Caddy ends the handshake early

Hey guys. I’m having a bit of a problem with Caddy.

When I try to connect to our site, blissroms.com, the browser (Chrome) gives a ERR_TOO_MANY_REDIRECTS error. When I check the logs:

2017/08/03 15:06:00 http: TLS handshake error from xxx.xx.xx.xxx:5187: EOF

The IP address has been removed to protect privacy. Basically this keeps repeating over and over.What is interesting is that this only happens on our main website. Our h5ai installation, which lives at downloads.blissroms.com, works perfectly fine.

Here is the configuration.

blissroms.com www.blissroms.com {
    tls someemail@gmail.com
    root ./BlissRoms
    log ./storage/logs/caddy-access.log {
        rotate_size 50 # Rotate after 50MB
        rotate_age 30 # Keep rotated files for 30 days
        rotate_keep 5 # Keep at most 5 log files
        rotate_compress # Compresses old logs
    }
    errors ./storage/logs/caddy-error.log {
        rotate_size 50 # Rotate after 50MB
        rotate_age 30 # Keep rotated files for 30 days
        rotate_keep 5 # Keep at most 5 log files
        rotate_compress # Compresses old logs
    }
    rewrite / {
        to {path}/index.html
    }
}

It’s a static website, so I don’t know what is happening. Any ideas?

I also tried to {dir}/index.html in rewrite. It didn’t work.

As far as I know, we’re not using any Cloudflare based solutions, any fancy DNS stuff. It’s just a simple A record.

Also, the site has been working before. I updated Caddy to the latest version and this happened. Unfortunately I will never know what version it was on before.

It’s your rewrite line. The static file server wants to canonicalize /index.html to /, so the redirect happens, but you keep rewriting it to the non-canonical version. This is a bug we fixed in a recent version of Caddy. Simply remove the rewrite and it will work.

1 Like

Thanks, but when is the update coming out?

I also noticed the h5ai install going back to fallback mode. Something about not finding JavaScript.

Also in the logs I see this line:

2017/08/03 22:08:16 [INFO] Blocking Command:"php-fpm7 "

I’m using Abiosoft’s Caddy-docker, in case you’re wondering what the heck I’m using.

Even though the rewrite thing fixed the site for now, the logs still show a lot of TLS handshake errors. Is that normal? I keep getting EOF and client offered an unsupported tls version of 301 in the logs. Any ideas? Thanks.

Not an uncommon problem. Your (outdated?) client is trying to connect with TLS1.0, which is not supported by default for security reasons. The default minimum is TLS1.1, but you can change that with the tls directive.

https://caddyserver.com/docs/tls#protocols

EOF means someone closed the connection.

OK, but why is the download page messed up? It worked before the upgrade.
Now the page is like the browser I’m using isn’t a modern browser, that JavaScript isn’t enabled? What is going on?

You can check it out here… not sure what’s going on though.

downloads.blissroms.com

Thanks.

I dunno, looks like a h5ai (?) problem. Your JS file being downloaded is actually HTML:

<!DOCTYPE html><html class="no-js" lang="en"><head><meta charset="utf-8"><meta http-equiv="x-ua-compatible" content="ie=edge"><title>h5ai info page - v0.29.0</title><meta name="description" content="h5ai info page - v0.29.0"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="shortcut icon" href="/_h5ai/public/images/favicon/favicon-16-32.ico"><link rel="apple-touch-icon-precomposed" type="image/png" href="/_h5ai/public/images/favicon/favicon-152.png"><link rel="stylesheet" href="/_h5ai/public/css/styles.css"><script src="/_h5ai/public/js/scripts.js" data-module="info"></script><link rel="stylesheet" href="//fonts.googleapis.com/css?family=Ubuntu:300,400,700%7CUbuntu+Mono:400,700" class="x-head"><style class="x-head">#root,input,select{font-family:"Ubuntu","Roboto","Helvetica","Arial","sans-serif"!important}pre,code{font-family:"Ubuntu Mono","Monaco","Lucida Sans Typewriter","monospace"!important}</style></head><body class="info" id="root"><div id="fallback-hints"><span class="noJsMsg">Works best with JavaScript enabled!</span><span class="noBrowserMsg">Works best in <a href="http://browsehappy.com">modern browsers</a>!</span><span class="backlink"><a href="https://larsjung.de/h5ai/" title="h5ai v0.29.0 - Modern HTTP web server index.">powered by h5ai</a></span></div><div id="content"><h1 id="header"><a href="https://larsjung.de/h5ai/">h5ai</a></h1></div></body></html><!-- h5ai v0.29.0 - https://larsjung.de/h5ai/ -->

Otherwise the page loads fine for me, no connection errors.

Hrm, might be better if I reinstalled h5ai. Give me a sec…

Well, I reinstalled _h5ai, and there is no difference. Here’s the configuration.

downloads.blissroms.com {
    tls somerandomemail@gmail.com
    root ./h5ai
    log ./storage/logs/caddy-access.log {
        rotate_size 50 # Rotate after 50MB
        rotate_age 30 # Keep rotated files for 30 days
        rotate_keep 5 # Keep at most 5 log files
        rotate_compress # Compresses old logs
    }
    errors ./storage/logs/caddy-error.log {
        rotate_size 50 # Rotate after 50MB
        rotate_age 30 # Keep rotated files for 30 days
        rotate_keep 5 # Keep at most 5 log files
        rotate_compress # Compresses old logs
    }
    startup php-fpm7
    fastcgi / 127.0.0.1:9000 php
    rewrite / {
        to {dir}/index.html {dir}/index.php /_h5ai/public/index.php
    }
}

I can’t make heads or tails out of this one. I’m thinking Caddy is somehow serving it improperly. I’m not blaming anyone, just saying it’s the only result, because the h5ai files were untouched. Only Caddy was updated to the latest version.

Remember how you should remove the rewrites to /index.html (index files) because they contradict the file server? :wink: I dunno if that’s the problem but it might help.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.