Caddy 2.1.1 catch-all doesn't work anymore

Sebastian_Perez · July 13, 2020, 2:04pm

1. Caddy version (`caddy version`):

2.1.1

2. How I run Caddy:

a. System environment:

Amazon Linux 2

b. Command:

service caddy start

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/config.json
ExecReload=/usr/bin/caddy reload --config /etc/caddy/config.json
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

c. Service/unit/compose file:

./xcaddy build --with github.com/caddy-dns/cloudflare --with github.com/gamalan/caddy-tlsredis

d. My complete Caddyfile or JSON config:

{
	"admin": {
		"disabled": false,
		"listen": "0.0.0.0:2020",
		"config": {
			"persist": true
		}
	},
	"logging": {
		"sink": {
			"writer": {
			"output": "file",
			"filename": "/tmp/caddy-Go.log"
		}
		},
		"logs": {
			"default": {
				"writer": {
					"output": "file",
					"filename": "/tmp/caddy-tmp.log"
				},
				"encoder": {
					"format": "json"
				},
				"level": "WARN"
			}
		}
    },
    "storage": {
		"address": "sessions-and-cache.xxxxx.clustercfg.usw2.cache.amazonaws.com:6379",
		"aes_key": "redistls-01234567890-caddytls-32",
		"db": 1,
		"host": "sessions-and-cache.xxxxx.clustercfg.usw2.cache.amazonaws.com",
		"key_prefix": "caddytls",
		"module": "redis",
		"password": "",
		"port": "6379",
		"timeout": 5,
		"tls_enabled": false,
		"tls_insecure": true,
		"value_prefix": "caddy-storage-redis"
	},
	"apps": {
		"tls": {
			"automation": {
				"policies": [{
					"subjects": ["*.mydomain.com"],
					"issuer": {
						"module": "acme",
						"email": "soporte@mydomain.com",
						"challenges": {
							"dns": {
								"provider": {
									"name": "cloudflare",
									"api_token": "xxx"
								}
							}
						}
					},
					"on_demand": false
				},
				{
					"issuer": {
						"module": "acme",
						"email": "soporte@mydomain.com"
					},
					"on_demand": true
				}],
				"on_demand": {
					"rate_limit": {
						"interval": "5m",
						"burst": 100
					},
					"ask": "http://certs.mydomain.com/delegated.php"
				}
			}
		},
		"http": {
			"http_port": 80,
			"https_port": 443,
			"servers": {
				"tiendas": {
					"listen": [":80",":443"],
					"max_header_bytes": 41943040,
					"routes": [{
                        "match": [{
                            "host": ["guiacanaveral.com"]
                        }],
                        "handle": [{
                            "handler": "encode",
                            "encodings": {
                                "gzip": {},
                                "zstd": {}
                            }
                            },
                            {
                            "handler": "reverse_proxy",
                            "upstreams": [{
                                "dial": "172.31.53.124:80"
                            }]
                        }]
                    },
                    {
                        "match": [{
                                "host": ["admintienda.guiacanaveral.com"]
                        }],
                        "handle": [{
                                "handler": "encode",
                                "encodings": {
                                    "gzip": {},
                                    "zstd": {}
                                }
                            },
                            {
                                "handler": "reverse_proxy",
                                "upstreams": [{
                                        "dial": "172.31.60.234:80"
                                }]
                        }]
                    },
                    {
                        "match": [{
                                "host": ["api.guiacanaveral.com"]
                        }],
                        "handle": [{
                            "handler": "encode",
                            "encodings": {
                                "gzip": {},
                                "zstd": {}
                            }
                        },
                        {
                            "handler": "reverse_proxy",
                            "upstreams": [{
                                    "dial": "172.31.63.108:80"
                            }]
                        }]
                    },
                    {
                        "group": "grupo1",
                        "match": [{
                            "host": ["certs.guiacanaveral.com"]
                        }],
                        "handle": [{
                            "handler": "reverse_proxy",
                            "transport": {
                                "protocol": "fastcgi",
                                "root": "/var/www/html/"
                            },
                            "upstreams": [{
                                "dial": "unix//var/run/php.sock"
                            }]
                        }],
                        "terminal": true
                    },
                    {
                        "group": "grupo1",
                        "match": [{
                            "host": ["*.mydomain.com"]
                        }],
                        "handle": [{
                            "handler": "encode",
                            "encodings": {
                            "gzip": {},
                            "zstd": {}
                            }
                        },
                        {
                            "handler": "reverse_proxy",
                            "upstreams": [{
                                "dial": "172.31.4.60:80"
                            }]
                        }],
                        "terminal": true
                    },
                    {
                        "group": "grupo1",
                        "handle": [{
                            "handler": "encode",
                            "encodings": {
                            "gzip": {},
                            "zstd": {}
                            }
                        },
                        {
                            "handler": "reverse_proxy",
                            "upstreams": [{
                                "dial": "172.31.4.60:80"
                            }]
                        }],
                        "terminal": true
                    }]
				}
			}
		}
	}
}

3. The problem I’m having:

catch-all route previously worked in caddy 2.0.0 and now doesn`t.

4. Error messages and/or full log output:

2020/07/13 13:44:27 http: TLS handshake error from 127.0.0.1:37142: EOF

5. What I already tried:

I tried changing the route block from :

{
                        "group": "grupo1",
                        "handle": [{
                            "handler": "encode",
                            "encodings": {
                            "gzip": {},
                            "zstd": {}
                            }
                        },
                        {
                            "handler": "reverse_proxy",
                            "upstreams": [{
                                "dial": "172.31.4.60:80"
                            }]
                        }],
                        "terminal": true
                    }

to

{
                        "group": "grupo1",
                        "match": [{
                            "host": ["*"]
                        }],
                        "handle": [{
                            "handler": "encode",
                            "encodings": {
                            "gzip": {},
                            "zstd": {}
                            }
                        },
                        {
                            "handler": "reverse_proxy",
                            "upstreams": [{
                                "dial": "172.31.4.60:80"
                            }]
                        }],
                        "terminal": true
                    }

Neither way works

6. Links to relevant resources:

Sebastian_Perez · July 13, 2020, 6:20pm

@francislavoie @matt I dont find in the new docs how to do this in 2.1.1 can you give me hand with this please?

matt · July 13, 2020, 9:37pm

Can you start by explaining what “Doesn’t work” means, please? That’s like me saying “It works for me”… but that’s obviously not helpful.

Sebastian_Perez · July 14, 2020, 12:58am

Sure @matt thanks ! Im getting this error and a blank page.

This is my caddy-Go log file

2020/07/13 13:43:16 [INFO] Obtaining new certificate for lovefactoryshop.co
2020/07/13 13:43:16 [INFO][lovefactoryshop.co] Obtain certificate; acquiring lock...
2020/07/13 13:43:16 [INFO][lovefactoryshop.co] Obtain: Lock acquired; proceeding...
2020/07/13 13:43:16 [INFO][lovefactoryshop.co] Waiting on rate limiter...
2020/07/13 13:43:16 [INFO][lovefactoryshop.co] Done waiting
2020/07/13 13:43:17 http: TLS handshake error from 127.0.0.1:36914: EOF
2020/07/13 13:43:18 [INFO][lovefactoryshop.co] Served key authentication certificate (TLS-ALPN challenge)
2020/07/13 13:43:18 [INFO][lovefactoryshop.co] Served key authentication certificate (TLS-ALPN challenge)
2020/07/13 13:43:18 [INFO][lovefactoryshop.co] Served key authentication certificate (TLS-ALPN challenge)
2020/07/13 13:43:18 [INFO][lovefactoryshop.co] Served key authentication certificate (TLS-ALPN challenge)
2020/07/13 13:43:27 [INFO][lovefactoryshop.co] Certificate obtained successfully
2020/07/13 13:43:27 [INFO][lovefactoryshop.co] Obtain: Releasing lock
2020/07/13 13:44:26 [INFO] Obtaining new certificate for www.myshopping.com.co
2020/07/13 13:44:26 [INFO][www.myshopping.com.co] Obtain certificate; acquiring lock...
2020/07/13 13:44:26 [INFO][www.myshopping.com.co] Obtain: Lock acquired; proceeding...
2020/07/13 13:44:26 [INFO][www.myshopping.com.co] Waiting on rate limiter...
2020/07/13 13:44:26 [INFO][www.myshopping.com.co] Done waiting
2020/07/13 13:44:27 http: TLS handshake error from 127.0.0.1:37142: EOF
2020/07/13 13:44:27 [INFO][www.myshopping.com.co] Served key authentication certificate (TLS-ALPN challenge)
2020/07/13 13:44:27 [INFO][www.myshopping.com.co] Served key authentication certificate (TLS-ALPN challenge)
2020/07/13 13:44:27 [INFO][www.myshopping.com.co] Served key authentication certificate (TLS-ALPN challenge)
2020/07/13 13:44:27 [INFO][www.myshopping.com.co] Served key authentication certificate (TLS-ALPN challenge)
2020/07/13 13:44:30 [INFO][www.myshopping.com.co] Certificate obtained successfully
2020/07/13 13:44:30 [INFO][www.myshopping.com.co] Obtain: Releasing lock

Im getting this error just for domains (the last route rule). My subdomains and wildcard subdomains are working as expected.

matt · July 14, 2020, 1:13am

What is the request you’re making (show us a curl command for example)?

Sebastian_Perez · July 14, 2020, 1:25am

I’m just making a GET to the url of a domain pointing to my caddy server 2.1.1

Is there any way to make a more verbose log to find out what is going on?

How can I know for sure if the request is executing this last route or not ?

system · August 12, 2020, 2:04pm

This topic was automatically closed after 30 days. New replies are no longer allowed.