Caddy died tonight and I don't understand why


(mathias) #1

Hello,

Tonight my production instance went down, for the first time in 13 months (since I use Caddy daily in fact), can you help me understand why?

Here is the logs:

Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: panic: runtime error: invalid memory address or nil pointer dereference
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x475231]
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: goroutine 896670 [running]:
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: bufio.(*Writer).Available(...)
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: #011/usr/local/go/src/bufio/bufio.go:590
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: bufio.(*Writer).WriteString(0x0, 0xb9345b, 0x19, 0xc420424c30, 0x9, 0xb8d81d)
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: #011/usr/local/go/src/bufio/bufio.go:671 +0x71
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: net/http.(*expectContinueReader).Read(0xc4203e9800, 0xc4207ca000, 0x1000, 0x1000, 0xc420e768c8, 0xb33220, 0xc420cc2800)
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: #011/usr/local/go/src/net/http/server.go:867 +0x15e
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: io.(*teeReader).Read(0xc4203e98c0, 0xc4207ca000, 0x1000, 0x1000, 0xc420867d00, 0x3, 0x3)
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: #011/usr/local/go/src/io/io.go:533 +0x55
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: net/http.transferBodyReader.Read(0xc4202ab220, 0xc4207ca000, 0x1000, 0x1000, 0xadcac0, 0xc42001c001, 0x0)
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: #011/usr/local/go/src/net/http/transfer.go:60 +0x56
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: io.(*LimitedReader).Read(0xc4203b8320, 0xc4207ca000, 0x1000, 0x1000, 0x0, 0xc420867c00, 0x3)
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: #011/usr/local/go/src/io/io.go:446 +0x63
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: bufio.(*Writer).ReadFrom(0xc4214a4fc0, 0xc10b40, 0xc4203b8320, 0x7f25c146a100, 0xc4214a4fc0, 0xc420fbd401)
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: #011/usr/local/go/src/bufio/bufio.go:703 +0xcd
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: io.copyBuffer(0xc0ff20, 0xc4214a4fc0, 0xc10b40, 0xc4203b8320, 0x0, 0x0, 0x0, 0xae6f20, 0xc420d07001, 0xc4203b8320)
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: #011/usr/local/go/src/io/io.go:386 +0x31a
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: io.Copy(0xc0ff20, 0xc4214a4fc0, 0xc10b40, 0xc4203b8320, 0xc420867c2f, 0x0, 0x0)
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: #011/usr/local/go/src/io/io.go:362 +0x5a
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: net/http.(*transferWriter).WriteBody(0xc4202ab220, 0xc0ff20, 0xc4214a4fc0, 0x2, 0x2)
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: #011/usr/local/go/src/net/http/transfer.go:337 +0x5fa
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: net/http.(*Request).write(0xc420751d00, 0xc0ff20, 0xc4214a4fc0, 0x0, 0xc420d62f90, 0xc4203e9980, 0x0, 0x0)
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: #011/usr/local/go/src/net/http/request.go:622 +0x6b2
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: net/http.(*persistConn).writeLoop(0xc420235200)
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: #011/usr/local/go/src/net/http/transport.go:1825 +0x1ea
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: created by net/http.(*Transport).dialConn
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 caddy[9702]: #011/usr/local/go/src/net/http/transport.go:1238 +0x97f
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 systemd[1]: caddy.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Jun  4 00:38:36 ubuntu-32gb-nbg1-1 systemd[1]: caddy.service: Failed with result 'exit-code'.

FYI I activated telemetry yesterday evening, maybe it’s related?

Thanks in advance,


(Matt Holt) #2

What is your (entire, unedited) Caddyfile? How did you run Caddy?


(mathias) #3

Hello,

Here my Caddyfile:

~ # cat /etc/caddy/Caddyfile 
import /etc/caddy/vhosts/*

As mentioned on an other thread, I run Caddy using the following guide: https://github.com/mholt/caddy/tree/master/dist/init/linux-systemd

So here is my service file:

~ # cat /etc/systemd/system/caddy.service 
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network.service

[Service]
Restart=on-abnormal

; User and group the process will run as.
User=caddy
Group=caddy
;
; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy
;
; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID
;
; Use graceful shutdown with a reasonable timeout
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s
;
; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
LimitNOFILE=1048576
; Unmodified caddy is not expected to use more than that.
; LimitNPROC=512
;
; Use private /tmp and /var/tmp, which are discarded after caddy stops.
PrivateTmp=true
; Use a minimal /dev
PrivateDevices=true
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
ProtectHome=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
;   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
ReadWriteDirectories=/etc/ssl/caddy
;
; The following additional security directives only work with systemd v229 or later.
; They further retrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
;
[Install]
WantedBy=multi-user.target

I don’t think it’s related to my config files, but I hope it helps.
Regards,


(Matt Holt) #4

Can you please share all the Caddyfiles that were imported? Also which version are you using?


(mathias) #5

Okay,

Here is the version used:

~ # caddy --version
Caddy 0.11.0 (non-commercial use only)

And the vhosts linked:

~ # cat /etc/caddy/vhosts/*
i.love.caddy {
    proxy / xxx.xxx.xxx.xxx:8065 {
        transparent
	websocket
    }

    errors /var/log/caddy/i.love.caddy.log {
        rotate_age 30
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	X-Download-Options "noopen"
	# Forbid cross-domain special policies
	X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	#Content-Security-Policy "default-src 'self' *.unixcorn.org"
	# Specify strict referrer
	Referrer-Policy "strict-origin"
   }
}
1i.love.caddy {
    proxy / xxx.xxx.xxx.xxx {
    	transparent
    }

    errors /var/log/caddy/1i.love.caddy.log {
        rotate_age 30
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	X-Download-Options "noopen"
	# Forbid cross-domain special policies
	X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	#Content-Security-Policy "default-src 'self' *.unixcorn.org"
	# Specify strict referrer
	Referrer-Policy "strict-origin"
   }
}
2i.love.caddy {
    proxy / xxx.xxx.xxx.xxx {
	transparent
    }

    errors /var/log/caddy/2i.love.caddy.log {
        rotate_age 30
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	X-Download-Options "noopen"
	# Forbid cross-domain special policies
	X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	#Content-Security-Policy "default-src 'self' *.unixcorn.org"
	# Specify strict referrer
	Referrer-Policy "strict-origin"
   }
}
3i.love.caddy {
    proxy / xxx.xxx.xxx.xxx {
        transparent
    }

    errors /var/log/caddy/3i.love.caddy.log {
        rotate_age 30
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	X-Download-Options "noopen"
	# Forbid cross-domain special policies
	X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	#Content-Security-Policy "default-src 'self' *.unixcorn.org"
	# Specify strict referrer
	Referrer-Policy "strict-origin"
   }
}
4i.love.caddy {
    proxy / xxx.xxx.xxx.xxx {
	transparent
    }

    errors /var/log/caddy/4i.love.caddy.log {
        rotate_age 30
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	X-Download-Options "noopen"
	# Forbid cross-domain special policies
	X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	#Content-Security-Policy "default-src 'self' *.unixcorn.org"
	# Specify strict referrer
	Referrer-Policy "strict-origin"
   }
}
5i.love.caddy {
    proxy / xxx.xxx.xxx.xxx {
	transparent
    }

    errors /var/log/caddy/5i.love.caddy.log {
        rotate_age 30
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	X-Download-Options "noopen"
	# Forbid cross-domain special policies
	X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	Content-Security-Policy "default-src 'self' unixcorn.org"
	# Specify strict referrer
	Referrer-Policy "strict-origin"
   }
}
6i.love.caddy {
    proxy / xxx.xxx.xxx.xxx:3000 {
        transparent
	websocket
    }

    errors /var/log/caddy/6i.love.caddy.log {
        rotate_age 30
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	#X-Download-Options "noopen"
	# Forbid cross-domain special policies
	#X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	#Content-Security-Policy "default-src 'self' *.unixcorn.org"
	# Specify strict referrer
	#Referrer-Policy "strict-origin"
   }
}
7i.love.caddy {
    proxy / xxx.xxx.xxx.xxx {
	transparent
    }

    errors /var/log/caddy/7i.love.caddy.log {
        rotate_age 30
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	X-Download-Options "noopen"
	# Forbid cross-domain special policies
	X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	#Content-Security-Policy "default-src 'self' *.unixcorn.org"
	# Specify strict referrer
	Referrer-Policy "strict-origin"
   }
}
8i.love.caddy {
    proxy / xxx.xxx.xxx.xxx {
	transparent
    }

    errors /var/log/caddy/8i.love.caddy.log {
        rotate_age 30
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	X-Download-Options "noopen"
	# Forbid cross-domain special policies
	X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	#Content-Security-Policy "default-src 'self' *.unixcorn.org"
	# Specify strict referrer
	Referrer-Policy "strict-origin"
   }
}
love.caddy {
    proxy / xxx.xxx.xxx.xxx {
	transparent
    }

    errors /var/log/caddy/love.caddy.log {
        rotate_age 30
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	X-Download-Options "noopen"
	# Forbid cross-domain special policies
	X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	Content-Security-Policy "default-src 'self' unixcorn.org"
	# Specify strict referrer
	Referrer-Policy "strict-origin"
   }
}
hate.caddy {
    proxy / xxx.xxx.xxx.xxx {
	transparent
	websocket
    }

    errors /var/log/caddy/hate.caddy.log {
        rotate_age 30
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	X-Download-Options "noopen"
	# Forbid cross-domain special policies
	X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	#Content-Security-Policy "default-src 'self' *.unixcorn.org"
	# Specify strict referrer
	Referrer-Policy "strict-origin"
   }
}
www.love.caddy {
    redir 301 {
	/  https://love.caddy/{uri}
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	X-Download-Options "noopen"
	# Forbid cross-domain special policies
	X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	#Content-Security-Policy "default-src 'self' *.unixcorn.org"
	# Specify strict referrer
	Referrer-Policy "strict-origin"
   }
}
www.hate.caddy {
    redir 301 {
	/  https://hate.caddy/{uri}
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	X-Download-Options "noopen"
	# Forbid cross-domain special policies
	X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	#Content-Security-Policy "default-src 'self' *.unixcorn.org"
	# Specify strict referrer
	Referrer-Policy "strict-origin"
   }
}
9i.love.caddy {
    proxy / xxx.xxx.xxx.xxx {
	transparent
    }

    errors /var/log/caddy/9i.love.caddy.log {
        rotate_age 30
    }

    tls blah@blah.blah {
	must_staple
    }

    header / {
	# Enable HTTP Strict Transport Security (HSTS) to force clients to always
	# connect via HTTPS (do not use if only testing)
	Strict-Transport-Security "max-age=31536000;"
	# Enable cross-site filter (XSS) and tell browser to block detected attacks
	X-XSS-Protection "1; mode=block"
	# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
	X-Content-Type-Options "nosniff"
	# Disallow the site to be rendered within a frame (clickjacking protection)
	X-Frame-Options "SAMEORIGIN"
	# Forbid robots
	X-Robots-Tag "none"
	# Forbid unattended download
	X-Download-Options "noopen"
	# Forbid cross-domain special policies
	X-Permitted-Cross-Domain-Policies "none"
	# Setup proper Content Security Policy (CSP)
	#Content-Security-Policy "default-src 'self' *.unixcorn.org"
	# Specify strict referrer
	Referrer-Policy "strict-origin"
   }
}

Thanks,


(Matt Holt) #6

Thanks. This is strange, since the panic looks to be exclusively from within the Go standard library – not even in Caddy’s code base.

Have you been able to reproduce this?


(mathias) #7

Okay, FYI I’m running a very standard Ubuntu 18.04 4.15.0-22-generic.

No, I think I’ll need to wait for it to happen again… :confused:


(Matt Holt) #8

Hmm. Keep me posted.

If it was anything to do with telemetry, it wasn’t something that got logged on our end. Very peculiar, indeed…


(mathias) #9

OK, I will!

Thank,