Caddy only gives a nop

1. The problem I’m having:

I configured multiple reverse entries - however a Synology Webserver doesnt work via Caddy.
I configured the upstream https, ip address, custom port (7001).

I only get a nop returned.

# Reverse Proxy Domain: "3f737aa2-b93a-4af7-2584-7560190f0489"
file.my.domain {
	log 3f737aa2-5288-4af7-2565-7560190f0489
	tls /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.pem /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.key

	handle {
		reverse_proxy https://192.168.1.1:7001 {
			transport http {
				tls_insecure_skip_verify
			}
		}
	}
}

It works flawless for other servers, therefore I dont see any issue in the FW config.

2. Error messages and/or full log output:

07T16:27:39Z","logger":"http.log.access.3f737aa2-b93a-4af7-b72d-7560190f0489","msg":"NOP","request":{"remote_ip":"192.168.1.2","remote_port":"60993","client_ip":"192.168.1.2","proto":"HTTP/2.0","method":"GET","host":"file.my.domain","uri":"/favicon.ico","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"],"Cookie":["REDACTED"],"Accept-Language":["en-GB,en;q=0.7"],"Sec-Fetch-Site":["same-origin"],"Sec-Ch-Ua":["\"Not(A:Brand\";v=\"99\", \"Brave\";v=\"133\", \"Chromium\";v=\"133\""],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Dest":["image"],"Priority":["u=1, i"],"Dnt":["1"],"Referer":["https://file.my.domain/"],"Sec-Fetch-Mode":["no-cors"],"Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"Sec-Gpc":["1"],"Sec-Ch-Ua-Platform":["\"macOS\""]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"file.my.domain"}},"bytes_read":0,"user_id":"","duration":0.000002745,"size":0,"status":0,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}

3. Caddy version:

caddy version
v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=

4. How I installed and ran Caddy:

Part of opnsense

a. System environment:

opnsense firewall

b. Command:

Testing with curl and manually setting the hostname to the FW LAN interface to make sure no DNS errors interfere.

curl -k --resolve file.my.domain:443:192.168.1.10 https://file.my.domain

d. My complete Caddy config:

# DO NOT EDIT THIS FILE -- OPNsense auto-generated file


# caddy_user=root

# Global Options
{
	log {
		include http.log.access.3f737aa2-b93a-4af7-b72d-7560190f0489
		output net unixgram//var/run/caddy/log.sock {
		}
		format json {
			time_format rfc3339
		}
	}

	servers {
		protocols h1 h2
	}

	auto_https off
	grace_period 10s
	import /usr/local/etc/caddy/caddy.d/*.global
}

# Reverse Proxy Configuration


# Reverse Proxy Domain: "79179cc0-6ab4-4a49-9d79-5d58cf46062a"
drive.my.domain {
	tls /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.pem /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.key

	@a20a6fb3-09f4-4765-bd5e-8b34362d52bd_drivemydomain {
		not client_ip 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 104.24.0.0/14 172.64.0.0/13 131.0.72.0/22 10.0.0.0/8 
	}
	handle @a20a6fb3-09f4-4765-bd5e-8b34362d52bd_drivemydomain {
		abort
	}

	handle {
		reverse_proxy https://192.168.1.1:10003 {
			transport http {
				tls_insecure_skip_verify
			}
		}
	}
}
# Reverse Proxy Domain: "cfb6ccd1-1006-453b-92f6-1d449b125935"
dsm.my.domain {
	tls /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.pem /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.key

	@a20a6fb3-09f4-4765-bd5e-8b34362d52bd_dsmmydomain {
		not client_ip 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 104.24.0.0/14 172.64.0.0/13 131.0.72.0/22 10.0.0.0/8 
	}
	handle @a20a6fb3-09f4-4765-bd5e-8b34362d52bd_dsmmydomain {
		abort
	}

	handle {
		reverse_proxy https://192.168.1.1:5001 {
			transport http {
				tls_insecure_skip_verify
			}
		}
	}
}
# Reverse Proxy Domain: "a76af138-0c5c-453d-80d0-e21bd176672a"
photos.kazoku.my {
	tls /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.pem /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.key

	handle {
		reverse_proxy https://192.168.1.1:5003 {
			transport http {
				tls_insecure_skip_verify
			}
		}
	}
}
# Reverse Proxy Domain: "b14eb5d4-db81-4be4-9aaa-089c6be2e465"
pve.my.domain {
	tls /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.pem /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.key

	@a20a6fb3-09f4-4765-bd5e-8b34362d52bd_pvemydomain {
		not client_ip 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 104.24.0.0/14 172.64.0.0/13 131.0.72.0/22 10.0.0.0/8 
	}
	handle @a20a6fb3-09f4-4765-bd5e-8b34362d52bd_pvemydomain {
		abort
	}

	handle {
		reverse_proxy https://192.168.1.111:8006 {
			transport http {
				tls_insecure_skip_verify
			}
		}
	}
}
# Reverse Proxy Domain: "ff9fe08a-f2e8-41ec-a80b-96f0a130b051"
misp.my.domain {
	tls /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.pem /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.key

	@a20a6fb3-09f4-4765-bd5e-8b34362d52bd_mispmydomain {
		not client_ip 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 104.24.0.0/14 172.64.0.0/13 131.0.72.0/22 10.0.0.0/8 
	}
	handle @a20a6fb3-09f4-4765-bd5e-8b34362d52bd_mispmydomain {
		abort
	}

	handle {
		reverse_proxy https://10.0.20.11:443 {
			transport http {
				tls_insecure_skip_verify
			}
		}
	}
}
# Reverse Proxy Domain: "3f737aa2-b93a-4af7-b72d-7560190f0489"
file.my.domain {
	log 3f737aa2-b93a-4af7-b72d-7560190f0489
	tls /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.pem /var/db/caddy/data/caddy/certificates/temp/65d767a6b7244.key

	handle {
		reverse_proxy https://192.168.1.1:7001 {
			transport http {
				tls_insecure_skip_verify
			}
		}
	}
}

import /usr/local/etc/caddy/caddy.d/*.conf

Any ideas are highly appreciated.

It’s because there is no handler/route configured for file.wicked.design, only for file.my.domain.

Thx matt. Sorry, this was ment to be replaced. There is a corresponding rule for file.wicked.design aka file.my.domain

PS: curl, ping, telnet etc. from the FW to the synology works as well.
Only going through caddy

PPS: Why am I replying too quickly and have to wait 35 minutes?!?

We’ve been fighting aggressive spam originating from Jio and Airtel, and the rate limiter helps slowing them down.

Thx for the info Mohammed

PS: I also just added a new, NPM based webservice, and it works flawless.

Is there any known issue with Synologys DSM based services?

There shouldn’t. I have Synology and proxy some services over Caddy just fine.

Strange. I deleted all of the rules, readded them, doesnt help.
All the other caddy entries work fine. Totally lost currently.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.