Caddy-Gen V2 partially functioning

remyricardo · September 16, 2020, 2:51am

Hi Folks,

My Setup
Ubuntu 20.04, Docker and Docker Compose

Problem
We did implement the CADDY-GEN solution and ran into a strange situation. We are running 3 Apps and only one resolves OK and the pages are rendered but the other 2 the certificates are fine for all three verified but no rendering ERROR 502

Here the config and the Caddyfile as copied from the operational Container CADDY-GEN

.domain.com {
tls subs@xxxxxx.com
reverse_proxy {
lb_policy round_robin
to 172.25.0.2:8091
}
encode zstd gzip
log {
output stdout
}
}
erp.domain.com {
tls subs@domain.pro
reverse_proxy {
lb_policy round_robin
to 172.22.0.3:27073
}
encode zstd gzip
log {
output stdout
}
}
** view.domain.com {** <++++ the only one resolving perfectly
tls subs@domail.com
reverse_proxy {
lb_policy round_robin
to 172.25.0.3:9000
}
encode zstd gzip
log {
output stdout
}
}

If I go to the application with my IP:Port it resolves perfectly, Hence this is full automatic we don’t know how to tweak the configuration. Please HELP!!! Solution used GitHub - wemake-services/caddy-gen: Automated Caddy reverse proxy for docker containers

francislavoie · September 16, 2020, 3:40am

I’d recommend using this plugin instead:

It works by essentially being mapping Docker labels directly to the Caddyfile structure.

Error 502 basically just means Caddy couldn’t contact the upstream server.

You didn’t provide enough information about what’s going on to know why that might be the case with your current setup.

remyricardo · September 17, 2020, 12:22am

Hi,
I did test out your proposed solution in standalone mode and it works fine If you enter all the apps you want to start within one compose file. What about if I need to insert another APP. Do I have to install Docker SWARM ???

francislavoie · September 17, 2020, 12:39am

No need for Swarm. It supports both modes. If you add another container to the network, it’ll detect it and reload Caddy gracefully with the new config.

remyricardo · September 17, 2020, 2:38am

Hi Francis,

The error I receive when I put all the apps in one compose file is the error for Odoo=My App is:
This page isn’t working
subdomain.domain.com is currently unable to handle this request. HTTP ERROR 502
When I run the app in a separate compose file I got an ERR_SSL_PROTOCOL_ERROR
While googling I came across a solution but for Ver1
Refer to this link : Caddy Server Reverse Proxy: How to configure virtual hosts for Odoo | Odoo

Please translate this solution but for the proxy-gen for my current problem.
Thank you for your support,

remyricardo · September 18, 2020, 3:26am

Hi,
I’m Back to basic, I removed the Proxy-Gen solution en tried with the Basic Caddy solution. I checked the solution proposed for Odoo however in conformity with your documentation you don’t need to use either Transparent , Host which are by default enabled in V2 then it rests me NO other choice. Caddy resolves my certificates and for Portainer and Odoo app, however, the error 502 remains. Here my Caddyfile

{
email subs@domain.pro
#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

netview.domain.pro {
reverse_proxy http://192.168.226.54:9000 {
}
header / Strict-Transport-Security “max-age=31536000;”
}

erp.domain.pro {
reverse_proxy http://172.17.0.2:27073 {

    header_up Host {host}
    header_up X-Forwarded-Host {host}
    header_up Strict-Transport-Security “max-age=31536000;”

    }

log {
    output file         access.log
    format single_field common_log
    }
encode gzip

}
}

Here the LOG

to enable TLS",“server_name”:“srv0”,“https_port”:443}

{“level”:“info”,“ts”:1600398503.4172134,“logger”:“http”,“msg”:“enabling automatic HTTP->HTTPS redirects”,“server_name”:“srv0”}

2020/09/18 03:08:23 [INFO][cache:0xc000360960] Started certificate maintenance routine

{“level”:“info”,“ts”:1600398503.4200935,“logger”:“tls”,“msg”:“cleaned up storage units”}

{“level”:“info”,“ts”:1600398503.4203727,“logger”:“http”,“msg”:“enabling automatic TLS certificate management”,“domains”:[“erp.domain.pro”,“netview.domain.pro”]}

{“level”:“info”,“ts”:1600398503.431498,“msg”:“autosaved config”,“file”:"/config/caddy/autosave.json"}

{“level”:“info”,“ts”:1600398503.4316738,“msg”:“serving initial configuration”}

{“level”:“error”,“ts”:1600398529.560008,“logger”:“http.log.error.log0”,“msg”:“dial tcp 172.17.0.2:27073: i/o timeout”,“request”:{“method”:“GET”,“uri”:"/",“proto”:“HTTP/2.0”,“remote_addr”:“181.36.253.68:50457”,“host”:“erp.domain.pro”,“headers”:{“Upgrade-Insecure-Requests”:[“1”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”],“Sec-Fetch-Site”:[“cross-site”],“Sec-Fetch-Mode”:[“navigate”],“Accept-Encoding”:[“gzip, deflate, br”],“Accept-Language”:[“en-US,en;q=0.9”],“Cache-Control”:[“max-age=0”],“User-Agent”:[“Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36”],“Sec-Fetch-User”:["?1"],“Sec-Fetch-Dest”:[“document”]},“tls”:{“resumed”:false,“version”:772,“ciphersuite”:4865,“proto”:“h2”,“proto_mutual”:true,“server_name”:“erp.domain.pro”}},“duration”:10.000787923,“status”:502,“err_id”:“861v01c5r”,“err_trace”:“reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:411)”}

{“level”:“error”,“ts”:1600398542.9394174,“logger”:“http.log.error.log0”,“msg”:“dial tcp 172.17.0.2:27073: i/o timeout”,“request”:{“method”:“GET”,“uri”:"/",“proto”:“HTTP/2.0”,“remote_addr”:“181.36.253.68:50467”,“host”:“erp.domain.pro”,“headers”:{“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”],“Sec-Fetch-Site”:[“none”],“Sec-Fetch-Dest”:[“document”],“User-Agent”:[“Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36”],“Sec-Fetch-Mode”:[“navigate”],“Sec-Fetch-User”:["?1"],“Accept-Encoding”:[“gzip, deflate, br”],“Accept-Language”:[“en-US,en;q=0.9”],“Upgrade-Insecure-Requests”:[“1”]},“tls”:{“resumed”:false,“version”:772,“ciphersuite”:4865,“proto”:“h2”,“proto_mutual”:true,“server_name”:“erp.domain.pro”}},“duration”:10.000625199,“status”:502,“err_id”:“mw4eun558”,“err_trace”:“reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:411)”}

remyricardo · September 18, 2020, 3:55am

Did some changes to the Caddyfile and the error 502 is Gone but I receive a blank page. Below the new Caddyfile
Screen Shot 2020-09-17 at 11.53.03 PM

francislavoie · September 18, 2020, 4:14am

Please use the caddy fmt command to clean up your Caddyfile, it’s very hard to follow because of mixed indentation.

My guess for your current issue is that you’re misusing path matching – it’s exact-match in Caddy v2, use the * suffix for doing path prefix matching:

system · October 16, 2020, 2:51am

This topic was automatically closed after 30 days. New replies are no longer allowed.