1. The problem I’m having:
I’m trying to create a simple reverse proxy from a HTTP caddy server to the default HTTPS URL for the latest version of Windows Admin Center (Version 2311). I’m using the NTLM module to achieve this. When I navigate to the HTTP caddy page, I get the login as usual, however no matter how many times I input the correct username and password, I keep getting prompted to login over and over again with 401 errors. Using the same credentials on the normal HTTPS site works instantly of course.
2. Error messages and/or full log output:
DBG ts=1708748002.0027668 logger=http.handlers.reverse_proxy msg=selected upstream dial=192.168.1.20:9083 total_upstreams=1
DBG ts=1708748002.0076027 logger=http.handlers.reverse_proxy msg=upstream roundtrip upstream=192.168.1.20:9083 duration=0.004784956 request={"remote_ip":"100.0.0.1","remote_port":"56364","proto":"HTTP/1.1","method":"GET","host":"ubuntu-server:9082","uri":"/","headers":{"Pragma":["no-cache"],"Upgrade-Insecure-Requests":["1"],"Accept-Encoding":["gzip, deflate"],"Accept-Language":["en-US,en;q=0.9"],"Cache-Control":["no-cache"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"X-Forwarded-For":["100.0.0.1"],"X-Forwarded-Proto":["http"],"X-Forwarded-Host":["ubuntu-server:9082"]}} headers={"Content-Length":["0"],"Www-Authenticate":["Negotiate","NTLM"],"Date":["Sat, 24 Feb 2024 04:13:21 GMT"]} status=401
DBG ts=1708748016.0307705 logger=http.handlers.reverse_proxy msg=selected upstream dial=192.168.1.20:9083 total_upstreams=1
DBG ts=1708748016.0316873 logger=http.handlers.reverse_proxy msg=upstream roundtrip upstream=192.168.1.20:9083 duration=0.000864192 request={"remote_ip":"100.0.0.1","remote_port":"56364","proto":"HTTP/1.1","method":"GET","host":"ubuntu-server:9082","uri":"/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"X-Forwarded-For":["100.0.0.1"],"Cache-Control":["max-age=0"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0"],"X-Forwarded-Proto":["http"],"Accept-Encoding":["gzip, deflate"],"Accept-Language":["en-US,en;q=0.9"],"Upgrade-Insecure-Requests":["1"],"X-Forwarded-Host":["ubuntu-server:9082"]}} headers={"Date":["Sat, 24 Feb 2024 04:13:36 GMT"],"Content-Length":["0"],"Www-Authenticate":["Negotiate","NTLM"]} status=401
DBG ts=1708748018.0792294 logger=http.handlers.reverse_proxy msg=selected upstream dial=192.168.1.20:9083 total_upstreams=1
DBG ts=1708748018.0844784 logger=http.handlers.reverse_proxy msg=upstream roundtrip upstream=192.168.1.20:9083 duration=0.005182853 request={"remote_ip":"100.0.0.1","remote_port":"56364","proto":"HTTP/1.1","method":"GET","host":"ubuntu-server:9082","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0"],"Authorization":[],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"X-Forwarded-Host":["ubuntu-server:9082"],"X-Forwarded-For":["100.0.0.1"],"Cache-Control":["max-age=0"],"Accept-Encoding":["gzip, deflate"],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-Proto":["http"]}} headers={"Www-Authenticate":["Negotiate <redacted>"],"Date":["Sat, 24 Feb 2024 04:13:38 GMT"],"Content-Length":["0"]} status=401
DBG ts=1708748018.08581 logger=http.handlers.reverse_proxy msg=selected upstream dial=192.168.1.20:9083 total_upstreams=1
DBG ts=1708748018.0876324 logger=http.handlers.reverse_proxy msg=upstream roundtrip upstream=192.168.1.20:9083 duration=0.001771184 request={"remote_ip":"100.0.0.1","remote_port":"56364","proto":"HTTP/1.1","method":"GET","host":"ubuntu-server:9082","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"X-Forwarded-Host":["ubuntu-server:9082"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"X-Forwarded-For":["100.0.0.1"],"Cache-Control":["max-age=0"],"Authorization":[],"X-Forwarded-Proto":["http"],"Accept-Encoding":["gzip, deflate"],"Accept-Language":["en-US,en;q=0.9"]}} headers={"Content-Length":["0"],"Www-Authenticate":["Negotiate","NTLM"],"Date":["Sat, 24 Feb 2024 04:13:38 GMT"]} status=401
3. Caddy version:
Version 2.7.6
4. How I installed and ran Caddy:
Using Docker with instructions to build NTLM module
a. System environment:
Official docker container using builder
b. Command:
None, just what the normal docker build command runs.
c. Service/unit/compose file:
N/A
d. My complete Caddy config:
{
debug
}
http://:80 {
reverse_proxy {
to https://192.168.1.20:9083
transport http_ntlm {
tls_insecure_skip_verify
}
}
encode zstd gzip
}