Caddy not working as proxy for Azure IoTHub

aak · November 23, 2024, 4:47pm

1. The problem I’m having:

I am trying to use Caddy as reverse proxy for Azure IoTHub and trying to send message to IoTHub using https, mqtt, amqp, amqp_ws,mqtt_ws. I am getting error when I send message via https.

2. Error messages and/or full log output:

I get below error
{
    "Message": "ErrorCode:ServerError;InternalServerError",
    "ExceptionMessage": "Tracking ID:84787584d1a1428cab1e72dc1187be47-G:0-TimeStamp:11/23/2024 16:29:17"
}
**Request details**
https://localhost:443/devices/<device-id>/messages/events?api-version=2021-04
method:POST

message body
{
    "name":"testmsg"
}

Headers
Authorization:<working auth- this works when I send direct message without caddy to this IoTHub device>
Content-Type:application/json

**Error on Caddy console**
2024/11/23 16:33:34.618 ←[35mDEBUG←[0m  http.stdlib     http: TLS handshake error from [::1]:58223: EOF
2024/11/23 16:33:34.619 ←[35mDEBUG←[0m  events  event   {"name": "tls_get_certificate", "id": "7dcb23f3-8a82-4295-adc6-d50c4b424733", "origin": "tls", "data": {"client_hello":{"CipherSuites":[4865,4866,4867,49199,49195,49200,49196,49191,52393,52392,49161,49171,49162,49172,156,157,47,53],"ServerName":"localhost","SupportedCurves":[29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537,513],"SupportedProtos":null,"SupportedVersions":[772,771,770,769],"RemoteAddr":{"IP":"::1","Port":58224,"Zone":""},"LocalAddr":{"IP":"::1","Port":443,"Zone":""}}}}
2024/11/23 16:33:34.620 ←[35mDEBUG←[0m  tls.handshake   choosing certificate    {"identifier": "localhost", "num_choices": 1}
2024/11/23 16:33:34.620 ←[35mDEBUG←[0m  tls.handshake   default certificate selection results   {"identifier": "localhost", "subjects": ["localhost"], "managed": true, "issuer_key": "local", "hash": "09641b28975d89acab5749d2ad7815a96741bb190eb6bae859996a9944d147d2"}
2024/11/23 16:33:34.620 ←[35mDEBUG←[0m  tls.handshake   matched certificate in cache    {"remote_ip": "::1", "remote_port": "58224", "subjects": ["localhost"], "managed": true, "expiration": "2024/11/24 04:29:09.000", "hash": "09641b28975d89acab5749d2ad7815a96741bb190eb6bae859996a9944d147d2"}
2024/11/23 16:33:34.622 ←[35mDEBUG←[0m  http.handlers.reverse_proxy     selected upstream       {"dial": "iothubname.azure-devices.net:443", "total_upstreams": 1}
2024/11/23 16:33:35.747 ←[35mDEBUG←[0m  http.handlers.reverse_proxy     upstream roundtrip      {"upstream": "<iothubname>.azure-devices.net:443", "duration": 1.1240946, "request": {"remote_ip": "::1", "remote_port": "58224", "client_ip": "::1", "proto": "HTTP/1.1", "method": "POST", "host": "localhost:443", "uri": "/devices/<device-id>/messages/events?api-version=2021-04", "headers": {"User-Agent": ["PostmanRuntime/7.42.0"], "Authorization": ["REDACTED"], "Cache-Control": ["no-cache"], "X-Forwarded-Proto": ["https"], "Content-Length": ["28"], "X-Forwarded-For": ["::1"], "Accept-Encoding": ["gzip, deflate, br"], "X-Forwarded-Host": ["localhost:443"], "Content-Type": ["application/json"], "Accept": ["*/*"], "Postman-Token": ["token"]}, "tls": {"resumed": false, "version": 771, "cipher_suite": 49195, "proto": "", "server_name": "localhost"}}, "headers": {"Date": ["Sat, 23 Nov 2024 16:33:35 GMT"], "Content-Length": ["155"], "Content-Type": ["application/json; charset=utf-8"], "Server": ["Microsoft-HTTPAPI/2.0"], "X-Ms-Request-Id": ["reqid"], "Iothub-Errorcode": ["ServerError"]}, "status": 500}

3. Caddy version:

v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=

4. How I installed and ran Caddy:

I downloaded caddy from Caddy website

a. System environment:

Windows 10 Enterprise x64-based processor

b. Command:

caddy.exe run

c. Service/unit/compose file:

Not docker installation, running Caddy directly

d. My complete Caddy config:

{
	debug
}
localhost:443 {
    reverse_proxy https://iothubname.azure-devices.net {
        header_up X-Forwarded-Proto {scheme}
		header_up Authorization
		transport http {
			dial_timeout 10s
			response_header_timeout 30s
			tls_insecure_skip_verify
		}		
    }
	tls {
		protocols tls1.2 tls1.2
	}
	log {
        output file caddy_access.log
    }
}

5. Links to relevant resources:

francislavoie · November 23, 2024, 10:34pm

Remove this stuff from your config, it doesn’t do anything useful for you.

This error is coming from your upstream app. Doesn’t look like a problem with Caddy itself. You’ll need to get help from the authors/community for your upstream app.

aak · November 24, 2024, 2:56pm

Thanks a lot for responding. I am able to send messages to that same IoTHub without Caddy using same channel as Postman. But when I set up Caddy and try to send messages via Caddy(using postman) then I am getting this error. This makes me think that my configuration is wrong.

Thanks

aak · November 25, 2024, 4:18am

Really looking for some help on this.

Whitestrake · November 25, 2024, 5:12am

Other than removing the parts Francis mentioned, I’m not sure how else we could advise you.

The 500 error isn’t from Caddy, it comes from the upstream server. You’ll need to get specific help with that app to determine what it wants/needs, if it needs something special. Caddy functions as an almost entirely transparent proxy (assuming you don’t misconfigure it).

system · December 25, 2024, 5:12am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.