Caddy reverse proxy matchers?

Help
1

1. Output of caddy version:

h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

systemctl start caddy using the official systemd unit file with an addition to send an email on fail

a. System environment:

systemd controlled, ubuntu 22.02

b. Command:

systemctl start caddy

c. Service/unit/compose file:

GNU nano 6.2                              /etc/systemd/system/caddy.service                                        # caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
OnFailure=crashmailserv@%n.service

StartLimitIntervalSec=10
StartLimitBurst=5

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
ExecStartPost=+/bin/systemctl start upmailserv@%n.service
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
Environment=DO_AUTH_TOKEN=redacted
Restart=always

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:

(gen) {
	encode gzip
	uri strip_suffix .html
	try_files {path} {path}.php {path}.html index.php index.html =404
	php_fastcgi unix//var/run/php/php8.1-fpm.sock {
		try_files {path} {path}.php index.php =404
	}
	file_server
	handle_errors {
		rewrite * /{http.error.status_code}
		reverse_proxy https://http.cat {
			header_up Host http.cat
		}
	}
	log {
		format console
		output file /var/log/caddy.log {
			roll_size 25mb
			roll_keep 20
			roll_keep_for 720h
		}
	}
}

(sticky) {
	handle /wp* {
		reverse_proxy :6969
		}
	handle /.* {
		reverse_proxy :6969
		}
	handle /env* {
		reverse_proxy :6969
		}
}

(e-gen) {
	encode gzip
	uri strip_suffix .html
	try_files {path} {path}.php {path}.html index.php index.html
	php_fastcgi unix//var/run/php/php8.1-fpm.sock {
		try_files {path} {path}.php index.php
	}
	file_server
	respond /seed/* "Gone" 410 {
		close
	}
	respond /nh/* "Gone" 410 {
		close
	}
	handle_errors {
		rewrite * /{http.error.status_code}
		reverse_proxy https://http.cat {
			header_up Host http.cat
		}
	}
	log {
		format console
		output file /var/log/caddy.log {
			roll_size 25mb
			roll_keep 20
			roll_keep_for 720h
		}
	}
}

(dns) {
	tls {
		dns digitalocean redacted lol
	}
}

(header-gen) {
	header {
		Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"
	}
}

(bfm-header) {
	header {
		Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"
		Cache-Control: no-cache, must-revalidate
	}
}

eiphax.tech {
	import sticky
	header {
		Strict-Transport-Security "max-age=31536000; preload"
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"
	}
	root * /var/www/eipmain/webroot
	import e-gen
}

facts.eiphax.tech {
	import sticky
	import header-gen
	root * /var/www/eipmain/facts
	import gen
}

laundry.eiphax.tech {
	import sticky
	import header-gen
	root * /var/www/eipmain/webroot/laundry
	import gen
}

soultrader.net.au {
	import header-gen
	root * /var/www/st
	import gen
}

blog.eiphax.tech {
	import header-gen
	root * /var/www/blog
	import gen
}

bytes.eiphax.tech {
	import header-gen
	root * /var/www/bytes
	import gen
}

album.eiphax.tech {
	import sticky
	import header-gen
	root * /var/www/lychee/public
	import gen
}

bin.eiphax.tech {
	import sticky
	import header-gen
	root * /var/www/eipbin
	import gen
}

3ds.eiphax.tech {
	@ytbad {
		header Referer *youtube.com*
	}
	@ytbad2 {
		header Referer *youtu.be*
	}
	rewrite @ytbad /youtube.php
	rewrite @ytbad2 /youtube.php
	import sticky
	import header-gen
	root * /var/www/eipmain/3ds
	import gen
}

http://wiiu.eiphax.tech {
	@ytbad {
		header Referer *youtube.com*
	}
	@ytbad2 {
		header Referer *youtu.be*
	}
	rewrite @ytbad /youtube.php
	rewrite @ytbad2 /youtube.php
	import sticky
	root * /var/www/eipmain/wiiu
	import gen
}

https://wiiu.eiphax.tech {
	@ytbad {
		header Referer *youtube.com*
	}
	@ytbad2 {
		header Referer *youtu.be*
	}
	rewrite @ytbad /youtube.php
	rewrite @ytbad2 /youtube.php
	import sticky
	root * /var/www/eipmain/wiiu/resources
	import gen
	import header-gen
}

nx.eiphax.tech {
	@ytbad {
		header Referer *youtube.com*
	}
	@ytbad2 {
		header Referer *youtu.be*
	}
	rewrite @ytbad /youtube.php
	rewrite @ytbad2 /youtube.php
	import sticky
	import header-gen
	root * /var/www/eipmain/nx
	import gen
}

nintendohomebrew.com {
	header {
		Strict-Transport-Security "max-age=31536000; preload"
		X-XSS-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"
	}
	handle_errors {
		rewrite * /{http.error.status_code}
		reverse_proxy https://http.cat {
			header_up Host http.cat
		}
	}
	import sticky
	root * /var/www/eipmain/nh
	respond /seed/* "Gone" 410 {
		close
	}
	import gen
}

http://bhax.nintendohomebrew.com {
	import sticky
	root * /var/www/bhax/web/nbhax
	try_files {path} {path}.html
	encode gzip
}

bfm.nintendohomebrew.com, seedminer.hacks.guide {
	import sticky
	import bfm-header
	root * /var/www/eipmain/nh/seed
	reverse_proxy localhost:8082
	encode gzip
	file_server
	handle_errors {
		rewrite * /{http.error.status_code}
		reverse_proxy https://http.cat {
			header_up Host http.cat
		}
	}
	log {
		level error
		format console
		output file /var/log/bfm_error.log {
			roll_size 25mb
			roll_keep 20
			roll_keep_for 720h
		}
	}
}

http://part1dumper.nintendohomebrew.com https://part1dumper.nintendohomebrew.com {
	reverse_proxy localhost:8081
}

shitpost.lol {
	import sticky
	import header-gen
	root * /var/www/sp
	import gen
}

hacc.me please.hacc.me {
	import sticky
	import header-gen
	root * /var/www/hacc
	import gen
}

friigaemsworld.com {
	import sticky
	import header-gen
	root * /var/www/frigam
	import gen
}

uwu.tax {
	import sticky
	import header-gen
	root * /var/www/uwu
	import gen
}

conversation.id {
	import sticky
	import header-gen
	root * /var/www/conv
	import gen
}

puebes.com {
	import sticky
	import header-gen
	root * /var/www/puebes
	import gen
}

four.family {
	import sticky
	import header-gen
	root * /var/www/four
	import gen
}

230421.wedding {
	import sticky
	import header-gen
	root * /var/www/wedding
	import gen
}

photos.230421.wedding {
	import sticky
	import header-gen
	root * /mnt/wedding/lychee/public
	import gen
}

easymail.sydney {
	import sticky
	import header-gen
	root * /var/www/easymail
	import gen
}

durriesberg.biz {
	import header-gen
	root * /var/www/dberg
	import gen
}

news.eiphax.tech {
	import header-gen
	root * /var/www/news
	import gen
}

blep.co {
	import sticky
	import header-gen
	root * /var/www/blep
	import gen
}

deadletters.club {
	import header-gen
	root * /var/www/deadletters
	import gen
}

photos.four.family {
	import sticky
	import header-gen
	root * /mnt/charlie/public
	import gen
}

photos.moonaglio.wedding photos.agliomoon.wedding moonaglio.wedding agliomoon.wedding {
	import sticky
	import header-gen
	root * /var/www/moonaglio/public
	import gen
}

garden.eiphax.tech {
	import sticky
	import header-gen
	redir https://blog.eiphax.tech/?p=269 permanent
}

rules.eiphax.tech {
	import sticky
	import header-gen
	root * /var/www/eipmain/webroot/rules
	import gen
}

tarpit.eiphax.tech {
	reverse_proxy :6969
}

3. The problem I’m having:

trying to reverse proxy caddy to a http tarpit, which works… https://tarpit.eiphax.tech hangs forever on the header and curl -v shows the time being sent repeatedly as intended.
however, caddy won’t reverse proxy requests for domain.tld/wp-admin as intended by the /wp* matcher - it says ‘context canceled’. accessing domain.tld/wp-admin by browser or by curl gets the content of the file.
i thought this might have something to do with try_files responding with index.php so i put import sticky for the reverse proxy block at the top of the configs, but it doesn’t seem to work.
any ideas?

4. Error messages and/or full log output:

Oct 25 13:21:26 eiphax.tech caddy[7501]: {"level":"error","ts":1666664486.9546509,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"context canceled"}
Oct 25 13:24:05 eiphax.tech caddy[7501]: {"level":"error","ts":1666664645.3732076,"logger":"http.handlers.reverse_proxy","msg":"aborting with incomplete response","error":"context canceled"}

5. What I already tried:

dicking around with the matchers, but i don’t fully understand how they work (even with the docs. can you tell i’m not a programmer/developer by nature?)

6. Links to relevant resources:

2

This topic was automatically closed after 30 days. New replies are no longer allowed.