Blank pages when using Docker

rains · June 12, 2023, 5:47am

1. The problem I’m having:

I ran the site with the following configuration and the page was blank after accessing via http, but it was accessible normally via https.

If I change the configuration to the following, I can access it normally again using http://pic.domain2.com.

pic.domain1.com, pic.domain2.com:80 {
	root * /www/wwwroot/pic.domain2.com/public
	php_fastcgi php-fpm:9000
	file_server
}

2. Error messages and/or full log output:

To protect the site, I replaced the logs and the domain in the configuration file. But I don’t see any valid information from the logs

{"level":"info","ts":1686548029.5510778,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1686548029.5630326,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":3}
{"level":"info","ts":1686548029.5704167,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1686548029.5726993,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"warn","ts":1686548029.573492,"logger":"http","msg":"automatic HTTP->HTTPS redirects are disabled","server_name":"srv0"}
{"level":"warn","ts":1686548029.573579,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
{"level":"info","ts":1686548029.5787704,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1686548029.5789237,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
{"level":"info","ts":1686548029.5790515,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1686548029.5791352,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
{"level":"info","ts":1686548029.5792065,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["tool.rainss.cn","pic.suger.live","pic.rainss.cn","api.rainss.cn","suger.live","rainss.cn"]}
{"level":"info","ts":1686548029.5850537,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000441730"}
{"level":"info","ts":1686548029.5852144,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1686548029.5861866,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1686548029.5866659,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1686548029.5867283,"msg":"serving initial configuration"}

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

Docker 20.10.5+dfsg1

a. System environment:

Debian GNU/Linux 11 (bullseye)

b. Command:

c. Service/unit/compose file:

version: '3.2'
services:
  webservice:
    container_name: caddy
    image: caddy:latest
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - /etc/localtime:/etc/localtime
      - /opt/caddy/Caddyfile:/etc/caddy/Caddyfile
      - /opt/caddy/config:/config
      - /opt/caddy/data:/data
      - /www/wwwroot:/www/wwwroot
    depends_on:
      - php-cgi
    restart: always
    networks:
      - website
  php-cgi:
    container_name: php-fpm
    image: rainautos/php-fpm:8.1.15
    volumes:
      - /etc/localtime:/etc/localtime
      - /www/wwwroot:/www/wwwroot
    restart: always
    networks:
      - website
networks:
  website:
    external: true

d. My complete Caddy config:

{
    email example@example.com
    auto_https disable_redirects
}
pic.domain1.com, pic.domain2.com {
	root * /www/wwwroot/pic.domain2.com/public
	php_fastcgi php-fpm:9000
	file_server
}

francislavoie · June 12, 2023, 5:59am

What do you see when you make a request with curl -v? Turn on the debug global option, what do you see in Caddy’s logs after making a request?

rains · June 12, 2023, 6:21am

I have turned on the global debug option, but no logs are generated after using curl -v.

*   Trying 82.xx.65.155:80...
* Connected to pic.xx.com(82.xx.65.155) port 80 (#0)
> GET / HTTP/1.1
> Host: pic.xx.com
> User-Agent: curl/7.74.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: Caddy
< Date: Mon, 12 Jun 2023 06:16:52 GMT
< Content-Length: 0
< 
* Connection #0 to host pic.xx.com left intact

rains · June 12, 2023, 6:30am

But my access to https has logs generated

Trying 82.xx.65.155:443…
Connected to pic.xx.com (82.xx.65.155) port 443 (#0)
schannel: disabled automatic use of client certificate
ALPN: offers http/1.1
ALPN: server accepted http/1.1
using HTTP/1.1
> GET /1.php HTTP/1.1
> Host: pic.xx.com
> User-Agent: curl/8.0.1
> Accept: /
>
schannel: remote party requests renegotiation
schannel: renegotiating SSL/TLS connection
schannel: SSL/TLS connection renegotiated
< HTTP/1.1 200 OK
< Alt-Svc: h3=“:443”; ma=2592000
< Content-Type: text/html; charset=UTF-8
< Server: Caddy
< X-Powered-By: PHP/8.1.15
< Date: Mon, 12 Jun 2023 06:24:13 GMT
< Content-Length: 13
<
test response* Connection #0 to host pic.xx.com left intact

{"level":"debug","ts":1686551239.0987267,"logger":"events","msg":"event","name":"tls_get_certificate","id":"47d0b9a8-3ca0-4411-a6a2-a25a6d68d28f","origin":"tls","data":{"client_hello":{"CipherSuites":[4866,4865,49196,49195,49200,49199,49188,49187,49192,49191,49162,49161,49172,49171,157,156,61,60,53,47],"ServerName":"pic.xx.com","SupportedCurves":[29,23,24],"SupportedPoints":null,"SignatureSchemes":[2052,2053,2054,1025,1281,513,1027,1283,515,514,1537,1539],"SupportedProtos":["http/1.1"],"SupportedVersions":[772,771,770,769],"Conn":{}}}}
{"level":"debug","ts":1686551239.0987973,"logger":"tls.handshake","msg":"choosing certificate","identifier":"pic.xx.com","num_choices":1}
{"level":"debug","ts":1686551239.0988088,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"pic.xx.com","subjects":["pic.xx.com"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"113c5a6fac908c0fa3d5c1c025c543d3c71129e886d3b4fb5b89c594dae942db"}
{"level":"debug","ts":1686551239.098814,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"111.121.108.222","remote_port":"33623","subjects":["pic.xx.com"],"managed":true,"expiration":1694248473,"hash":"113c5a6fac908c0fa3d5c1c025c543d3c71129e886d3b4fb5b89c594dae942db"}
{"level":"debug","ts":1686551239.1417654,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"php-fpm:9000","total_upstreams":1}
{"level":"debug","ts":1686551239.1418664,"logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_ip":"111.121.108.222","remote_port":"33623","proto":"HTTP/1.1","method":"GET","host":"pic.xx.com","uri":"/1.php","headers":{"User-Agent":["curl/8.0.1"],"Accept":["*/*"],"X-Forwarded-For":["111.121.108.222"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["pic.xx.com"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","server_name":"pic.xx.com"}},"env":{"REMOTE_ADDR":"111.121.108.222","SERVER_NAME":"pic.xx.com","GATEWAY_INTERFACE":"CGI/1.1","REMOTE_IDENT":"","QUERY_STRING":"","REQUEST_URI":"/1.php","SERVER_PORT":"443","HTTP_X_FORWARDED_FOR":"111.121.108.222","HTTP_USER_AGENT":"curl/8.0.1","CONTENT_TYPE":"","REMOTE_HOST":"111.121.108.222","SERVER_PROTOCOL":"HTTP/1.1","CONTENT_LENGTH":"","REQUEST_METHOD":"GET","HTTP_X_FORWARDED_HOST":"pic.xx.com","HTTP_X_FORWARDED_PROTO":"https","AUTH_TYPE":"","HTTP_HOST":"pic.xx.com","SSL_PROTOCOL":"TLSv1.3","REQUEST_SCHEME":"https","DOCUMENT_ROOT":"/www/wwwroot/pic.suger.live/public","SCRIPT_FILENAME":"/www/wwwroot/pic.suger.live/public/1.php","HTTPS":"on","HTTP_ACCEPT":"*/*","PATH_INFO":"","REMOTE_PORT":"33623","SCRIPT_NAME":"/1.php","REMOTE_USER":"","SERVER_SOFTWARE":"Caddy/v2.6.4","SSL_CIPHER":"TLS_AES_128_GCM_SHA256","DOCUMENT_URI":"/1.php"},"dial":"php-fpm:9000","env":{"REMOTE_USER":"","SERVER_SOFTWARE":"Caddy/v2.6.4","SSL_CIPHER":"TLS_AES_128_GCM_SHA256","DOCUMENT_URI":"/1.php","GATEWAY_INTERFACE":"CGI/1.1","REMOTE_IDENT":"","QUERY_STRING":"","REMOTE_ADDR":"111.121.108.222","SERVER_NAME":"pic.xx.com","CONTENT_TYPE":"","REMOTE_HOST":"111.121.108.222","SERVER_PROTOCOL":"HTTP/1.1","REQUEST_URI":"/1.php","SERVER_PORT":"443","HTTP_X_FORWARDED_FOR":"111.121.108.222","HTTP_USER_AGENT":"curl/8.0.1","CONTENT_LENGTH":"","REQUEST_METHOD":"GET","HTTP_X_FORWARDED_HOST":"pic.xx.com","AUTH_TYPE":"","HTTP_HOST":"pic.xx.com","SSL_PROTOCOL":"TLSv1.3","HTTP_X_FORWARDED_PROTO":"https","REQUEST_SCHEME":"https","DOCUMENT_ROOT":"/www/wwwroot/pic.suger.live/public","SCRIPT_FILENAME":"/www/wwwroot/pic.suger.live/public/1.php","PATH_INFO":"","REMOTE_PORT":"33623","SCRIPT_NAME":"/1.php","HTTPS":"on","HTTP_ACCEPT":"*/*"},"request":{"remote_ip":"111.121.108.222","remote_port":"33623","proto":"HTTP/1.1","method":"GET","host":"pic.xx.com","uri":"/1.php","headers":{"User-Agent":["curl/8.0.1"],"Accept":["*/*"],"X-Forwarded-For":["111.121.108.222"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["pic.xx.com"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","server_name":"pic.xx.com"}}}
{"level":"debug","ts":1686551239.1433005,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"php-fpm:9000","duration":0.001473409,"request":{"remote_ip":"111.121.108.222","remote_port":"33623","proto":"HTTP/1.1","method":"GET","host":"pic.xx.com","uri":"/1.php","headers":{"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["pic.xx.com"],"User-Agent":["curl/8.0.1"],"Accept":["*/*"],"X-Forwarded-For":["111.121.108.222"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","server_name":"pic.xx.com"}},"headers":{"Content-Type":["text/html; charset=UTF-8"],"X-Powered-By":["PHP/8.1.15"]},"status":200}

francislavoie · June 12, 2023, 6:48am

You disabled redirects, but didn’t instruct Caddy to actually do anything with HTTP requests, so all it can do is write an empty response.

What are you trying to do exactly?

rains · June 12, 2023, 7:18am

I just want to use both http and https access without redirects, if I don’t use auto_https disable_redirects , how should I configure it? Or can I disable redirects for one site alone?

francislavoie · June 12, 2023, 8:02am

List both in your site addresses. E.g. http://example.com, example.com

rains · June 12, 2023, 8:19am

Thanks for your answer, I’ll try it.

system · July 12, 2023, 8:19am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.