1. My Caddy version (caddy -version): Caddy v1.0.4
2. How I run Caddy:
sudo service caddy start
a. System environment:
Ubuntu 18.04
d. My complete Caddyfile:
bastion-mydomain.com {
root /var/www/
log /var/log/caddy_log
forwardproxy {
basicauth boss G8H!a6i*T2h)
ports 443
response_timeout 30
dial_timeout 30
}
}
Proxy.pac:
function FindProxyForURL(url, host)
{
var myServers = ['server1.com', 'server2.com', etc...];
if (myServers.indexOf(host) >= 0){
return "HTTPS bastion-us.bossinsights.com:443";
}else{
return "DIRECT";
}
}
- The problem I’m having:
Im using Caddy as a forward proxy, which links to a proxy.pac file as seen above, everything works fine when i try using it to access our internal network, but for some reason everytime anyone uses caddy it fills the syslog with the exact same message:
Feb 6 16:45:52 ip-1xx-xx-xx-xxx caddy[10498]: 2020/02/06 16:45:52 http: TLS handshake error from 141.xxx.xxx.xx:42995: tls: first record does not look like a TLS handshake
and the only difference in the messages is the port number eg: [42995] and there’s like a billion requests per second!
The thing is im trying to use fail2ban to ban ip’s which try to get unauthorized access to the servers but with all these error msgs fail2ban will think everyone is a hacker! and plus my syslog file is getting REALLY BIG!
Why is Caddy doing this and how can i stop it from happening, it seems that it thinks that all the requests from the ip that’s using it is supposed to go thru HTTPS when its only supposed to serve HTTPS proxy ONLY if the host/url match any of our internal servers, eg: “server1.com”, etc…
Any help or guidance is greatly appreciated!