1. Caddy version (caddy version
):
v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=
reverted to
v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=
2. How I run Caddy:
Ubuntu 20.04, systemd, sudo service caddy start/stop/reload
a. System environment:
Ubuntu 20.04, Jenkins 2.346, Caddy 2.5.1
b. Command:
sudo service caddy start
c. Service/unit/compose file:
Still have no idea where this is
d. My complete Caddyfile or JSON config:
{
admin off
}
(logging) {
log {
output file /var/log/caddy/caddy.log {
roll_size 15mb
roll_keep 20
}
}
}
(errors) {
handle_errors {
root * /var/www/internal/errors
rewrite * /{http.error.status_code}.html
file_server
}
}
(php) {
php_fastcgi unix//run/php/php8.1-fpm.sock
}
www.telesphoreo.me {
import logging
redir https://telesphoreo.me{uri}
}
telesphoreo.me {
import logging
import errors
import php
root * /var/www/telesphoreo.me
file_server browse
encode gzip zstd
@denied path /assets/ /old_html/* /new_html/* /recyclebin/* /nitrogen/ /wave/
error @denied 403
}
blog.telesphoreo.me {
import logging
import php
root * /var/www/blog.telesphoreo.me
file_server
encode gzip
}
db2.telesphoreo.me {
import logging
import php
root * /usr/share/phpmyadmin
file_server
}
nexus.telesphoreo.me {
reverse_proxy http://localhost:8082
}
panel.telesphoreo.me {
import logging
php_fastcgi unix//run/php/php8.0-fpm.sock
root * /var/www/pterodactyl/public
file_server
header X-Content-Type-Options nosniff
header X-XSS-Protection "1; mode=block"
header X-Robots-Tag none
header Content-Security-Policy "frame-ancestors 'self'"
header X-Frame-Options DENY
header Referrer-Policy same-origin
request_body {
max_size 100m
}
respond /.ht* 403
}
pictochat.telesphoreo.me {
import logging
reverse_proxy http://localhost:8080
}
wordle.telesphoreo.me {
import logging
root * /var/www/wordle.telesphoreo.me/games/wordle
file_server
encode gzip
}
ci.plex.us.org {
reverse_proxy http://localhost:8081
}
discord.plex.us.org {
import logging
redir https://discord.com/invite/HZsdUnsRKc
}
docs.plex.us.org {
import logging
redir https://plex.us.org{uri}
}
httpd.plex.us.org {
import logging
reverse_proxy 172.18.0.1:27192
}
plan.plex.us.org {
import logging
reverse_proxy 172.18.0.1:8804
}
plex.us.org {
import logging
root * /var/www/plexus.org/build
respond /updater/check/ "1.0.3"
file_server
}
forum.plex.us.org {
import logging
import php
root * /var/www/forum.plexus.org/public
file_server
header /assets {
+Cache-Control "public, must-revalidate, proxy-revalidate"
+Cache-Control "max-age=25000"
Pragma "public"
}
respond /.ht* 403
}
www.smokes-crystal.rocks {
import logging
redir https://smokes-crystal.rocks{uri}
}
smokes-crystal.rocks {
import logging
import errors
root * /var/www/smokes-crystal.rocks
file_server
}
3. The problem Iâm having:
Ever since Caddy v2.5.0, Jenkins has not been working reliably. I run it using the official Jenkins weekly image. Ever since v2.5.0, Iâve been getting âError 403 No valid crumb submitted in the requestâ. I was ignoring it at first, but it was happening so frequently it was driving me insane. So I googled it and it appears that it happens whenever you submit a form. There is an option to âbetter support proxiesâ which is vague but is less secure. Itâs very easy to reproduce. All I have to do is go anywhere there is a form, and submit the data. The error seems to occur if I either switch tabs or am on the form for too long. If I complete the form fast on v2.5.1, it works. I downgraded to Caddy v2.4.6 and the issue is no longer present. I can be on a form for as long as I like, switch tabs as many times as I want, and the form will still go through. I also tried this on v2.5.0 and I got the same problems as v2.5.1.
4. Error messages and/or full log output:
I genuinely have no idea where any errors are. I searched through my caddy.log file but canât find anything relevant relating to it. There isnât even a single instance of âci.plex.us.orgâ in the file upon further inspection.
5. What I already tried:
Downgrading to Caddy v2.4.6. This is the solution but I donât want to stay on v2.4.6 of Caddy for the rest of my life. I really donât have any idea how to approach this issue because I havenât had any errors until upgrading to v2.5.0. It seems as if itâs a bug so I am not sure.
6. Links to relevant resources:
https://ci.plex.us.org
spinnaker - Jenkins: 403 No valid crumb was included in the request - Stack Overflow â suggestion to enable enable proxy compatibility, but not recommended. Issue was still happening even after enabling this by the way