1. Caddy version (caddy version
):
v2.2.0 h1:sMUFqTbVIRlmA8NkFnNt9l7s0e+0gw+7GPIrhty905A=
2. How I run Caddy:
/usr/local/bin/caddyv2 run --config /etc/caddy/Caddyfile
a. System environment:
CentOS 7. Running Caddy V2 directly as a binary.
b. Command:
/usr/local/bin/caddyv2 run --config /etc/caddy/Caddyfile
c. Service/unit/compose file:
Not Applicable.
d. My complete Caddyfile or JSON config:
genetics.ghpc.au.dk {
encode zstd gzip
log {
output file /var/log/access.log
}
header / Strict-Transport-Security "max-age=31536000;"
reverse_proxy /filesend* 172.16.2.50:8081 {
}
root * /var/www
}
3. The problem I’m having:
I have a local http service (gouploader) running on port 8081. It is reachable on the 172.16.2.* network as http://172.16.2.50:8081. I have verified of this. I want Caddy that already serves static website - https - genetics.ghpc.au.dk to reverse proxy [https]://genetics.ghpc.au.dk/filesend to my gouploader service ([http]://172.16.2.50:8081). I cannot get Caddy to do this.
The above Caddyfile leads to a 404 when I try to reach [https]://genetics.ghpc.au.dk/filesend
The following was seen in the access log related to the 404 response.
2020/10/12 12:38:21.055 error http.log.access.log0 handled request {"request": {"remote_addr": "10.192.156.210:61272", "proto": "HTTP/2.0", "method": "GET", "host": "genetics.ghpc.au.dk", "uri": "/filesend", "headers": {"Sec-Fetch-Site": ["none"], "Sec-Fetch-Mode": ["navigate"], "Accept-Language": ["en-GB,en-US;q=0.9,en;q=0.8"], "Cookie": ["_ga=GA1.2.2033167247.1516472574; optimizelyEndUserId=oeu1530606654843r0.7496788111050647; optimizelySegments=%7B%223013120724%22%3A%22referral%22%2C%223034530940%22%3A%22false%22%2C%223037560640%22%3A%22gc%22%7D; optimizelyBuckets=%7B%7D"], "Cache-Control": ["max-age=0"], "Upgrade-Insecure-Requests": ["1"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Sec-Fetch-User": ["?1"], "Sec-Fetch-Dest": ["document"], "Accept-Encoding": ["gzip, deflate, br"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "genetics.ghpc.au.dk"}}, "common_log": "10.192.156.210 - - [12/Oct/2020:14:38:21 +0200] \"GET /filesend HTTP/2.0\" 404 18", "duration": 0.00732013, "size": 18, "status": 404, "resp_headers": {"Content-Type": ["text/plain"], "Date": ["Mon, 12 Oct 2020 12:38:21 GMT"], "Content-Length": ["18"], "Server": ["Caddy"]}}
If I change the Caddyfile to
genetics.ghpc.au.dk {
encode zstd gzip
log {
output file /var/log/access.log
}
header / Strict-Transport-Security "max-age=31536000;"
reverse_proxy /filesend* https://172.16.2.50:8081 {
header_up Host "genetics.ghpc.au.dk"
header_up X-Forwarded-Proto https
}
root * /var/www
}
I get a 502 error:
2020/10/12 12:33:59.087 ERROR http.log.error.log0 tls: first record does not look like a TLS handshake {"request": {"remote_addr": "10.192.156.210:61252", "proto": "HTTP/2.0", "method": "GET", "host": "genetics.ghpc.au.dk", "uri": "/filesend", "headers": {"Cache-Control": ["max-age=0"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Sec-Fetch-Site": ["none"], "Sec-Fetch-Mode": ["navigate"], "Sec-Fetch-User": ["?1"], "Sec-Fetch-Dest": ["document"], "Cookie": ["_ga=GA1.2.2033167247.1516472574; optimizelyEndUserId=oeu1530606654843r0.7496788111050647; optimizelySegments=%7B%223013120724%22%3A%22referral%22%2C%223034530940%22%3A%22false%22%2C%223037560640%22%3A%22gc%22%7D; optimizelyBuckets=%7B%7D"], "Upgrade-Insecure-Requests": ["1"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36"], "Accept-Encoding": ["gzip, deflate, br"], "Accept-Language": ["en-GB,en-US;q=0.9,en;q=0.8"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "genetics.ghpc.au.dk"}}, "duration": 0.004518668, "status": 502, "err_id": "ge53302m5", "err_trace": "reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:440)"}
How should I do the reverse_proxy correctly so that
genetics.ghpc.au.dk/filesend gets proxied to 172.16.2.50:8081/ ?
Appreciate any help.