1. The problem I’m having:
For some reason, after adding NTLM plugin (may or may not be related) caddy hangs after I call /load
config API (with or without must-revalidate)
This I have only experienced in production servers (not reproducible in dev).
I initially thought it might have something to do with the number of TCP connections so I set grace period to 1s but to no avail.
Steps to reproduce (in my setup)
/load
just the certificates when server starts- Once server gets the applications from backend it’ll POST
localhost:2019/config/apps/http/servers/srv0/routes/...
- (Runs fine for sometime, users start accessing, debug logs show many connections)
- After X minutes server sends list of new applications again.
- Then I “reload” the server by performing steps 1 and 2
- But when I load the empty config (see d below) the
/config/
API stops responding so I cannot add applications in step 2, causing a downtime in production - Only way I fix it right now is have a script which will monitor
/config/
API and if that does not respond kill caddy and start again
2. Error messages and/or full log output:
{"level":"debug","ts":1713409248.0986166,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":false}
{"level":"info","ts":1713409248.099862,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1"]}
{"level":"debug","ts":1713409248.1021903,"logger":"http","msg":"[Stop] Stop gracefully shuts down HTTP Server"}
{"level":"info","ts":1713409248.102396,"logger":"http","msg":"servers shutting down; grace period initiated","duration":1}
{"level":"debug","ts":1713409248.1028795,"logger":"http","msg":"[Stop][app.Servers] Inside the for loop"}
{"level":"debug","ts":1713409248.1029367,"logger":"http","msg":"before startedShutdown.Wait()"}
{"level":"debug","ts":1713409248.1029773,"logger":"http","msg":"[App][Stop] Inside stopServer routine"}
{"level":"debug","ts":1713409248.1041775,"logger":"http","msg":"after startedShutdown.Wait()"}
{"level":"debug","ts":1713409248.1046526,"logger":"http","msg":"after caddy.Exiting() finishedShutdown.Wait()"}
{"level":"debug","ts":1713409248.1050546,"logger":"http","msg":"all servers stop hooks called."}
{"level":"debug","ts":1713409255.2162657,"logger":"events","msg":"event","name":"tls_get_certificate","id":"a7143d90-0910-4f26-b190-fdf3e9d711db","origin":"tls","data":{"client_hello":{"CipherSuites":[6682,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"621de2378fb0100001b01e9a.SLUG-48.gw.app.DOMAIN.io","SupportedCurves":[2570,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[6682,772,771],"RemoteAddr":{"IP":"106.195.2.171","Port":42990,"Zone":""},"LocalAddr":{"IP":"10.33.186.156","Port":443,"Zone":""}}}}
{"level":"debug","ts":1713409255.216553,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"621de2378fb0100001b01e9a.SLUG-48.gw.app.DOMAIN.io"}
{"level":"debug","ts":1713409255.2165728,"logger":"tls.handshake","msg":"choosing certificate","identifier":"*.SLUG-48.gw.app.DOMAIN.io","num_choices":1}
{"level":"debug","ts":1713409255.2165983,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"*.SLUG-48.gw.app.DOMAIN.io","subjects":["SLUG-48.gw.app.DOMAIN.io","*.SLUG-48.gw.app.DOMAIN.io"],"managed":false,"issuer_key":"","hash":"504822b710543addb05d07478e425e274bc1ce6e9f19bd0e54770258cad2820e"}
{"level":"debug","ts":1713409255.2166154,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"106.195.2.171","remote_port":"42990","subjects":["SLUG-48.gw.app.DOMAIN.io","*.SLUG-48.gw.app.DOMAIN.io"],"managed":false,"expiration":1719727084,"hash":"504822b710543addb05d07478e425e274bc1ce6e9f19bd0e54770258cad2820e"}
3. Caddy version:
Master as of April 18th, 2024 (2.7.6 release + any commits after that)
4. How I installed and ran Caddy:
a. System environment:
Ubuntu
b. Command:
./caddy start
c. Service/unit/compose file:
d. My complete Caddy config:
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"protocols": [
"h1"
],
"routes": null,
"tls_connection_policies": [
{
"match": {
"sni": [
"*.SLUG-48.gw.app.DOMAIN.io"
]
}
},
{}
],
"automatic_https": {
"disable": true
}
}
},
"grace_period": 1000000000
},
"tls": {
"certificates": {
"load_files": [
{
"certificate": "/opt/sdpgw/letsencrypt/fullchain.pem",
"key": "/opt/sdpgw/letsencrypt/privatekey.pem"
}
]
}
}
},
"logging": {
"sink": {
"writer": {
"output": "file",
"filename": "/opt/instasafe/caddy.logs",
"roll": true,
"roll_size_mb": 100,
"roll_keep": 10,
"roll_keep_days": 7
}
},
"logs": {
"Empty": {
"writer": {
"output": "file",
"filename": "/opt/instasafe/caddy.logs",
"roll": true,
"roll_size_mb": 100,
"roll_keep": 10,
"roll_keep_days": 7
},
"level": "DEBUG"
}
}
}
}