1. Caddy version (2.1.1):
2. How I run Caddy:
a. System environment:
Windows 10 64 bit
b. Command:
caddy_windows_amd64.exe run --config caddy.json
c. Service/unit/compose file:
N/A
d. My complete Caddyfile or JSON config:
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":444"
],
"routes": [
{
"match": [
{
"host": [
"localhost"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "vars",
"root": "C:\\Caddy\\srv"
}
]
},
{
"handle": [
{
"handler": "authentication",
"providers": {
"http_basic": {
"accounts": [
{
"password": "JDJhJDEwJEVCNmdaNEg2Ti5iejRMYkF3MFZhZ3VtV3E1SzBWZEZ5Q3VWc0tzOEJwZE9TaFlZdEVkZDhX",
"username": "Bob"
}
],
"hash": {
"algorithm": "bcrypt"
},
"hash_cache": {}
}
}
}
],
"match": [
{
"path": [
"/restricted/*"
]
}
]
},
{
"handle": [
{
"browse": {},
"handler": "file_server"
}
]
}
]
}
],
"terminal": true
}
],
"errors": {
"routes": [
{
"match": [
{
"host": [
"localhost"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"body": "404 Not Found",
"handler": "static_response"
}
],
"match": [
{
"expression": "{http.error.status_code} == 404"
}
]
}
]
}
],
"terminal": true
}
]
}
}
}
}
}
}
3. The problem I’m having:
When I add error handling to my configuration file (to return text and add HSTS headers) it breaks basic authentication. To replicate the issue run this configuration file and browse to https://localhost:444/restricted/, a blank white page will be displayed. Looking in the browsers network requests or using curl shows HTTP 200 along with www-authenticate.
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 200
< alt-svc: h3-29=":443"; ma=2592000
< server: Caddy
< www-authenticate: Basic realm="restricted"
< content-length: 0
< date: Wed, 26 Aug 2020 01:56:18 GMT
<
* Connection #0 to host localhost left intact
If you remove the error handler everything functions normally.
4. Error messages and/or full log output:
I don’t have any error logs. I tried turning on logging but was only able to log the full request. Whatever is going on seems to be normal, at least to Caddy.
5. What I already tried:
I reformatting the error handling several times (but unfortunately didn’t save it). I attempted to make the authentication handler send HTTP 401 manually, but it only ever sent 200 (I figured it would be a long shot).
I made this simpler configuration file that still replicates the issue to try and eliminate variables.