Hey guys. I’m having a bit of a problem with Caddy.
When I try to connect to our site, blissroms.com, the browser (Chrome) gives a ERR_TOO_MANY_REDIRECTS error. When I check the logs:
2017/08/03 15:06:00 http: TLS handshake error from xxx.xx.xx.xxx:5187: EOF
The IP address has been removed to protect privacy. Basically this keeps repeating over and over.What is interesting is that this only happens on our main website. Our h5ai installation, which lives at downloads.blissroms.com, works perfectly fine.
Here is the configuration.
blissroms.com www.blissroms.com {
tls someemail@gmail.com
root ./BlissRoms
log ./storage/logs/caddy-access.log {
rotate_size 50 # Rotate after 50MB
rotate_age 30 # Keep rotated files for 30 days
rotate_keep 5 # Keep at most 5 log files
rotate_compress # Compresses old logs
}
errors ./storage/logs/caddy-error.log {
rotate_size 50 # Rotate after 50MB
rotate_age 30 # Keep rotated files for 30 days
rotate_keep 5 # Keep at most 5 log files
rotate_compress # Compresses old logs
}
rewrite / {
to {path}/index.html
}
}
It’s a static website, so I don’t know what is happening. Any ideas?
I also tried to {dir}/index.html in rewrite. It didn’t work.
As far as I know, we’re not using any Cloudflare based solutions, any fancy DNS stuff. It’s just a simple A record.
Also, the site has been working before. I updated Caddy to the latest version and this happened. Unfortunately I will never know what version it was on before.
It’s your rewrite line. The static file server wants to canonicalize /index.html to /, so the redirect happens, but you keep rewriting it to the non-canonical version. This is a bug we fixed in a recent version of Caddy. Simply remove the rewrite and it will work.
I’m using Abiosoft’s Caddy-docker, in case you’re wondering what the heck I’m using.
Even though the rewrite thing fixed the site for now, the logs still show a lot of TLS handshake errors. Is that normal? I keep getting EOF and client offered an unsupported tls version of 301 in the logs. Any ideas? Thanks.
Not an uncommon problem. Your (outdated?) client is trying to connect with TLS1.0, which is not supported by default for security reasons. The default minimum is TLS1.1, but you can change that with the tls directive.
OK, but why is the download page messed up? It worked before the upgrade.
Now the page is like the browser I’m using isn’t a modern browser, that JavaScript isn’t enabled? What is going on?
You can check it out here… not sure what’s going on though.
Well, I reinstalled _h5ai, and there is no difference. Here’s the configuration.
downloads.blissroms.com {
tls somerandomemail@gmail.com
root ./h5ai
log ./storage/logs/caddy-access.log {
rotate_size 50 # Rotate after 50MB
rotate_age 30 # Keep rotated files for 30 days
rotate_keep 5 # Keep at most 5 log files
rotate_compress # Compresses old logs
}
errors ./storage/logs/caddy-error.log {
rotate_size 50 # Rotate after 50MB
rotate_age 30 # Keep rotated files for 30 days
rotate_keep 5 # Keep at most 5 log files
rotate_compress # Compresses old logs
}
startup php-fpm7
fastcgi / 127.0.0.1:9000 php
rewrite / {
to {dir}/index.html {dir}/index.php /_h5ai/public/index.php
}
}
I can’t make heads or tails out of this one. I’m thinking Caddy is somehow serving it improperly. I’m not blaming anyone, just saying it’s the only result, because the h5ai files were untouched. Only Caddy was updated to the latest version.
Remember how you should remove the rewrites to /index.html (index files) because they contradict the file server? I dunno if that’s the problem but it might help.