Caddy downloading empty file on 404

1. The problem I’m having:

I am purposely creating a broken link, to force a 404. The first time I click on the link I get the custom 404 page. If I click it again, it initiates an empty file download.

2. Error messages and/or full log output:

The logs shows a 404.

3. Caddy version:

Caddy v2.10.0 h1:fonubSaQKF1YANl8TXqGcn4IbIRUDdfAkpcsfI/vX5U=

4. How I installed and ran Caddy:

Just downloaded it from caddyserver.com with caddy.ratelimit, and transform-encoder.

a. System environment:

Ubuntu 22.04.5 LTS, systemd.

b. Command:

I used systemd.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=www-data
Group=www-data
ExecStart=/usr/local/bin/caddy2 run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/local/bin/caddy2 reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

Caddyfile:

netbros.com {
        import tlsheaders
        import encodings
        import cache
        import common netbros.com
        header Access-Control-Allow-Origin *

        root * /var/www/netbros.com
        file_server

        file_server {
                hide 404.html
        }

        handle_errors {
                @404 {
                        expression {http.error.status_code} == 404
                }
                rewrite @404 /404.html
                file_server
        }

        tls {
                protocols tls1.2
                curves secp384r1
        }
}
(cache) {
        @assets {
                path *.jpg *.png *.svg *.gif *.pdf *.js *.woff2 *.mp4
        }
        @content {
                not {
                        path *.jpg *.png *.svg *.gif *.pdf *.js *.woff2 *.mp4
                }
        }
        header @assets cache-control max-age=31536000
        header @content cache-control max-age=0
}
(tlsheaders) {
                header Strict-Transport-Security "max-age=31536000"
                header X-XSS-Protection "1; mode=block"
                header X-Content-Type-Options "nosniff"
                header X-Frame-Options "SAMEORIGIN"
                header -Server
}
(encodings) {
                encode zstd gzip
}
(common) {
        # Log requests in common log format, each host with their own file.
        # This will permit easier parsing with fail2ban.
        log {
        format transform `{request>remote_ip} - {user_id} [{ts}] "{request>method} {request>uri} {request>proto}" {status} {size} "{request>headers>Referer>[0]}" "{request>headers>User-Agent>[0]}"` {
                time_format "02/Jan/2006:15:04:05 -0700"
        }
                output file /var/log/caddy/{args[0]}.log {
                        roll_keep_for 30d
                }
        }
}