Caddy + Bluemap : a lot of error 522/500

Kraoc · December 11, 2022, 5:32pm

1. Output of `caddy version`:

v2.6.2

2. How I run Caddy:

Proxmox / VM Debian 11 / Docker+Portainer

a. System environment:

b. Command:

Paste command here.

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. -->

d. My complete Caddy config:

# 2022-12-11

(logs) {
	log {
		level error
	}
}
(debug) {
	debug
	log {
		level debug
	}
}

(redis) {
	redis {
		url 192.168.50.202:6379
	}
}

(olric) {
	olric {
		url olric:3320
	}
}

(souin) {
	allowed_http_verbs GET POST PATCH

	api {
		souin {
			security
		}
	}

	cdn {
		api_key {env.CF_DNS_API_TOKEN}
		dynamic true
		email {env.CF_API_EMAIL}
		hostname zogg.fr
		provider cloudflare
		strategy soft
	}

	headers Content-Type Authorization

	#log_level debug
	log_level error

	#import redis
	import olric

	default_cache_control no-store
}

(cache) {
	order cache before rewrite
	cache {
		import souin
	}
}

(cloudflareTrustedProxies) {
	trusted_proxies 10.0.0.0/8 172.16.0.0/16 192.168.0.0/16 fc00::/7 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22
}
(cloudflare) {
	tls {
		dns cloudflare {env.CF_DNS_API_TOKEN}
		resolvers 1.1.1.1 1.0.0.1
	}

	header {
		Host {upstream_hostport}

		X-Forwarded-Proto {scheme}
		X-Forwarded-For {host}

		defer
	}
}

(reverseProxy) {
	import cloudflareTrustedProxies

	import keepalive

	header_up Cache-Control "public,max-age=86400,s-maxage=86400,max-stale=3600,stale-while-revalidate=86400,stale-if-error=86400"
	header_down Cache-Control "public,max-age=86400,s-maxage=86400,max-stale=3600,stale-while-revalidate=86400,stale-if-error=86400"

	header_down X-Powered-By "Zogg"

	header_up Host {host}
	header_down Host {host}

	header_up X-Real-IP {host}
	header_down X-Real-IP {host}

	header_up X-Forwarded-For {host}
	header_down X-Forwarded-For {host}

	header_up Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss: https:"
	header_down Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss: https:"

	header_down -Via
	header_down -X-Varnish
	header_down -X-Url
	header_down -Link
	header_down -X-Host
}

(headersGlobal) {
	X-Powered-By "Zogg"
	
	Host {host}
	X-Real-IP {host}
	X-Forwarded-For {host}
	
	-Server
	-Via
}

(headersSecurity) {
	Referrer-Policy "strict-origin-when-cross-origin"

	Strict-Transport-Security "max-age=31536000;includeSubDomains;preload"
	X-Permitted-Cross-Domain-Policies: "none"

	X-Content-Type-Options "nosniff"

	X-Frame-Options "SAMEORIGIN"

	X-XSS-Protection 0

	Permissions-Policy "fullscreen=(*),display-capture=(self),accelerometer=(),battery=(),camera=(),autoplay=(self),vibrate=(self),geolocation=(self),midi=(self),notifications=(*),push=(*),microphone=(self),magnetometer=(self),gyroscope=(self),payment=(self)"

	Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss: https:"
}

(headersRobots) {
	X-Robots-Tag "none,noarchive,nosnippet,notranslate,noimageindex"
}

(headersCaching) {
	Cache-Control "public,max-age=86400,s-maxage=86400,max-stale=3600,stale-while-revalidate=86400,stale-if-error=86400"
}

(keepalive) {
	transport http {
		resolvers 192.168.50.202
		#keepalive_idle_conns 512
		#keepalive_idle_conns_per_host 256
	}
}

(common) {
	encode zstd gzip
	header {
		import headersGlobal
		import headersRobots
		import headersCaching
		import headersSecurity
		defer
	}
}

(pterodadctyl) {
	encode zstd gzip
	header {
		import headersGlobal
		import headersRobots
		Sec-Fetch-Site "cross-site"
		X-Forwarded-Proto "https"
		Access-Control-Allow-Headers "*,Authorization"
		defer
	}
}

{
	import cache
	
	import logs
	#import debug

	admin off

	acme_dns cloudflare {env.CF_DNS_API_TOKEN}
	email {env.CF_API_EMAIL}
}

import /etc/caddy/conf/entries

And the relevant entry:

# 2022-12-11

@maps-clemambpap host maps-clemambpap.zogg.fr
handle @maps-clemambpap {
	import common
	cache
	reverse_proxy 192.168.50.203:27061 {
	#reverse_proxy 192.168.50.202:1080 {
		import reverseProxy
	}
}

3. The problem I’m having:

Browsing this while http is flawless.
When I switch to https I run into error 522/500 for most of calls.

4. Error messages and/or full log output:

Paste logs/commands/output here.
USE THE PREVIEW PANE TO MAKE SURE IT LOOKS NICELY FORMATTED.

5. What I already tried:

… browsing in local http mode…

6. Links to relevant resources:

Bluemap: BlueMap - Minecraft Mod and plugin

francislavoie · December 12, 2022, 4:50am

As with your other topic, I’m not seeing a problem with Caddy here. There’s not enough detail in the post to have any evidence of a problem.

Kraoc · December 12, 2022, 7:25am

Well I’ll try to clarify.

If I go to https://maps-clemambpap.zogg.fr, I get full of 522 or 500.
If I browse locally (without https and without Caddy) it display without errors.

I think that adding an https layer do something ‘bad’ and maybe there is a need of tuning for Caddy ?

This software display a ‘game map’ and each part of the map is a tile which is loaded/displayed by a call to the server. So that’s why there is many many calls between the browser and the server.

And maybe (I don’t really know) this is to much for handling https/tls from Caddy and I can tune something ?

francislavoie · December 12, 2022, 8:53am

Pretty much everything in this makes no sense, frankly.

You should not use both header_up and header_down for every header. That doesn’t make sense. HTTP headers usually only either make sense in a request, or in a response, and not both.

I’ve mentioned in another topic that Caddy sets proxy headers appropriately by default, so if you override those, it can break things.

Either way, those status codes are coming from the upstream app, not from Caddy. I can’t tell you what’s going on there, we can’t provide support for other software.

Kraoc · December 12, 2022, 1:43pm

You are right! I simplified my caddyfile (but I kept trusted_proxies)
Let say that this is a noob error…
My apologies!

Kraoc · December 12, 2022, 6:38pm

I am an old man who tends to prefer to manage his own way.
But I have to admit that the default setup of Caddy works perfectly.

system · January 10, 2023, 5:33pm

This topic was automatically closed after 30 days. New replies are no longer allowed.