Best install option for Caddy+DNS Plugin - help needed

Antergosgeek · April 8, 2024, 1:57am

Hi,
Completely new here and to Caddy. Following the “HELP”-Template.

Explain what you are trying to do:

I am trying to move from NginxProxyManager (NPM) to Caddy for my self-hosted docker services.
My home server is a m1 Mac-mini.
I have a FQDN and am forwarding that with CNAME Records to a duckdns address that is linked to my home IP and periodically updated.
I also need Letsencrypt SSL-Certificates with Cloudflare DNS challenge.

I am hoping that Caddy will be easier to manage and also not have some of the shortcomings I am currently experiencing with NPM: mainly I have to run it on bridge network which somehow doesn’t give me the real IPs that are forwarded only the Docker container IP of NPM, which makes it impossible to use fail2ban.

Another thing is I am just curious about Caddy, heard lots of good things.

Now I am wondering what is the best route for me to go:

Caddy in Docker container, which according to this https://caddy.community/t/how-to-guide-caddy-v2-cloudflare-dns-01-via-docker/8007 means I have to build my own container since I need caddy-dns plugin (https://github.com/caddy-dns/cloudflare) This is something completely new for me.
Run Caddy in a Ubuntu Multipass Instance (Virtual Machine) with linked IP to host-network, which I am already using to run pihole on. Works with no problems. However it is ubuntu arm.
Run Caddy directly on host Mac install via homebrew.

Building my own docker container just isn’t something I am used to but I would need the dns plugin. Worried about upkeep.

Multipass I could see that it might be an issue due to the bridged network however it works flawlessly with pihole so don’t know. Question remains how to make it available to Docker which then wouldn’t even be running on the same machine anymore since it is a completely separate VM.

I am thinking that it would almost be desirable to run Caddy directly on the Mac-mini, however then I have no idea how to make it accessible to Docker or would it be as simple as forwarding to the host-IPs with the respective container ports? Any disadvantages of it not being containerized? Security? Would using plugins be easier then?

Really curious if anyone can help shed some light on what would be best to do.

Link to any relevant resources.

https://caddy.community/t/using-caddy-as-a-reverse-proxy-in-a-home-network/9427

https://caddy.community/t/caddy-reverse-proxy-nextcloud-collabora-vaultwarden-with-local-https/12052

Thank you!

SlothCroissant · April 8, 2024, 2:14am

Shameless plug: https://hub.docker.com/r/slothcroissant/caddy-cloudflaredns.

I’m not sure about your questions about host vs bridged networking - I’m mainly on Kubernetes via containerd at this point, and even when I was all-docker, I ran exclusively bridged unless whatever service required host (avahi, etc). Others can maybe help on that front.

Containerization is great, the future, great to know/lean, etc - however there is nothing “wrong” about running native. Plugins would in theory be easier to add/change on a whim, without needing to rebuild containers, etc.

Antergosgeek · April 8, 2024, 11:51pm

I appreciate the answer the question of host vs bridge plays a role for being able to forward IPs doesn’t it?

I appreciate the help on the container image just would like to either use the official image or compile my own if I can figure out how or run official bare metal (that’s why I was asking about multipass).

Either way I appreciate the answer. Thank you!

If I go baremetal, how would I add plugins like the caddy-dns plugin https://github.com/caddy-dns?

Would this still be the way to do it?

I have installed caddy on the multipass Instance following the Ubuntu installation documentation that ends in sudo apt install caddy by now and the binary is located in /usr/bin/caddy so would I instead of the last line ./caddy copy the caddy-binary that I downloaded with wget to /usr/bin first?

Monviech · April 10, 2024, 5:05am

You could try to use this command:

caddy

Look if it has add-package in Available Commands.

caddy add-package github.com/caddy-dns/cloudflare

It will upgrade the binary to the latest version and include cloudflare dns.

Antergosgeek · April 10, 2024, 3:25pm

Perfect, Thank you! That worked!

Another last question, how do I get logs or figure out what exactly isn’t working? I have installed Caddy on Multipass and am running it as a service. On port 80, http://multipassIP, it also shows that Caddy is running, however the rest of my config seems to have some sort of issue, because I can not reach any of my services (containers) over the my subdomain.domain.com.

Just don’t know where to look for the specifics on the error.
It is not a firewall topic on the multiples, and I have forwarded ports on my router for 80 and 443 to the multipassIP. Caddy itself starts so in general I am assuming no syntax errors in the Caddyfile but either DNS Challenge problem or general misconfiguration since I am not 100% sure of what I am doing

francislavoie · April 10, 2024, 6:44pm

You’d probably get best performance by running directly on your Mac host, because virtualization (Docker on Mac is running inside a Linux VM) adds a decent amount of overhead.

And as you were concerned, it does complicate things a lot with networking if you run it inside a VM, because proxying to other services either running on the host or in other VMs is more complicated than just proxying to localhost:9000 or whatever if it’s running on the host.

As others have said, you can use the add-package command to download a new build with the plugins added, or you can build yourself from source quite easily with xcaddy.

Keep in mind you should have some mechanism for keeping Caddy running, i.e. start it on reboot etc. I don’t know what mechanisms for that homebrew offers, but I think it has that kind of stuff?

That depends on what’s actually starting Caddy. The logs are written to stdout/stderr by default, so whatever starts it needs to pipe the logs to somewhere, otherwise it gets written to nowhere.

But you can configure Caddy to write to a file by using the log global option.

Then in that case, read these instructions: Keep Caddy Running — Caddy Documentation

Antergosgeek · April 10, 2024, 10:37pm

Thank you so much for your reply!
I may even go and run it on the host. Not sure yet. I have the VM running pinhole anyways so I might as well run caddy on it was my thought but I may also consider moving both of these to the host if possible. As for building the package I was able to do that now. Also regarding keep caddy running it is active and started via sudo systemctl enable caddy and sudo systemctl start caddy.

Now what I am running into seem to be dns resolving issues for getting the certificate via Let’sEncrypt. I went over to cloudflare and un-proxied the domains and subdomains. This is what I have in my Caddyfile (/etc/caddy/Caddyfile)

{
  debug
  email my-user@email.com
}

http://pi.hole {
  reverse_proxy localhost:1180
}

*.my-domain.com, my-domain.com {
  tls {
     dns cloudflare API-TOKEN
   }

   # Bitwarden in a Docker Container reverse proxy
   @bitwarden host bitwardenw.my-domain.com
   handle @bitwarden {
    reverse_proxy http://10.10.1.2
  }
}


# Nextcloud+Apache in a Docker container
nc.my-domain.com {
  tls {
    dns cloudflare API-TOKEN
  }
  encode gzip
  reverse_proxy http://10.10.1.4:8889

  redir /.well-known/carddav /remote.php/carddav 301
  redir /.well-known/caldav /remote.php/caldav 301
}

Something doesn’t seem to be working. I am unsure what it might be though…
How do I go about troubleshooting?
What else should I provide? Getting 200 and 201 DENY on the DNS-01 Challenge.

And lastly, can I somehow redirect bitwardenw.my-domain.com/admin to 404 or combine this with respond + some static text?

Trying to combine some things that I have read so far. The reverse proxies are IPs that are on the same network. Still not sure about the bridging of multipass because everything is just on the same network because the multipass has a bridged IP address to the local network. The VMs actual IP is different but addressable through the bridges IP. I am wondering if that causes some issues.

jum · April 11, 2024, 12:08am

I did migrate from Nginx to caddy myself, and I do not regret it. I do run most of my containers on Linux, my Mac runs everything as plain Macosx services. In any case, I am also using caddy with the cloudflare and docker-proxy plugins, and a write up with Dockerfile, build script and some sample services can be found here:

francislavoie · April 11, 2024, 8:27pm

I mean…

Please never say “it doesn’t work”, that’s not useful. Show evidence. Show your logs. Describe the behaviour you’re seeing. There’s always symptoms.

Antergosgeek · April 13, 2024, 4:09am

I would love to. Is there a way to log to a file?
I really have trouble copying the debug messages… due to the length.

And just after I wrote this I realize I can probably just pipe the output into a file… haha… sorry.

caddy.service - Caddy
     Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2024-04-12 23:17:18 CDT; 7s ago
       Docs: https://caddyserver.com/docs/
   Main PID: 30723 (caddy)
      Tasks: 8 (limit: 2274)
     Memory: 8.0M
        CPU: 122ms
     CGroup: /system.slice/caddy.service
             └─30723 /usr/bin/caddy run --environ --config /etc/caddy/Caddyfile

Apr 12 23:17:18 ltsInstance caddy[30723]: {"level":"info","ts":1712981838.4387925,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
Apr 12 23:17:18 ltsInstance caddy[30723]: {"level":"info","ts":1712981838.4388556,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["*.example.com"]}
Apr 12 23:17:18 ltsInstance caddy[30723]: {"level":"debug","ts":1712981838.440292,"logger":"tls","msg":"loading managed certificate","domain":"*.example.com","expiration":1720656000,"issuer_key":"acme.zerossl.com-v2-DV90","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Apr 12 23:17:18 ltsInstance caddy[30723]: {"level":"debug","ts":1712981838.4411783,"logger":"tls.cache","msg":"added certificate to cache","subjects":["*.example.com"],"expiration":1720656000,"managed":true,"issuer_key":"acme.zerossl.com-v2-DV90","hash":"cd76a619def2c6da34df09f5164293d1696b83a9adb160406a931985b3899ab7","cache_size":1,"cache_capacity":10000}
Apr 12 23:17:18 ltsInstance caddy[30723]: {"level":"debug","ts":1712981838.4413204,"logger":"events","msg":"event","name":"cached_managed_cert","id":"244d24c7-003b-4839-ba24-baf3babdea60","origin":"tls","data":{"sans":["*.example.com"]}}
Apr 12 23:17:18 ltsInstance caddy[30723]: 
{"level":"info","ts":1712981838.4419663,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Apr 12 23:17:18 ltsInstance caddy[30723]: {"level":"info","ts":1712981838.4423983,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Apr 12 23:17:18 ltsInstance systemd[1]: Started Caddy.
Apr 12 23:17:18 ltsInstance caddy[30723]: {"level":"info","ts":1712981838.444909,"msg":"serving initial configuration"}
Apr 12 23:17:18 ltsInstance caddy[30723
]: {"level":"info","ts":1712981838.4458263,"logger":"tls","msg":"finished cleaning storage units"}

Last time it brought some 200 and 201 DENY not this time.

Is this how it is supposed to look?

I think it was that I had a lot of _acme_challenge TXT records in the DNS of the domain. I cleaned these up two days ago and didn’t mess with Caddy since then.
Seems to me it is working now. Domains are correctly forwarded.

Now only question remaining is how to setup a log file for caddy in the /etc/caddy/Caddyfile

And do you guys have any other recommendation of what I may want to do for config? One thing I notice that it apparently doesn’t forward real IPs, which was the big hope I had would be possible. Right now seems all I get is the same IP from host gateway on each request.

And can anyone tell me where the certs are stored? (They are not in the home directory, no caddy for in there, which is where I thought I read they should be…) —> Found those but for documentation purposes: /var/lib/caddy/.local/share/caddy

Thank you!

Antergosgeek · April 13, 2024, 1:51pm

Thank you, very detailed and a will take me a while to go through.

francislavoie · April 13, 2024, 9:08pm

They’re logged to the journal by default. See Keep Caddy Running — Caddy Documentation which has the command you should run to look at your latest logs.

You only showed Caddy’s startup logs, it all looks to be working as expected from that. I don’t see any evidence of a problem.

For access logs (per-request logging) use the log directive (within a site block). For runtime logs (everything else) use the log global option. See the docs, it’s well explained.

The caddy user’s HOME is /var/lib/caddy. Therefore the storage location is what you wrote.

Antergosgeek · April 14, 2024, 5:55am

Perfect! Thank you!

Do you know how I can configure Caddy to forward real IP to my docker containers?
I am just using Caddy for reverse proxy. Main reason would be to be able to implement Fail2ban.

francislavoie · April 14, 2024, 10:10am

Caddy already does, included in the X-Forwarded-For header.

Antergosgeek · April 14, 2024, 3:31pm

Very nice! I checked the caddy logfile and it does indeed forward the real IP. I think it was my inability to check the logs initially. Thank you for the clarification on that.

One thing I now noticed after the fact:
Caddy proxies correctly when on internal network, when I disconnect from the internal network e.g. using my phone (not on WiFi) the requests seem to time out.

I have to check the logs about that and then post back. Somehow I must have still something in my config or going on with the certs.

Thank you for all your help so far. Definitely a learning process.

francislavoie · April 14, 2024, 6:06pm

Then that’s a networking problem, not a problem with Caddy.

Are you sure your router is port forwarding ports 80 and 443? Are you sure your DNS’ A record is correctly set to your WAN IP address? Are you sure your ISP doesn’t use CGNAT (and therefore the IP address given to you is just a “magic IP” that doesn’t actually point to your network, but can point to many other customers at the same time)?

Antergosgeek · April 15, 2024, 1:21am

I know that those things aren’t the issue because when I substitute caddy for nginx then everything works.

My setup:
FQND (hosted at cloudflare) -->CNAME Record–>duckdns (which is linked to my static IP from my ISP)

This works with nginx.

Now for Caddy…This is my Caddyfile

{
  debug
  email myemail@email.com
}

*.my-domain.com {
  tls {
    dns cloudflare TOKEN
    resolvers 1.1.1.1
  }

  # Standard reverse proxy
  @bitwarden host bitwarden.my-domain.com
  handle @bitwarden {
    reverse_proxy http://10.10.1.119:5555
  }

  # Standard reverse proxy
  @otherdockerservice host otherdockerservice.my-domain.com
  handle @otherdockerservice {
    reverse_proxy http://10.10.1.119:8083
  }
}

This is Log from Caddy after I tried with phone on LTE:

bitwarden.my-domain.com works as expected but otherdockerservice.my-domain.com does not.

Log:

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3378534,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"172.70.175.192","remote_port":"25294","subjects":["*.my-domain.com"],"managed":true,"expiration":1720656000,"hash":"cd76a619def2c6da34df09f5164293d1696b83a9adb160406a931985b3899ab7"}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.339019,"logger":"events","msg":"event","name":"tls_get_certificate","id":"5137e367-e56c-4009-bc8c-0bc5f5cf968d","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4866,4867,49195,49196,49199,49200,49171,49192,156,157,47,53,10],"ServerName":"otherdockerservice.my-domain.com","SupportedCurves":[29,23,24,25,25497,65074],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537,513,1539],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771,770,769],"RemoteAddr":{"IP":"172.70.175.234","Port":58978,"Zone":""},"LocalAddr":{"IP":"10.10.1.42","Port":443,"Zone":""}}}}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3390574,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"otherdockerservice.my-domain.com"}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3390634,"logger":"tls.handshake","msg":"choosing certificate","identifier":"*.my-domain.com","num_choices":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3390703,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"*.my-domain.com","subjects":["*.my-domain.com"],"managed":true,"issuer_key":"acme.zerossl.com-v2-DV90","hash":"cd76a619def2c6da34df09f5164293d1696b83a9adb160406a931985b3899ab7"}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3390749,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"172.70.175.234","remote_port":"58978","subjects":["*.my-domain.com"],"managed":true,"expiration":1720656000,"hash":"cd76a619def2c6da34df09f5164293d1696b83a9adb160406a931985b3899ab7"}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3417017,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3446543,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.002880254,"request":{"remote_ip":"172.70.175.69","remote_port":"47248","client_ip":"172.70.175.69","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/googlefonts/fonts-f445e2f605e3093b6ae7cdd950756cd1.css","headers":{"If-None-Match":["\"9ba85f81e610bbd83f4cd96458f03103de1ed8be-gzip\""],"X-Forwarded-Proto":["https"],"Cf-Ipcountry":["US"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"Sec-Fetch-Mode":["no-cors"],"Referer":["https://otherdockerservice.my-domain.com/"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"Cdn-Loop":["cloudflare"],"Accept-Encoding":["gzip, br"],"X-Forwarded-For":["172.70.175.69"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Ray":["8747ec0d5d3c9c3a-IAD"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Sec-Fetch-Dest":["style"],"Sec-Fetch-Site":["same-origin"],"If-Modified-Since":["Wed, 05 Jul 2023 01:30:47 GMT"],"Accept":["text/css,*/*;q=0.1"],"Accept-Language":["en-US,en;q=0.9"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Cache-Control":["no-cache"],"Last-Modified":["Wed, 05 Jul 2023 01:30:47 GMT"],"Vary":["origin,accept-encoding"],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Connection":["keep-alive"],"Keep-Alive":["timeout=5"],"Content-Type":["text/css; charset=utf-8"],"Etag":["\"9ba85f81e610bbd83f4cd96458f03103de1ed8be-gzip\""]},"status":304}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3476682,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3486354,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.350106,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.00237126,"request":{"remote_ip":"172.70.175.84","remote_port":"12904","client_ip":"172.70.175.84","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/chunk.143.ca5f30a5dd16129820f9.js","headers":{"Cf-Ipcountry":["US"],"If-None-Match":["\"2b1200b7e836a1bef0d160d30b30f856909074e9-gzip\""],"Accept-Encoding":["gzip, br"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Sec-Fetch-Mode":["no-cors"],"X-Forwarded-For":["172.70.175.84"],"Accept":["*/*"],"Sec-Fetch-Site":["same-origin"],"Accept-Language":["en-US,en;q=0.9"],"Referer":["https://otherdockerservice.my-domain.com/"],"Sec-Fetch-Dest":["script"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"Cdn-Loop":["cloudflare"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Cf-Ray":["8747ec0d5d439c3a-IAD"],"If-Modified-Since":["Wed, 05 Jul 2023 01:31:23 GMT"],"X-Forwarded-Proto":["https"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Last-Modified":["Wed, 05 Jul 2023 01:31:23 GMT"],"Etag":["\"2b1200b7e836a1bef0d160d30b30f856909074e9-gzip\""],"Keep-Alive":["timeout=5"],"Content-Type":["application/javascript; charset=utf-8"],"Vary":["origin,accept-encoding"],"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Cache-Control":["no-cache"],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Connection":["keep-alive"]},"status":304}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3505666,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3526225,"logger":"events","msg":"event","name":"tls_get_certificate","id":"35992147-88a2-4c48-92e5-dfbd3acfee11","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4866,4867,49195,49196,49199,49200,49171,49192,156,157,47,53,10],"ServerName":"otherdockerservice.my-domain.com","SupportedCurves":[29,23,24,25,25497,65074],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537,513,1539],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771,770,769],"RemoteAddr":{"IP":"172.70.174.202","Port":10434,"Zone":""},"LocalAddr":{"IP":"10.10.1.42","Port":443,"Zone":""}}}}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.365302,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"otherdockerservice.my-domain.com"}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.365823,"logger":"tls.handshake","msg":"choosing certificate","identifier":"*.my-domain.com","num_choices":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3659961,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"*.my-domain.com","subjects":["*.my-domain.com"],"managed":true,"issuer_key":"acme.zerossl.com-v2-DV90","hash":"cd76a619def2c6da34df09f5164293d1696b83a9adb160406a931985b3899ab7"}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3661582,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"172.70.174.202","remote_port":"10434","subjects":["*.my-domain.com"],"managed":true,"expiration":1720656000,"hash":"cd76a619def2c6da34df09f5164293d1696b83a9adb160406a931985b3899ab7"}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.368532,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3689797,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3698955,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.370274,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3700519,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3709905,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.371888,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.02119705,"request":{"remote_ip":"172.70.175.91","remote_port":"43912","client_ip":"172.70.175.91","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/smart/bootstrap.min-02620c5d53fbe3f971cefb3d5acc0c87.css","headers":{"Referer":["https://otherdockerservice.my-domain.com/"],"X-Forwarded-For":["172.70.175.91"],"Accept-Encoding":["gzip, br"],"Sec-Fetch-Mode":["no-cors"],"Cf-Ray":["8747ec0d5d3f9c3a-IAD"],"Cf-Ipcountry":["US"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Site":["same-origin"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"Accept":["text/css,*/*;q=0.1"],"If-Modified-Since":["Wed, 05 Jul 2023 01:30:48 GMT"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Sec-Fetch-Dest":["style"],"If-None-Match":["\"792e438732163252f1108d005376922556c911a0-gzip\""],"Cdn-Loop":["cloudflare"],"Accept-Language":["en-US,en;q=0.9"],"Cf-Visitor":["{\"scheme\":\"https\"}"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Vary":["origin,accept-encoding"],"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Keep-Alive":["timeout=5"],"Content-Type":["text/css; charset=utf-8"],"Last-Modified":["Wed, 05 Jul 2023 01:30:48 GMT"],"Etag":["\"792e438732163252f1108d005376922556c911a0-gzip\""],"Cache-Control":["no-cache"],"Connection":["keep-alive"]},"status":304}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3721683,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3724356,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.023758475,"request":{"remote_ip":"172.70.174.114","remote_port":"13244","client_ip":"172.70.174.114","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/img/mybg.png","headers":{"X-Forwarded-Proto":["https"],"Referer":["https://otherdockerservice.my-domain.com/"],"X-Forwarded-For":["172.70.174.114"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"Accept-Language":["en-US,en;q=0.9"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Mode":["no-cors"],"Cdn-Loop":["cloudflare"],"Cf-Ray":["8747ec0d5d499c3a-IAD"],"Accept-Encoding":["gzip, br"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept":["image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"],"Sec-Fetch-Site":["same-origin"],"Cf-Ipcountry":["US"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Cache-Control":["no-cache"],"Connection":["keep-alive"],"Content-Type":["text/html; charset=utf-8"],"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Content-Encoding":["gzip"],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Keep-Alive":["timeout=5"],"Vary":["origin,accept-encoding"]},"status":200}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3726215,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3729522,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3724446,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3738265,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3749585,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.004282443,"request":{"remote_ip":"172.70.175.30","remote_port":"19888","client_ip":"172.70.175.30","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/bootstrap/js/bootstrap-fb81549ee2896513a1ed5714b1b1a0f0.js","headers":{"Sec-Fetch-Mode":["no-cors"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"Referer":["https://otherdockerservice.my-domain.com/"],"Cdn-Loop":["cloudflare"],"Accept":["*/*"],"If-Modified-Since":["Wed, 05 Jul 2023 01:31:22 GMT"],"Sec-Fetch-Site":["same-origin"],"Cf-Ray":["8747ec0d5d459c3a-IAD"],"X-Forwarded-Proto":["https"],"Accept-Encoding":["gzip, br"],"X-Forwarded-For":["172.70.175.30"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Accept-Language":["en-US,en;q=0.9"],"Sec-Fetch-Dest":["script"],"Cf-Ipcountry":["US"],"If-None-Match":["\"9c43e7a9870bc6200aeb6af54c8d6eb9591a1059-gzip\""]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Content-Type":["application/javascript; charset=utf-8"],"Etag":["\"9c43e7a9870bc6200aeb6af54c8d6eb9591a1059-gzip\""],"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Cache-Control":["no-cache"],"Last-Modified":["Wed, 05 Jul 2023 01:31:22 GMT"],"Vary":["origin,accept-encoding"],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Connection":["keep-alive"],"Keep-Alive":["timeout=5"]},"status":304}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3752825,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.005185973,"request":{"remote_ip":"172.70.175.228","remote_port":"60382","client_ip":"172.70.175.228","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/jstree/proton/style-4d4d93b526e61016eed1139ddd515caa.css","headers":{"If-Modified-Since":["Wed, 05 Jul 2023 01:30:47 GMT"],"Sec-Fetch-Mode":["no-cors"],"Cdn-Loop":["cloudflare"],"X-Forwarded-For":["172.70.175.228"],"Sec-Fetch-Dest":["style"],"Cf-Ray":["8747ec0d5d399c3a-IAD"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Cf-Ipcountry":["US"],"Accept-Encoding":["gzip, br"],"Accept":["text/css,*/*;q=0.1"],"Referer":["https://otherdockerservice.my-domain.com/"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"Sec-Fetch-Site":["same-origin"],"If-None-Match":["\"ab1c7a23ea491b4a6fe847ccf39bf51466bc5367-gzip\""],"X-Forwarded-Proto":["https"],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Keep-Alive":["timeout=5"],"Etag":["\"ab1c7a23ea491b4a6fe847ccf39bf51466bc5367-gzip\""],"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Vary":["origin,accept-encoding"],"Cache-Control":["no-cache"],"Connection":["keep-alive"],"Content-Type":["text/css; charset=utf-8"],"Last-Modified":["Wed, 05 Jul 2023 01:30:47 GMT"]},"status":304}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3762085,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.003993571,"request":{"remote_ip":"172.70.175.234","remote_port":"58978","client_ip":"172.70.175.234","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/hterm/hterm_all-7d5510ce9fab9ac46a5bc1b00bcc6e3d.js","headers":{"Accept-Language":["en-US,en;q=0.9"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Dest":["script"],"Cdn-Loop":["cloudflare"],"If-None-Match":["\"3c28c49b73422ced976cf3a5826ac2e78e5f9870-gzip\""],"Referer":["https://otherdockerservice.my-domain.com/"],"Cf-Ray":["8747ec0d5d4d9c3a-IAD"],"Accept-Encoding":["gzip, br"],"X-Forwarded-Proto":["https"],"Accept":["*/*"],"X-Forwarded-For":["172.70.175.234"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Sec-Fetch-Mode":["no-cors"],"If-Modified-Since":["Wed, 05 Jul 2023 01:31:55 GMT"],"Cf-Ipcountry":["US"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Cache-Control":["no-cache"],"Keep-Alive":["timeout=5"],"Content-Type":["application/javascript; charset=utf-8"],"Etag":["\"3c28c49b73422ced976cf3a5826ac2e78e5f9870-gzip\""],"Vary":["origin,accept-encoding"],"Last-Modified":["Wed, 05 Jul 2023 01:31:55 GMT"],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Connection":["keep-alive"]},"status":304}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3786173,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.007433359,"request":{"remote_ip":"172.70.174.241","remote_port":"52518","client_ip":"172.70.174.241","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/backgrounds/bg_shadow-light_community-a4ca26f9e05e9c149a62d800f62ce7b2.png","headers":{"If-Modified-Since":["Wed, 05 Jul 2023 01:30:39 GMT"],"Cdn-Loop":["cloudflare"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Site":["same-origin"],"Accept-Language":["en-US,en;q=0.9"],"Referer":["https://otherdockerservice.my-domain.com/"],"Accept":["image/webp,image/avif,image/jxl,image/heic,image/heic-sequence,video/*;q=0.8,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"Cf-Ipcountry":["US"],"Cf-Ray":["8747ec0d5d4a9c3a-IAD"],"X-Forwarded-For":["172.70.174.241"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"Accept-Encoding":["gzip, br"],"Sec-Fetch-Dest":["image"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Sec-Fetch-Mode":["no-cors"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"If-None-Match":["\"4f8bde222c9c28dcf360fce4dafef0363b92b0d0\""]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Content-Type":["image/png"],"Last-Modified":["Wed, 05 Jul 2023 01:30:39 GMT"],"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Cache-Control":["no-cache"],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Connection":["keep-alive"],"Etag":["\"4f8bde222c9c28dcf360fce4dafef0363b92b0d0\""],"Vary":["origin"],"Keep-Alive":["timeout=5"]},"status":304}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3789296,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.009827536,"request":{"remote_ip":"172.70.174.168","remote_port":"49672","client_ip":"172.70.174.168","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/googlefonts/quicksand-v20-latin-regular.woff2","headers":{"Cf-Ipcountry":["US"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Ray":["8747ec0d5d489c3a-IAD"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"Cdn-Loop":["cloudflare"],"If-None-Match":["\"0e2421b067d6fd2bad93352eb971c42022e6521b\""],"Sec-Fetch-Dest":["font"],"Accept-Encoding":["gzip, br"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-US,en;q=0.9"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"X-Forwarded-For":["172.70.174.168"],"Accept":["*/*"],"Referer":["https://otherdockerservice.my-domain.com/"],"If-Modified-Since":["Wed, 05 Jul 2023 01:18:12 GMT"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Connection":["keep-alive"],"Keep-Alive":["timeout=5"],"Content-Type":["font/woff2"],"Cache-Control":["no-cache"],"Vary":["origin"],"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Last-Modified":["Wed, 05 Jul 2023 01:18:12 GMT"],"Etag":["\"0e2421b067d6fd2bad93352eb971c42022e6521b\""]},"status":304}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.379265,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.010628192,"request":{"remote_ip":"172.70.174.192","remote_port":"62328","client_ip":"172.70.174.192","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/font-awesome/css/font-awesome.min-269550530cc127b6aa5a35925a7de6ce.css","headers":{"Cdn-Loop":["cloudflare"],"If-None-Match":["\"512c7d79033e3028a9be61b540cf1a6870c896f8-gzip\""],"Sec-Fetch-Dest":["style"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"Accept-Encoding":["gzip, br"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"If-Modified-Since":["Wed, 05 Jul 2023 01:30:47 GMT"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-US,en;q=0.9"],"Sec-Fetch-Mode":["no-cors"],"Cf-Ray":["8747ec0d5d3b9c3a-IAD"],"Accept":["text/css,*/*;q=0.1"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"Referer":["https://otherdockerservice.my-domain.com/"],"Cf-Ipcountry":["US"],"X-Forwarded-For":["172.70.174.192"],"Sec-Fetch-Site":["same-origin"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Content-Type":["text/css; charset=utf-8"],"Last-Modified":["Wed, 05 Jul 2023 01:30:47 GMT"],"Etag":["\"512c7d79033e3028a9be61b540cf1a6870c896f8-gzip\""],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Keep-Alive":["timeout=5"],"Vary":["origin,accept-encoding"],"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Cache-Control":["no-cache"],"Connection":["keep-alive"]},"status":304}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3794081,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.008989714,"request":{"remote_ip":"172.70.175.177","remote_port":"33770","client_ip":"172.70.175.177","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/chunk.410.d00545e69266af02ffad.js","headers":{"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept":["*/*"],"Accept-Encoding":["gzip, br"],"Cf-Ray":["8747ec0d5d509c3a-IAD"],"Accept-Language":["en-US,en;q=0.9"],"Referer":["https://otherdockerservice.my-domain.com/"],"Cf-Ipcountry":["US"],"Sec-Fetch-Dest":["script"],"X-Forwarded-Proto":["https"],"X-Forwarded-For":["172.70.175.177"],"Cdn-Loop":["cloudflare"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Etag":["\"924dbc9cb9696fdcc562b7ee1092874aebc985fb-gzip\""],"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Cache-Control":["no-cache"],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Keep-Alive":["timeout=5"],"Content-Type":["application/javascript; charset=utf-8"],"Last-Modified":["Wed, 05 Jul 2023 01:31:45 GMT"],"Vary":["origin,accept-encoding"],"Accept-Ranges":["bytes"],"Content-Encoding":["gzip"],"Connection":["keep-alive"]},"status":200}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3799024,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.00724107,"request":{"remote_ip":"172.70.175.192","remote_port":"25294","client_ip":"172.70.175.192","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/otherdockerservice-c05e82bc3bf39c1c5a42afa8da294b41.css","headers":{"Cf-Ray":["8747ec0d5d4b9c3a-IAD"],"Referer":["https://otherdockerservice.my-domain.com/"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"Accept":["text/css,*/*;q=0.1"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Mode":["no-cors"],"If-None-Match":["\"0f033d87b979f3da9bcc7aca359c25defefda857-gzip\""],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Cdn-Loop":["cloudflare"],"Sec-Fetch-Dest":["style"],"Accept-Encoding":["gzip, br"],"Accept-Language":["en-US,en;q=0.9"],"If-Modified-Since":["Wed, 05 Jul 2023 01:30:48 GMT"],"X-Forwarded-Proto":["https"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"X-Forwarded-For":["172.70.175.192"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Ipcountry":["US"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Last-Modified":["Wed, 05 Jul 2023 01:30:48 GMT"],"Etag":["\"0f033d87b979f3da9bcc7aca359c25defefda857-gzip\""],"Cache-Control":["no-cache"],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Content-Type":["text/css; charset=utf-8"],"Vary":["origin,accept-encoding"],"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Connection":["keep-alive"],"Keep-Alive":["timeout=5"]},"status":304}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.3799155,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.006547871,"request":{"remote_ip":"172.70.175.68","remote_port":"49856","client_ip":"172.70.175.68","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/vendor-09ed4187206081be70bd3433cbaac85d.css","headers":{"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"If-None-Match":["\"b9331fde1d3692c9f9ae0bad9a97630778441c03-gzip\""],"Accept-Language":["en-US,en;q=0.9"],"Cf-Ipcountry":["US"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Sec-Fetch-Dest":["style"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"Sec-Fetch-Site":["same-origin"],"X-Forwarded-For":["172.70.175.68"],"Accept":["text/css,*/*;q=0.1"],"Cf-Ray":["8747ec0d5d419c3a-IAD"],"Referer":["https://otherdockerservice.my-domain.com/"],"Sec-Fetch-Mode":["no-cors"],"Cdn-Loop":["cloudflare"],"If-Modified-Since":["Wed, 05 Jul 2023 01:30:48 GMT"],"Accept-Encoding":["gzip, br"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Vary":["origin,accept-encoding"],"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Cache-Control":["no-cache"],"Connection":["keep-alive"],"Keep-Alive":["timeout=5"],"Content-Type":["text/css; charset=utf-8"],"Last-Modified":["Wed, 05 Jul 2023 01:30:48 GMT"],"Etag":["\"b9331fde1d3692c9f9ae0bad9a97630778441c03-gzip\""],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"]},"status":304}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.38117,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.007305444,"request":{"remote_ip":"172.70.175.65","remote_port":"29334","client_ip":"172.70.175.65","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/fonts/iconfonty/style-1d69977ede13d68d751d512350688e52.css","headers":{"If-Modified-Since":["Wed, 05 Jul 2023 01:30:47 GMT"],"If-None-Match":["\"ed2f1a463865e572018dfce0fc690e11919bdd0c-gzip\""],"Accept":["text/css,*/*;q=0.1"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Referer":["https://otherdockerservice.my-domain.com/"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Dest":["style"],"Cf-Ipcountry":["US"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"X-Forwarded-For":["172.70.175.65"],"Cf-Ray":["8747ec0d5d449c3a-IAD"],"Cdn-Loop":["cloudflare"],"Sec-Fetch-Site":["same-origin"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"Accept-Language":["en-US,en;q=0.9"],"Accept-Encoding":["gzip, br"],"Sec-Fetch-Mode":["no-cors"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Connection":["keep-alive"],"Keep-Alive":["timeout=5"],"Content-Type":["text/css; charset=utf-8"],"Last-Modified":["Wed, 05 Jul 2023 01:30:47 GMT"],"Etag":["\"ed2f1a463865e572018dfce0fc690e11919bdd0c-gzip\""],"Vary":["origin,accept-encoding"],"Cache-Control":["no-cache"]},"status":304}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.384231,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.011226725,"request":{"remote_ip":"172.70.175.108","remote_port":"62198","client_ip":"172.70.175.108","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/vendor-2aa45994caba86fc11166075af997963.js","headers":{"Cf-Ipcountry":["US"],"Sec-Fetch-Mode":["no-cors"],"Accept":["*/*"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"Cdn-Loop":["cloudflare"],"Sec-Fetch-Dest":["script"],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-For":["172.70.175.108"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Accept-Encoding":["gzip, br"],"Sec-Fetch-Site":["same-origin"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Referer":["https://otherdockerservice.my-domain.com/"],"Cf-Ray":["8747ec0d5d4e9c3a-IAD"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Cache-Control":["no-cache"],"Accept-Ranges":["bytes"],"Content-Encoding":["gzip"],"Content-Type":["application/javascript; charset=utf-8"],"Last-Modified":["Wed, 05 Jul 2023 01:33:50 GMT"],"Etag":["\"6bc91e6b3190ba63968926d533a4b24eaf1318f2-gzip\""],"Vary":["origin,accept-encoding"],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Connection":["keep-alive"],"Keep-Alive":["timeout=5"]},"status":200}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.39721,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.1.119:8083","total_upstreams":1}

Apr 14 19:47:03 ltsInstance caddy[45571]: {"level":"debug","ts":1713142023.4008992,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.1.119:8083","duration":0.00363916,"request":{"remote_ip":"172.70.174.202","remote_port":"10434","client_ip":"172.70.174.202","proto":"HTTP/2.0","method":"GET","host":"otherdockerservice.my-domain.com","uri":"/assets/otherdockerservice-9d202da675b83d1eef347df2608aa52e.js","headers":{"X-Forwarded-For":["172.70.174.202"],"User-Agent":["Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Mobile/15E148 Safari/604.1"],"Referer":["https://otherdockerservice.my-domain.com/"],"Accept-Language":["en-US,en;q=0.9"],"Sec-Fetch-Mode":["no-cors"],"X-Forwarded-Host":["otherdockerservice.my-domain.com"],"Cf-Ray":["8747ec0d5d519c3a-IAD"],"Accept":["*/*"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"X-Forwarded-Proto":["https"],"Cf-Ipcountry":["US"],"Accept-Encoding":["gzip, br"],"Sec-Fetch-Dest":["script"],"Cf-Connecting-Ip":["2607:fb90:ee60:de71:9ccc:3e7f:fd19:3cfe"],"Sec-Fetch-Site":["same-origin"],"Cdn-Loop":["cloudflare"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"otherdockerservice.my-domain.com"}},"headers":{"Cache-Control":["no-cache"],"Accept-Ranges":["bytes"],"Content-Encoding":["gzip"],"Keep-Alive":["timeout=5"],"Vary":["origin,accept-encoding"],"Access-Control-Expose-Headers":["WWW-Authenticate,Server-Authorization"],"Etag":["\"22abf1ac90dbcc0abb21c5708bfbc2904ec1b894-gzip\""],"Date":["Mon, 15 Apr 2024 00:47:03 GMT"],"Connection":["keep-alive"],"Content-Type":["application/javascript; charset=utf-8"],"Last-Modified":["Wed, 05 Jul 2023 01:32:10 GMT"]},"status":200}

As additional explanation:
ltsInstance is the name of my multipass-vm running ubuntu. The IP of the ltsInstance is 10.10.1.42. The host on which the VM is running has 10.10.1.119 as IP.

I think it has to do with the wildcard certificate and it not being recognized for otherdockerservice.my-domain.com but I am unsure at this point.

Thank you for all your help. And sorry did not know exactly which part of the log file to copy into the text due to the character limit. I left the part out where bitwarden works. Can post that separate if you need it.

Like I said exact same forwarding works on NGINX with a wildcard certificate that is autogenerated (LetsEncrypt). I would however really like to switch to Caddy since my NGINX setup has some trouble with forwarding real IPs which prevents me from implementing Fail2ban. Equally not taking these startup hiccups into account I feel that Caddy is simpler to setup and hopefully manage.

francislavoie · April 15, 2024, 1:35am

No, the logs for that look fine. It’s just the first step in determining which certificate to load. First it checks for a certificate that’s an exact match, which it doesn’t find (as expected) and then it looks for one with the first label replaced with a * (i.e. wildcard) and finds it, so then it continues and the TLS handshake succeeds.

I don’t see any evidence of a problem here. Are you showing logs from a request from within your internal network? What behaviour are you actually seeing? What does your browser on mobile do?

Antergosgeek · April 15, 2024, 2:42am

By now the otherdockerservice.my-domain.com does not work on internal network as well as LTE. maybe it was just cashed on the internal network before. Just spinning now on both when I access it with the domain name. However when I access it using http://10.10.1.119:8083 then it pulls it right up.

Does the Status 200 in the last line not mean it isn’t working?

francislavoie · April 15, 2024, 3:58am

Status 200 is a good response. It means the upstream responded normally.

Again, you haven’t shown any evidence of the problem. I can’t help without evidence. Show logs, show error messages, etc.