Caddy does not detect requests to a domain

j4ce · July 29, 2024, 4:54pm

1. The problem I’m having:

Hi, I’m trying to reverse proxy using Caddy, I’ve set up my domain in the Caddyfile but when checking the logs I cannot see anything related to my request, as if Caddy doesn’t even receive it. I’ve tried requesting from both my browser and curl, absolutely no mention of them in the logs. I’m using Cloudflare, proxied mode, an A record is pointed to my server’s IP address.

2. Error messages and/or full log output:

Jul 29 16:40:50 v20709 systemd[1]: Starting Caddy...
Jul 29 16:40:51 v20709 caddy[1752]: caddy.HomeDir=/var/lib/caddy
Jul 29 16:40:51 v20709 caddy[1752]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Jul 29 16:40:51 v20709 caddy[1752]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Jul 29 16:40:51 v20709 caddy[1752]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Jul 29 16:40:51 v20709 caddy[1752]: caddy.Version=v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
Jul 29 16:40:51 v20709 caddy[1752]: runtime.GOOS=linux
Jul 29 16:40:51 v20709 caddy[1752]: runtime.GOARCH=amd64
Jul 29 16:40:51 v20709 caddy[1752]: runtime.Compiler=gc
Jul 29 16:40:51 v20709 caddy[1752]: runtime.NumCPU=4
Jul 29 16:40:51 v20709 caddy[1752]: runtime.GOMAXPROCS=4
Jul 29 16:40:51 v20709 caddy[1752]: runtime.Version=go1.22.3
Jul 29 16:40:51 v20709 caddy[1752]: os.Getwd=/
Jul 29 16:40:51 v20709 caddy[1752]: LANG=C.UTF-8
Jul 29 16:40:51 v20709 caddy[1752]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Jul 29 16:40:51 v20709 caddy[1752]: NOTIFY_SOCKET=/run/systemd/notify
Jul 29 16:40:51 v20709 caddy[1752]: HOME=/var/lib/caddy
Jul 29 16:40:51 v20709 caddy[1752]: LOGNAME=caddy
Jul 29 16:40:51 v20709 caddy[1752]: USER=caddy
Jul 29 16:40:51 v20709 caddy[1752]: INVOCATION_ID=5caf4f6f565843288238397e8b8bfac9
Jul 29 16:40:51 v20709 caddy[1752]: JOURNAL_STREAM=8:17222
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.0793095,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.0816002,"msg":"adapted config to JSON","adapter":"caddyfile"}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.083217,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.0835612,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.0836062,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"debug","ts":1722271251.0836575,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{}]}},"http":{"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"localhost:6969"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"localhost:3000"}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.0837429,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00077c380"}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.0845997,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"debug","ts":1722271251.0849192,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.0849485,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"debug","ts":1722271251.0850174,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.0850337,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.0850434,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["m1.masscoin.xyz","masscoin.xyz"]}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"debug","ts":1722271251.0860136,"logger":"tls.cache","msg":"added certificate to cache","subjects":["m1.masscoin.xyz"],"expiration":1729965351,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"c5e790b8dc0bdd134e49cde17d8f60b630012c9bce1226cfec79838c3b67cda0","cache_size":1,"cache_capacity":10000}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"debug","ts":1722271251.0860877,"logger":"events","msg":"event","name":"cached_managed_cert","id":"65acec04-751b-4bf7-80ea-1e801709774c","origin":"tls","data":{"sans":["m1.masscoin.xyz"]}}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"debug","ts":1722271251.0868843,"logger":"tls.cache","msg":"added certificate to cache","subjects":["masscoin.xyz"],"expiration":1729963166,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"d3dde5368763bd78f31cc9f3dfb410793fce20a3212fa284d0b4cfa87c442c12","cache_size":2,"cache_capacity":10000}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"debug","ts":1722271251.0869498,"logger":"events","msg":"event","name":"cached_managed_cert","id":"b316856f-c822-4107-acfb-25d3e13450d7","origin":"tls","data":{"sans":["masscoin.xyz"]}}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.087501,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.0876515,"msg":"serving initial configuration"}
Jul 29 16:40:51 v20709 systemd[1]: Started Caddy.
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.095408,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"a14c16f4-9336-4a71-88d1-1448c5ea73d1","try_again":1722357651.095402,"try_again_in":86399.999998806}
Jul 29 16:40:51 v20709 caddy[1752]: {"level":"info","ts":1722271251.0955782,"logger":"tls","msg":"finished cleaning storage units"}

3. Caddy version:

v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=

4. How I installed and ran Caddy:

sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https curl
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy

sudo systemctl daemon-reload
sudo systemctl enable --now caddy

a. System environment:

Debian GNU/Linux 11 (bullseye)

Linux 5.10.0-31-cloud-amd64

x86/64

systemd 247 (247.3-7+deb11u5)
+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified

b. Command:

# to start Caddy
sudo systemctl daemon-reload
sudo systemctl enable --now caddy

# to send requests to the server (on windows)
curl -vL masscoin.xyz

c. Service/unit/compose file:

d. My complete Caddy config:

{
        debug
}

masscoin.xyz {
        reverse_proxy localhost:3000
}

m1.masscoin.xyz {
        reverse_proxy {
                to http://localhost:6969
        }
}

5. Links to relevant resources:

francislavoie · July 29, 2024, 5:59pm

Doing a quick request to curl -v https://masscoin.xyz shows that your domain is being served by Cloudflare. The request doesn’t reach Caddy because it’s stuck in a redirect loop.

j4ce · July 29, 2024, 6:02pm

So how could I solve this? I forgot to mention (and my apologies for that) that handling port 80 instead of the domain works, the reverse proxy works like it should in that case.

francislavoie · July 29, 2024, 6:05pm

You have Cloudflare configured incorrectly.

j4ce · July 29, 2024, 6:08pm

I configured it pretty much the same way I always do, an A record pointed towards my server, proxied, force HTTPS and nothing else. Is there anything in particular that I should check for that might be changed unintentionally, like a switch that’s flipped in the wrong direction?

francislavoie · July 29, 2024, 6:13pm

I don’t use Cloudflare, but typically the proxying should be set to Strict, is my understanding.

j4ce · July 29, 2024, 6:15pm

That actually worked perfectly, thank you so much

francislavoie · July 29, 2024, 6:20pm

You have a valid cert now, but keep in mind that you might have trouble later on (in ~60 days assuming you had it issued today) with renewing the cert. Keep an eye on your logs.

You’ll likely need to either turn off Always Use HTTPS · Cloudflare SSL/TLS docs or use the DNS challenge (requires a build of Caddy with the Cloudflare DNS plugin added).

j4ce · July 29, 2024, 6:22pm

Will do, thanks for the heads up

system · August 28, 2024, 6:22pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.