1. Output of caddy version
:
h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I run Caddy:
systemctl start caddy using the official systemd unit file with an addition to send an email on fail
a. System environment:
systemd controlled, ubuntu 22.02
b. Command:
systemctl start caddy
c. Service/unit/compose file:
GNU nano 6.2 /etc/systemd/system/caddy.service # caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
OnFailure=crashmailserv@%n.service
StartLimitIntervalSec=10
StartLimitBurst=5
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
ExecStartPost=+/bin/systemctl start upmailserv@%n.service
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
Environment=DO_AUTH_TOKEN=redacted
Restart=always
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
(gen) {
encode gzip
uri strip_suffix .html
try_files {path} {path}.php {path}.html index.php index.html =404
php_fastcgi unix//var/run/php/php8.1-fpm.sock {
try_files {path} {path}.php index.php =404
}
file_server
handle_errors {
rewrite * /{http.error.status_code}
reverse_proxy https://http.cat {
header_up Host http.cat
}
}
log {
format console
output file /var/log/caddy.log {
roll_size 25mb
roll_keep 20
roll_keep_for 720h
}
}
}
(sticky) {
handle /wp* {
reverse_proxy :6969
}
handle /.* {
reverse_proxy :6969
}
handle /env* {
reverse_proxy :6969
}
}
(e-gen) {
encode gzip
uri strip_suffix .html
try_files {path} {path}.php {path}.html index.php index.html
php_fastcgi unix//var/run/php/php8.1-fpm.sock {
try_files {path} {path}.php index.php
}
file_server
respond /seed/* "Gone" 410 {
close
}
respond /nh/* "Gone" 410 {
close
}
handle_errors {
rewrite * /{http.error.status_code}
reverse_proxy https://http.cat {
header_up Host http.cat
}
}
log {
format console
output file /var/log/caddy.log {
roll_size 25mb
roll_keep 20
roll_keep_for 720h
}
}
}
(dns) {
tls {
dns digitalocean redacted lol
}
}
(header-gen) {
header {
Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
}
}
(bfm-header) {
header {
Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Cache-Control: no-cache, must-revalidate
}
}
eiphax.tech {
import sticky
header {
Strict-Transport-Security "max-age=31536000; preload"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
}
root * /var/www/eipmain/webroot
import e-gen
}
facts.eiphax.tech {
import sticky
import header-gen
root * /var/www/eipmain/facts
import gen
}
laundry.eiphax.tech {
import sticky
import header-gen
root * /var/www/eipmain/webroot/laundry
import gen
}
soultrader.net.au {
import header-gen
root * /var/www/st
import gen
}
blog.eiphax.tech {
import header-gen
root * /var/www/blog
import gen
}
bytes.eiphax.tech {
import header-gen
root * /var/www/bytes
import gen
}
album.eiphax.tech {
import sticky
import header-gen
root * /var/www/lychee/public
import gen
}
bin.eiphax.tech {
import sticky
import header-gen
root * /var/www/eipbin
import gen
}
3ds.eiphax.tech {
@ytbad {
header Referer *youtube.com*
}
@ytbad2 {
header Referer *youtu.be*
}
rewrite @ytbad /youtube.php
rewrite @ytbad2 /youtube.php
import sticky
import header-gen
root * /var/www/eipmain/3ds
import gen
}
http://wiiu.eiphax.tech {
@ytbad {
header Referer *youtube.com*
}
@ytbad2 {
header Referer *youtu.be*
}
rewrite @ytbad /youtube.php
rewrite @ytbad2 /youtube.php
import sticky
root * /var/www/eipmain/wiiu
import gen
}
https://wiiu.eiphax.tech {
@ytbad {
header Referer *youtube.com*
}
@ytbad2 {
header Referer *youtu.be*
}
rewrite @ytbad /youtube.php
rewrite @ytbad2 /youtube.php
import sticky
root * /var/www/eipmain/wiiu/resources
import gen
import header-gen
}
nx.eiphax.tech {
@ytbad {
header Referer *youtube.com*
}
@ytbad2 {
header Referer *youtu.be*
}
rewrite @ytbad /youtube.php
rewrite @ytbad2 /youtube.php
import sticky
import header-gen
root * /var/www/eipmain/nx
import gen
}
nintendohomebrew.com {
header {
Strict-Transport-Security "max-age=31536000; preload"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
}
handle_errors {
rewrite * /{http.error.status_code}
reverse_proxy https://http.cat {
header_up Host http.cat
}
}
import sticky
root * /var/www/eipmain/nh
respond /seed/* "Gone" 410 {
close
}
import gen
}
http://bhax.nintendohomebrew.com {
import sticky
root * /var/www/bhax/web/nbhax
try_files {path} {path}.html
encode gzip
}
bfm.nintendohomebrew.com, seedminer.hacks.guide {
import sticky
import bfm-header
root * /var/www/eipmain/nh/seed
reverse_proxy localhost:8082
encode gzip
file_server
handle_errors {
rewrite * /{http.error.status_code}
reverse_proxy https://http.cat {
header_up Host http.cat
}
}
log {
level error
format console
output file /var/log/bfm_error.log {
roll_size 25mb
roll_keep 20
roll_keep_for 720h
}
}
}
http://part1dumper.nintendohomebrew.com https://part1dumper.nintendohomebrew.com {
reverse_proxy localhost:8081
}
shitpost.lol {
import sticky
import header-gen
root * /var/www/sp
import gen
}
hacc.me please.hacc.me {
import sticky
import header-gen
root * /var/www/hacc
import gen
}
friigaemsworld.com {
import sticky
import header-gen
root * /var/www/frigam
import gen
}
uwu.tax {
import sticky
import header-gen
root * /var/www/uwu
import gen
}
conversation.id {
import sticky
import header-gen
root * /var/www/conv
import gen
}
puebes.com {
import sticky
import header-gen
root * /var/www/puebes
import gen
}
four.family {
import sticky
import header-gen
root * /var/www/four
import gen
}
230421.wedding {
import sticky
import header-gen
root * /var/www/wedding
import gen
}
photos.230421.wedding {
import sticky
import header-gen
root * /mnt/wedding/lychee/public
import gen
}
easymail.sydney {
import sticky
import header-gen
root * /var/www/easymail
import gen
}
durriesberg.biz {
import header-gen
root * /var/www/dberg
import gen
}
news.eiphax.tech {
import header-gen
root * /var/www/news
import gen
}
blep.co {
import sticky
import header-gen
root * /var/www/blep
import gen
}
deadletters.club {
import header-gen
root * /var/www/deadletters
import gen
}
photos.four.family {
import sticky
import header-gen
root * /mnt/charlie/public
import gen
}
photos.moonaglio.wedding photos.agliomoon.wedding moonaglio.wedding agliomoon.wedding {
import sticky
import header-gen
root * /var/www/moonaglio/public
import gen
}
garden.eiphax.tech {
import sticky
import header-gen
redir https://blog.eiphax.tech/?p=269 permanent
}
rules.eiphax.tech {
import sticky
import header-gen
root * /var/www/eipmain/webroot/rules
import gen
}
tarpit.eiphax.tech {
reverse_proxy :6969
}
3. The problem I’m having:
trying to reverse proxy caddy to a http tarpit, which works… https://tarpit.eiphax.tech
hangs forever on the header and curl -v
shows the time being sent repeatedly as intended.
however, caddy won’t reverse proxy requests for domain.tld/wp-admin
as intended by the /wp*
matcher - it says ‘context canceled’. accessing domain.tld/wp-admin
by browser or by curl gets the content of the file.
i thought this might have something to do with try_files
responding with index.php
so i put import sticky
for the reverse proxy block at the top of the configs, but it doesn’t seem to work.
any ideas?
4. Error messages and/or full log output:
Oct 25 13:21:26 eiphax.tech caddy[7501]: {"level":"error","ts":1666664486.9546509,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"context canceled"}
Oct 25 13:24:05 eiphax.tech caddy[7501]: {"level":"error","ts":1666664645.3732076,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"context canceled"}
5. What I already tried:
dicking around with the matchers, but i don’t fully understand how they work (even with the docs. can you tell i’m not a programmer/developer by nature?)