Caddy not handling requests when listening on all interfaces serving a hostname mapped to an internal IP

erahhal · November 18, 2024, 7:18am

1. The problem I’m having:

xbrowsersync.rahh.al has a public IP address that points to WAN IP of server, but the domain is overridden with the LAN IP 10.0.0.1 of the server on the internal DNS. If using “bind 10.0.0.1”, it works, but only internally. If not using “bind” directive, it is only accessible externally. Internally, it doesn’t even generate a log.

The goal is to have it working both internally and externally.

The following returns absolutely nothing, no message, no error, nothing when run on the LAN:

curl 'https://xbrowsersync.rahh.al/' \
  -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' \
  -H 'accept-language: en-US,en;q=0.9' \
  -H 'cache-control: no-cache' \
  -H 'pragma: no-cache' \
  -H 'priority: u=0, i' \
  -H 'sec-ch-ua: "Not?A_Brand";v="99", "Chromium";v="130"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Linux"' \
  -H 'sec-fetch-dest: document' \
  -H 'sec-fetch-mode: navigate' \
  -H 'sec-fetch-site: none' \
  -H 'sec-fetch-user: ?1' \
  -H 'upgrade-insecure-requests: 1' \
  -H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36'

2. Error messages and/or full log output:

No error message or log output. There isn’t even a response in the http request, but there is no error in the browser network request.

3. Caddy version:

2.8.4

4. How I installed and ran Caddy:

NixOS:

services.caddy = {
  enable = true;
};

a. System environment:

Systemd 256.7
NixOS Unstable
Intel Xeon CPU

b. Command:

/nix/store/3pnfhhzi28v6mfjz2zr6p0121bqp1dbz-caddy-2.8.4/bin/caddy run --config /etc/caddy/caddy_config --adapter caddyfile

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/nix/store/3pnfhhzi28v6mfjz2zr6p0121bqp1dbz-caddy-2.8.4/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/nix/store/3pnfhhzi28v6mfjz2zr6p0121bqp1dbz-caddy-2.8.4/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:

{
  log {
    level ERROR
  }
}


https://xbrowsersync.rahh.al {
  log {
    output file /var/log/caddy/access-xbrowsersync_server.log
  }

  reverse_proxy http://xbrowsersync.localdomain:80
}

xbrowsersync.localdomain points at the internal host that runs the service.

5. Links to relevant resources:

erahhal · November 18, 2024, 8:14am

Ok, I found the issue, but still no solution. Now I understand why it’s asked to paste the exact config. I left out some entries that were conflicting,

The bind directive documentation page explains it:

Note that binding sites inconsistently may result in unintended consequences. For example, if two sites on the same port resolve to 127.0.0.1 and only one of those sites is configured with bind 127.0.0.1, then only one site will be accessible since the other will bind to the port without a specific host; the OS will choose the more specific matching socket. (Virtual hosts are not shared across different listeners.)

The problem is that my WAN IP is dynamic, so it can’t be specified in the bind directive. I tried adding the domain, rahh.al, which resolves to the WAN IP, but caddy chokes on this. If I try:

bind 10.0.0.1 rahh.al

it errors out:

Nov 17 23:58:57 homefree caddy[307228]: {"level":"error","ts":1731916737.3549156,"logger":"admin.api","msg":"request error","error":"loading config: loading new config: http app module: start: listening on rahh.al:443: listen tcp: lookup rahh.al: no such host","status_code":400}
Nov 17 23:58:57 homefree caddy[327602]: Error: sending configuration to instance: caddy responded with error: HTTP 400: {"error":"loading config: loading new config: http app module: start: listening on rahh.al:443: listen tcp: lookup rahh.al: no such host"}

erahhal · November 18, 2024, 8:22am

The question is simple I guess:

How to bind some hosts to only the LAN interface, and others to all interfaces, when one of those interfaces has a dynamic IP.

erahhal · November 18, 2024, 8:35am

OK. Now it’s working for some reason with the domain in the bind directive. Perhaps it was a DNS issue before since the DNS service was restarting at the same time.

In any case this seems to be working now…

system · December 18, 2024, 8:36am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.