 14 20:17:19 photoprismpi caddy[6859]: {"level":"error","ts":1713125839.4644992,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","upstream":"127.0.0.1:443","duration":0.001911145,"request":{"remote_ip":"86.172.178.154","remote_port":"60159","client_ip":"86.172.178.154","proto":"HTTP/2.0","method":"GET","host":"photos.jemgaming.co.uk","uri":"/library/login","headers":{"Sec-Ch-Ua-Platform":["\"Windows\""],"X-Forwarded-Proto":["https"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 Edg/123.0.0.0"],"Sec-Fetch-Dest":["document"],"X-Forwarded-For":["86.172.178.154"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua":["\"Microsoft Edge\";v=\"123\", \"Not:A-Brand\";v=\"8\", \"Chromium\";v=\"123\""],"Sec-Ch-Ua-Mobile":["?0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-User":["?1"],"X-Forwarded-Host":["photos.jemgaming.co.uk"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Accept-Language":["en-GB,en;q=0.9,en-US;q=0.8"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["cross-site"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","server_name":"photos.jemgaming.co.uk"}},"error":"reading: read tcp 127.0.0.1:59900->127.0.0.1:443: read: connection reset by peer"}

3. Caddy version:

v2.7.6

4. How I installed and ran Caddy:

a. System environment:

Installed as part of photoprismpi: SD Card Image - PhotoPrism

b. Command:

Ran via sudo caddy start, sudo caddy run and sudo systemctl start caddy at different times with the same outcome.

c. Service/unit/compose file:

I don’t know where to find this one unfortunately, I’m sorry!

d. My complete Caddy config:

## Global Options ##
{
        admin off
        https_port 443
        auto_https disable_redirects
        email admin@jemgaming.co.uk
        debug
}

## Local HTTPS ##
127.0.0.1,
*.local,
localhost,
photoprism,
photoprismpi,
photoprism.local,
*.photoprism.local,
photoprismpi.local,
*.photoprismpi.local {
        tls internal {
                on_demand
        }
#       reverse_proxy 127.0.0.1:443
}

## External HTTPS ###

https://photos.jemgaming.co.uk {
        reverse_proxy 127.0.0.1:443
}

5. Links to relevant resources:

matt · April 14, 2024, 10:12pm

That usually means the client closed the connection early. Unless the app isn’t working for you it is probably benign.

Why are you using on-demand for your internal hostnames?

Eambo · April 15, 2024, 7:29am

Thank you for your response!

On demand I think was enabled by default on this config, I can remove it if not required.

Unfortunately this error isn’t benign, I still can’t get connected via HTTPS. Local and http work, but Https gives a 400 error and this error in the logs

matt · April 15, 2024, 1:15pm

What do you mean by that exactly? On-demand is never enabled by default…

EDIT: Ah, okay, @Monviech explained to me that this config comes by default as bundled with another app (PhotoPrism Pi). (The on_demand is not necessary. I’ll mention it to the developers of that app.)

Can you reproduce the problem with curl -v? That will yield more useful information.