Caddy 2.1 and WordPress cache bypass help

nicolinux · June 27, 2020, 12:51pm

It’s a follow-up to this now-closed topic :

Since updating to Caddy 2.1, this configuration no longer works :

{
	email nicolinux@gmail.com
	experimental_http3
}

www.voiretmanger.fr,
blog.voiretmanger.fr,
nicolasfurno.fr,
www.nicolasfurno.fr,
blog.nicolasfurno.fr,
nicolinux.fr,
blog.nicolinux.fr,
www.nicolinux.fr,
nicoflo.fr,
www.nicoflo.fr {
	redir https://voiretmanger.fr{uri}/
}

(static) {
	@static {
		file
		path *.ico *.css *.js *.gif *.jpg *.jpeg *.png *.svg *.woff *.json
	}
	header @static Cache-Control max-age=5184000
}

(security) {
	header {
		# enable HSTS
		Strict-Transport-Security max-age=31536000;
		# disable clients from sniffing the media type
		X-Content-Type-Options nosniff
		# keep referrer data off of HTTP connections
		Referrer-Policy no-referrer-when-downgrade
	}
}


voiretmanger.fr {
	root * /var/www/voiretmanger.fr
	encode zstd gzip
	file_server
	import static
	import security
	log {
		output file /var/log/caddy/voiretmanger.fr.access.log
	}

	# Redirect personnels
	redir /a-propos/publicite /soutien
	redir /archives/carte-des-restaurants /a-manger

	@cache {
		not header_regexp Cookie "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in"
		not path_regexp "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(index)?.xml|[a-z0-9-]+-sitemap([0-9]+)?.xml)"
		not method POST
		not expression {query} != ''
    }

    route @cache {
        try_files /wp-content/cache/cache-enabler/{host}{uri}/index.html {path} {path}/index.php?{query}
    }
    php_fastcgi unix//run/php/php7.4-fpm-caddy.sock
}

dev.voiretmanger.fr {
	root * /var/www/dev.voiretmanger.fr/public
	encode zstd gzip
	file_server
	import static
	import security
	log {
		output file /var/log/caddy/dev.voiretmanger.fr.access.log
	}
    php_fastcgi unix//run/php/php7.4-fpm-caddy.sock
}


dev2.voiretmanger.fr {
	root * /var/www/dev2.voiretmanger.fr
	encode zstd gzip
	file_server
	import static
	import security
	log {
		output file /var/log/caddy/dev2.voiretmanger.fr.access.log
	}
    php_fastcgi unix//run/php/php7.4-fpm-caddy.sock
}

files.voiretmanger.fr {
	root * /var/www/files.voiretmanger.fr
	encode zstd gzip
	file_server browse
	log {
		output file /var/log/caddy/files.voiretmanger.fr.access.log
	}
	import static
	import security
}

memoire.nicolasfurno.fr {
	root * /var/www/memoire.nicolasfurno.fr
	encode zstd gzip
	file_server
	log {
		output file /var/log/caddy/memoire.nicolasfurno.fr.access.log
	}
	import static
	import security
}

Here is the log when I try to reload Caddy :

Jun 27 14:44:08 voiretmanger systemd[1]: Reloading Caddy.
Jun 27 14:44:08 voiretmanger caddy[214116]: 2020/06/27 14:44:08 WARNING: proto: file "pb.proto" is already registered
Jun 27 14:44:08 voiretmanger caddy[214116]: A future release will panic on registration conflicts. See:
Jun 27 14:44:08 voiretmanger caddy[214116]: https://developers.google.com/protocol-buffers/docs/reference/go/faq#namespace-conflict
Jun 27 14:44:08 voiretmanger caddy[214116]: {"level":"info","ts":1593261848.2882314,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Jun 27 14:44:08 voiretmanger caddy[211207]: {"level":"info","ts":1593261848.2995508,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:57774","headers":{"Accept-Encoding":["gzip"],"Content-Length":["6801"],"Content-Type":["application/json"],"Origin":["localhost:2019"],"User-Agent":["Go-http-client/1.1"]}}
Jun 27 14:44:08 voiretmanger caddy[211207]: {"level":"info","ts":1593261848.304093,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["[::1]:2019","127.0.0.1:2019","localhost:2019"]}
Jun 27 14:44:08 voiretmanger caddy[211207]: {"level":"info","ts":1593261848.3050506,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Jun 27 14:44:08 voiretmanger caddy[211207]: {"level":"info","ts":1593261848.3053396,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Jun 27 14:44:08 voiretmanger caddy[211207]: 2020/06/27 14:44:08 [INFO][cache:0xc00069f680] Started certificate maintenance routine
Jun 27 14:44:08 voiretmanger caddy[211207]: 2020/06/27 14:44:08 proto: don't know how to compare []
Jun 27 14:44:08 voiretmanger caddy[211207]: 2020/06/27 14:44:08 [INFO][cache:0xc00069f680] Stopped certificate maintenance routine
Jun 27 14:44:08 voiretmanger caddy[211207]: {"level":"error","ts":1593261848.3170655,"logger":"admin.api","msg":"request error","error":"loading config: loading new config: loading http app module: provision http: server srv0: setting up route handlers: route 4: loading handler modules: position 0: loading module 'subroute': provision http.handlers.subroute: setting up subroutes: route 6: loading matcher modules: module name 'not': provision http.matchers.not: loading matcher sets: module name 'expression': provision http.matchers.expression: CEL request matcher expects return type of bool, not primitive:BOOL","status_code":400}
Jun 27 14:44:08 voiretmanger caddy[214116]: reload: sending configuration to instance: caddy responded with error: HTTP 400: {"error":"loading config: loading new config: loading http app module: provision http: server srv0: setting up route handlers: route 4: loading handler modules: position 0: loading module 'subroute': provision http.handlers.subroute: setting up subroutes: route 6: loading matcher modules: module name 'not': provision http.matchers.not: loading matcher sets: module name 'expression': provision http.matchers.expression: CEL request matcher expects return type of bool, not primitive:BOOL"}
Jun 27 14:44:08 voiretmanger systemd[1]: caddy.service: Control process exited, code=exited, status=1/FAILURE
Jun 27 14:44:08 voiretmanger systemd[1]: Reload failed for Caddy.
Jun 27 14:44:08 voiretmanger caddy[211207]: {"level":"info","ts":1593261848.813152,"logger":"admin","msg":"stopped previous server"}

If I remove @route part, so these lines from the Caddyfile :

@cache {
		not header_regexp Cookie "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in"
		not path_regexp "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(index)?.xml|[a-z0-9-]+-sitemap([0-9]+)?.xml)"
		not method POST
		not expression {query} != ''
    }

    route @cache {
        try_files /wp-content/cache/cache-enabler/{host}{uri}/index.html {path} {path}/index.php?{query}
    }

The reload works fine. So I guess it’s an issue with the request matcher ?

I have looked again at the request matchers documentation and I don’t see what could be the cause of the problem. Let me know if you need more information to debug this.

Thanks !

Mohammed90 · June 27, 2020, 1:06pm

Hi Nicolas! Can you try the CI build artifacts of PR#3526 (found here) and let me know if it works fine without any error?

nicolinux · June 27, 2020, 1:16pm

I can confirm it works great !

nicolinux · July 1, 2020, 5:58am

And I can confirm Caddy 2.1.1 (also) fixes the issue. It makes sens of course, but anyway, thanks to everyone involved !

system · July 27, 2020, 12:51pm

This topic was automatically closed after 30 days. New replies are no longer allowed.