1. Caddy version (caddy version):
v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=
2. How I run Caddy:
system service
a. System environment:
Raspberry Pi direct install
b. Command:
caddy start or run if needed.
c. Service/unit/compose file:
N/A
d. My complete Caddyfile or JSON config:
pihole.mydomain.duckdns.org {
log {
output file /var/log/caddy/pihole.log
}
@internal {
remote_ip 192.168.1.0/24
}
handle @internal {
reverse_proxy 127.0.0.1:1080
}
respond 403 {
close
}
basicauth {
bob password
}
}
3. The problem I’m having:
I am trying to get a Fail2ban filter that works with the Caddy log output. I have had many problems but the current one is I cannot seem to figure out why the format randomly changes in my log.
Here is what I was seeing in my log
{"level":"error","ts":1593001009.4403296,"logger":"http.log.access.log1","msg":"handled request","request":{"method":"GET","uri":"/admin","proto":"HTTP/2.0","remote_addr":"192.168.1.10:57839","host":"pihole.mydomain.duckdns.org","headers":{"Cookie":["PHPSESSID=igbc7rd207g8e214mmbehno3vo"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18363"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":771,"ciphersuite":49196,"proto":"h2","proto_mutual":true,"server_name":"pihole.mydomain.duckdns.org"}},"common_log":"192.168.1.10 - - [24/Jun/2020:08:16:49 -0400] \"GET /admin HTTP/2.0\" 401 0","duration":0.000069276,"size":0,"status":401,"resp_headers":{"Server":["Caddy"],"Www-Authenticate":["Basic realm=\"restricted\""]}}
Then out of the blue is started being formatted like this
2020/06/25 11:58:09.089 error http.log.access.log1 handled request {"request": {"method": "GET", "uri": "/admin", "proto": "HTTP/2.0", "remote_addr": "192.168.1.10:60124", "host": "pihole.mydomain.duckdns.org", "headers": {"Authorization": ["Basic XXXXXXXXXXXXXX"], "Upgrade-Insecure-Requests": ["1"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"], "Sec-Fetch-Dest": ["document"], "Sec-Fetch-User": ["?1"], "Accept-Encoding": ["gzip, deflate, br"], "Accept-Language": ["en-US,en;q=0.9"], "Cookie": ["PHPSESSID=7r3m587jhqjbdpg75i17sqn2lg"], "Cache-Control": ["max-age=0"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Sec-Fetch-Site": ["none"], "Sec-Fetch-Mode": ["navigate"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4867, "proto": "h2", "proto_mutual": true, "server_name": "pihole.mydomain.duckdns.org"}}, "common_log": "192.168.1.10 - - [25/Jun/2020:07:58:09 -0400] \"GET /admin HTTP/2.0\" 401 0", "duration": 0.000196627, "size": 0, "status": 401, "resp_headers": {"Server": ["Caddy"], "Www-Authenticate": ["Basic realm=\"restricted\""]}}
When I first started trying to get a filter to work the format was the same as the second log above. Then it changed to the first one and now it’s back to the second one again. I can’t seem to figure out what I did to changed it. I didn’t change anything in the Caddyfile so I’m at a loss as what causes it.
4. Error messages and/or full log output:
N/A
5. What I already tried:
Researching what causes that to happen. I prefer the second one as the DTG is at the beginning, but how can I make sure it doesn’t revert back to the other one?
Thanks in advance