Caddy v2 SSL proxy

Help
1

1. My Caddy version (caddy -version):

caddy version
(devel)

2. How I run Caddy:

I am running a compiled version of Caddy v2
(git commit aad9f90cad23d709075073fd59214a51249de386)

a. System environment:

  • OS: RedHat (CentOS 7.7.1908) running kernel 3.10.0-1062.4.1.el7.x86_64

b. Command:

command line /usr/local/bin/caddy run --config=/etc/caddy/caddy.conf

c. Service/unit/compose file:

[Unit]
Description=Caddy v2
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service
[Service]
Restart=on-abnormal
; User and group the process will run as.
User=caddy
Group=caddy
Environment=CADDYPATH=/etc/caddy/ssl
ExecStart=/usr/local/bin/caddy run --config=/etc/caddy/caddy.conf
; Use graceful shutdown with a reasonable timeout
KillMode=mixed
KillSignal=SIGQUIT
TimeoutStopSec=5s

d. My complete Caddyfile:

  • Working proxy:
{
  "apps": {
    "http": {
      "servers": {
        "srv0": {
          "automatic_https": {
            "disable": false,
            "ignore_loaded_certificates": false
          },
          "listen": [
            ":80",
            ":443"
          ],
          "logs": {
          },
          "routes": [
            {
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "handler": "reverse_proxy",
                          "headers": {
                            "request": {
                              "set": {
                                "Host": [
                                  "{http.request.host}"
                                ],
                                "X-Forwarded-For": [
                                  "{http.request.remote}"
                                ],
                                "X-Forwarded-Port": [
                                  "{http.request.port}"
                                ],
                                "X-Forwarded-Proto": [
                                  "{http.request.scheme}"
                                ],
                                "X-Real-Ip": [
                                  "{http.request.remote}"
                                ]
                              }
                            }
                          },
                          "upstreams": [
                            {
                              "dial": "1.2.3.4:80"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              ],
              "match": [
                {
                  "host": [
                    "mydomain"
                  ]
                }
              ]
            }
          ]
        }
      }
    }
  }
}

OR:

  • Working on-demand certificates:
{
  "apps": {
    "http": {
      "servers": {
        "srv0": {
          "automatic_https": {
            "disable": false,
            "ignore_loaded_certificates": false
          },
          "listen": [
            ":80",
            ":443"
          ],
          "logs": {
          },
          "routes": [
            {
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "handler": "reverse_proxy",
                          "health_checks": {
                            "active": {
                              "expect_status": 2,
                              "path": "/"
                            }
                          },
                          "transport": {
                            "protocol": "http",
                            "read_buffer_size": 4096
                          },
                          "upstreams": [
                            {
                              "dial": "1.2.3.4:80"
                            }
                          ]
                        }
                      ],
                      "match": [
                        {
                          "path": [
                            "/"
                          ]
                        }
                      ]
                    }
                  ]
                }
              ],
              "match": [
                {
                  "host": [
                    "mydomain"
                  ]
                }
              ],
              "terminal": true
            }
          ],
          "tls_connection_policies": [
            {
            }
          ]
        }
      }
    },
    "tls": {
      "automation": {
        "on_demand": {
        },
        "policies": [
          {
            "management": {
              "module": "acme",
              "on_demand": true
            }
          }
        ]
      }
    }
  }
}

3. The problem I’m having:

I have the above two configurations:
With the first the proxy seems to be working, although no new certificates can be issued and it only listens to a single host.
With the second config, I am able to issue on-demand certificates, but I get a blank page.
Using tcpdump however, I see the server retrieving the complete page from the upstream, although this is not returned to my browser (no errors appear).

I tried combining the two, to get a SSL proxy that listens to all hosts and dynamically creates new certificates where needed, while still serving the same upstream. (tls config from 2 and reverse_proxy from 1).
Unfortunately, I am stuck with a single blank page, while other hosts return a SSL connect error.
I have tried every combination I could think off and have plowed hours to JSON, but even with the help from coworkers, I was unable to create my desired SSL reverse proxy.

4. Error messages and/or full log output:

(The output contains too many links)

5. What I already tried:

6. Links to relevant resources:

(see above #5)

2

Hmm, unfortunately I can’t view the logs because Pastebin says “Pastebin is under heavy load right now :(” instead…

So I don’t really know what is going on by looking at the configs. Why do you have two configs, exactly?

3

Hi Matt,
The logs contained to many links to include here :confused:

I started with the second configuration, to generate new certificates on-demand.
When this worked but I kept getting a blank page, I started from scratch to get the reverse proxy working, in the hope of merging the two configurations.
Unfortunately, I can’t seem to get both features in a single config.

4

If you paste your logs in a code block (three backticks ```) it won’t count against your link count.

Anyway, the site is back up. Which of the two configs produced that log?

Unfortunately, the log and the configs both seem to have redacted the domain information, and this is necessary to debug your problem: How to get help with Caddy more effectively

Also, are those the full, unedited logs? It’s unusual that there are empty lines… I suspect some entries are missing, which won’t help us help you.

5

Thanks for your quick feedback!

I’ve set-up a new (less restricted) environment with a test domain *.ikbennucleus.moe.
The empty lines where only added to seperate the request from the starting up and shuting down of caddy.

Here are the raw configs and logs:

root@caddytest /etc/caddy # /usr/local/bin/caddy run --config=/etc/caddy/caddy-certs.conf
2020/02/10 18:36:27.547	INFO	using provided configuration	{"config_file": "/etc/caddy/caddy-certs.conf", "config_adapter": ""}
2020/02/10 18:36:27.549	INFO	admin	admin endpoint started	{"address": "localhost:2019", "enforce_origin": false, "origins": ["localhost:2019"]}
2020/02/10 19:36:27 [INFO][cache:0xc0003938b0] Started certificate maintenance routine
2020/02/10 18:36:27.552	INFO	tls	cleaned up storage units
2020/02/10 18:36:27.553	INFO	autosaved config	{"file": "/root/.config/caddy/autosave.json"}
2020/02/10 18:36:27.553	INFO	serving initial configuration
2020/02/10 19:36:35 [INFO] Obtaining new certificate for caddytest.ikbennucleus.moe
2020/02/10 19:36:36 [INFO][caddytest.ikbennucleus.moe] Obtain certificate
2020/02/10 19:36:36 [INFO][caddytest.ikbennucleus.moe] Obtain: Waiting on rate limiter...
2020/02/10 19:36:36 [INFO][caddytest.ikbennucleus.moe] Obtain: Done waiting
2020/02/10 19:36:36 [INFO] [caddytest.ikbennucleus.moe] acme: Obtaining bundled SAN certificate
2020/02/10 19:36:36 http: TLS handshake error from 127.0.0.1:21272: EOF
2020/02/10 19:36:37 [INFO] [caddytest.ikbennucleus.moe] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2746345057
2020/02/10 19:36:37 [INFO] [caddytest.ikbennucleus.moe] acme: use tls-alpn-01 solver
2020/02/10 19:36:37 [INFO] [caddytest.ikbennucleus.moe] acme: Trying to solve TLS-ALPN-01
2020/02/10 19:36:41 [INFO] [caddytest.ikbennucleus.moe] The server validated our request
2020/02/10 19:36:41 [INFO] [caddytest.ikbennucleus.moe] acme: Validations succeeded; requesting certificates
2020/02/10 19:36:41 [INFO] [caddytest.ikbennucleus.moe] Server responded with a certificate.
2020/02/10 18:36:43.036	INFO	http.log.access	handled request	{"request": {"method": "GET", "uri": "/", "proto": "HTTP/2.0", "remote_addr": "193.239.211.227:34374", "host": "caddytest.ikbennucleus.moe", "headers": {"User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"], "Accept-Language": ["en-GB,en;q=0.5"], "Accept-Encoding": ["gzip, deflate, br"], "Dnt": ["1"], "Upgrade-Insecure-Requests": ["1"], "Te": ["trailers"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "caddytest.ikbennucleus.moe"}}, "common_log": "193.239.211.227 - -- [10/Feb/2020:19:36:43 +0100] \"GET / HTTP/2.0\" 0 0", "latency": 0.000005386, "size": 0, "status": 0, "resp_headers": {"Server": ["Caddy"]}}
2020/02/10 18:36:43.151	INFO	http.log.access	handled request	{"request": {"method": "GET", "uri": "/favicon.ico", "proto": "HTTP/2.0", "remote_addr": "193.239.211.227:34374", "host": "caddytest.ikbennucleus.moe", "headers": {"User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"], "Accept": ["image/webp,*/*"], "Accept-Language": ["en-GB,en;q=0.5"], "Accept-Encoding": ["gzip, deflate, br"], "Dnt": ["1"], "Te": ["trailers"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "caddytest.ikbennucleus.moe"}}, "common_log": "193.239.211.227 - -- [10/Feb/2020:19:36:43 +0100] \"GET /favicon.ico HTTP/2.0\" 0 0", "latency": 0.000006171, "size": 0, "status": 0, "resp_headers": {"Server": ["Caddy"]}}
^C2020/02/10 18:36:47.365	INFO	shutting down	{"signal": "SIGINT"}
2020/02/10 19:36:47 [INFO][cache:0xc0003938b0] Stopped certificate maintenance routine
2020/02/10 18:36:47.366	INFO	shutdown done	{"signal": "SIGINT"}
root@caddytest /etc/caddy # cat /etc/caddy/caddy-certs.conf
{
  "apps": {
    "http": {
      "servers": {
        "srv0": {
          "automatic_https": {
            "disable": false,
            "ignore_loaded_certificates": false
          },
          "listen": [
            ":80",
            ":443"
          ],
          "logs": {},
          "routes": [
            {
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "handler": "reverse_proxy",
                          "health_checks": {
                            "active": {
                              "expect_status": 2,
                              "path": "/"
                            }
                          },
                          "transport": {
                            "protocol": "http",
                            "read_buffer_size": 4096
                          },
                          "upstreams": [
                            {
                              "dial": "127.0.0.1:80"
                            }
                          ]
                        }
                      ],
                      "match": [
                        {
                          "path": [
                            "/"
                          ]
                        }
                      ]
                    }
                  ]
                }
              ],
              "match": [
                {
                  "host": [
                    ""
                  ]
                }
              ],
              "terminal": true
            }
          ],
          "tls_connection_policies": [
            {}
          ]
        }
      }
    },
    "tls": {
      "automation": {
        "on_demand": {},
        "policies": [
          {
            "management": {
              "module": "acme",
              "on_demand": true
            }
          }
        ]
      }
    }
  }
}

root@caddytest /etc/caddy # /usr/local/bin/caddy run --config=/etc/caddy/caddy-proxy.conf
2020/02/10 18:40:58.922	INFO	using provided configuration	{"config_file": "/etc/caddy/caddy-proxy.conf", "config_adapter": ""}
2020/02/10 18:40:58.923	INFO	admin	admin endpoint started	{"address": "localhost:2019", "enforce_origin": false, "origins": ["localhost:2019"]}
2020/02/10 18:40:58.923	INFO	http	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2020/02/10 18:40:58.923	WARN	http	server is listening on same interface as redirects, so automatic HTTP->HTTPS redirects might be overridden by your own configuration	{"server_name": "srv0", "interface": ":80"}
2020/02/10 18:40:58.924	INFO	http	enabling automatic TLS certificate management	{"domains": ["caddytest.ikbennucleus.moe"]}
2020/02/10 19:40:58 [INFO][cache:0xc000383590] Started certificate maintenance routine
2020/02/10 18:40:58.927	INFO	tls	cleaned up storage units
2020/02/10 18:40:58.927	INFO	autosaved config	{"file": "/root/.config/caddy/autosave.json"}
2020/02/10 18:40:58.927	INFO	serving initial configuration
2020/02/10 18:41:19.455	INFO	http.log.access	handled request	{"request": {"method": "GET", "uri": "/", "proto": "HTTP/2.0", "remote_addr": "193.239.211.227:33104", "host": "caddytest.ikbennucleus.moe", "headers": {"Accept-Encoding": ["gzip, deflate, br"], "Dnt": ["1"], "Upgrade-Insecure-Requests": ["1"], "Cache-Control": ["max-age=0"], "Te": ["trailers"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"], "Accept-Language": ["en-GB,en;q=0.5"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "caddytest.ikbennucleus.moe"}}, "common_log": "193.239.211.227 - -- [10/Feb/2020:19:41:19 +0100] \"GET / HTTP/2.0\" 200 3918", "latency": 0.021155773, "size": 3918, "status": 200, "resp_headers": {"Date": ["Mon, 10 Feb 2020 18:41:19 GMT"], "Content-Type": ["text/html"], "Content-Length": ["3918"], "Server": ["Caddy", "nginx"], "Last-Modified": ["Fri, 18 Oct 2019 10:13:59 GMT"], "Etag": ["\"f4e-5952c97a7a7c0\""], "Accept-Ranges": ["bytes"]}}
2020/02/10 18:41:19.735	INFO	http.log.access	handled request	{"request": {"method": "GET", "uri": "/css/style.css", "proto": "HTTP/2.0", "remote_addr": "193.239.211.227:33104", "host": "caddytest.ikbennucleus.moe", "headers": {"Accept-Encoding": ["gzip, deflate, br"], "Referer": ["https://caddytest.ikbennucleus.moe/"], "Dnt": ["1"], "Te": ["trailers"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"], "Accept": ["text/css,*/*;q=0.1"], "Accept-Language": ["en-GB,en;q=0.5"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "caddytest.ikbennucleus.moe"}}, "common_log": "193.239.211.227 - -- [10/Feb/2020:19:41:19 +0100] \"GET /css/style.css HTTP/2.0\" 200 4849", "latency": 0.007918054, "size": 4849, "status": 200, "resp_headers": {"Content-Length": ["4849"], "Server": ["Caddy", "nginx"], "Last-Modified": ["Fri, 18 Oct 2019 10:13:59 GMT"], "Etag": ["\"12f1-5952c97a7a7c0\""], "Accept-Ranges": ["bytes"], "Date": ["Mon, 10 Feb 2020 18:41:19 GMT"], "Content-Type": ["text/css"]}}
2020/02/10 18:41:19.739	INFO	http.log.access	handled request	{"request": {"method": "GET", "uri": "/img/logo.png", "proto": "HTTP/2.0", "remote_addr": "193.239.211.227:33104", "host": "caddytest.ikbennucleus.moe", "headers": {"Accept-Language": ["en-GB,en;q=0.5"], "Accept-Encoding": ["gzip, deflate, br"], "Referer": ["https://caddytest.ikbennucleus.moe/"], "Dnt": ["1"], "Te": ["trailers"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"], "Accept": ["image/webp,*/*"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "caddytest.ikbennucleus.moe"}}, "common_log": "193.239.211.227 - -- [10/Feb/2020:19:41:19 +0100] \"GET /img/logo.png HTTP/2.0\" 200 18187", "latency": 0.01120908, "size": 18187, "status": 200, "resp_headers": {"Content-Type": ["image/png"], "Content-Length": ["18187"], "Last-Modified": ["Fri, 18 Oct 2019 10:13:59 GMT"], "Etag": ["\"470b-5952c97a7a7c0\""], "Accept-Ranges": ["bytes"], "Server": ["Caddy", "nginx"], "Date": ["Mon, 10 Feb 2020 18:41:19 GMT"]}}
2020/02/10 18:41:19.773	INFO	http.log.access	handled request	{"request": {"method": "GET", "uri": "/img/globe.png", "proto": "HTTP/2.0", "remote_addr": "193.239.211.227:33104", "host": "caddytest.ikbennucleus.moe", "headers": {"User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"], "Accept": ["image/webp,*/*"], "Accept-Language": ["en-GB,en;q=0.5"], "Accept-Encoding": ["gzip, deflate, br"], "Referer": ["https://caddytest.ikbennucleus.moe/css/style.css"], "Dnt": ["1"], "Te": ["trailers"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "caddytest.ikbennucleus.moe"}}, "common_log": "193.239.211.227 - -- [10/Feb/2020:19:41:19 +0100] \"GET /img/globe.png HTTP/2.0\" 200 49609", "latency": 0.006905361, "size": 49609, "status": 200, "resp_headers": {"Server": ["Caddy", "nginx"], "Etag": ["\"c1c9-5952c97a7a7c0\""], "Accept-Ranges": ["bytes"], "Date": ["Mon, 10 Feb 2020 18:41:19 GMT"], "Content-Type": ["image/png"], "Content-Length": ["49609"], "Last-Modified": ["Fri, 18 Oct 2019 10:13:59 GMT"]}}
2020/02/10 18:41:19.802	INFO	http.log.access	handled request	{"request": {"method": "GET", "uri": "/img/twitter.png", "proto": "HTTP/2.0", "remote_addr": "193.239.211.227:33104", "host": "caddytest.ikbennucleus.moe", "headers": {"Te": ["trailers"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"], "Accept": ["image/webp,*/*"], "Accept-Language": ["en-GB,en;q=0.5"], "Accept-Encoding": ["gzip, deflate, br"], "Referer": ["https://caddytest.ikbennucleus.moe/css/style.css"], "Dnt": ["1"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "caddytest.ikbennucleus.moe"}}, "common_log": "193.239.211.227 - -- [10/Feb/2020:19:41:19 +0100] \"GET /img/twitter.png HTTP/2.0\" 200 2302", "latency": 0.008287036, "size": 2302, "status": 200, "resp_headers": {"Server": ["Caddy", "nginx"], "Last-Modified": ["Fri, 18 Oct 2019 10:13:59 GMT"], "Etag": ["\"8fe-5952c97a7a7c0\""], "Accept-Ranges": ["bytes"], "Date": ["Mon, 10 Feb 2020 18:41:19 GMT"], "Content-Type": ["image/png"], "Content-Length": ["2302"]}}
2020/02/10 18:41:19.804	INFO	http.log.access	handled request	{"request": {"method": "GET", "uri": "/img/blog.png", "proto": "HTTP/2.0", "remote_addr": "193.239.211.227:33104", "host": "caddytest.ikbennucleus.moe", "headers": {"Dnt": ["1"], "Te": ["trailers"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"], "Accept": ["image/webp,*/*"], "Accept-Language": ["en-GB,en;q=0.5"], "Accept-Encoding": ["gzip, deflate, br"], "Referer": ["https://caddytest.ikbennucleus.moe/css/style.css"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "caddytest.ikbennucleus.moe"}}, "common_log": "193.239.211.227 - -- [10/Feb/2020:19:41:19 +0100] \"GET /img/blog.png HTTP/2.0\" 200 2328", "latency": 0.011222859, "size": 2328, "status": 200, "resp_headers": {"Content-Type": ["image/png"], "Content-Length": ["2328"], "Server": ["Caddy", "nginx"], "Last-Modified": ["Fri, 18 Oct 2019 10:13:59 GMT"], "Etag": ["\"918-5952c97a7a7c0\""], "Accept-Ranges": ["bytes"], "Date": ["Mon, 10 Feb 2020 18:41:19 GMT"]}}
2020/02/10 18:41:19.805	INFO	http.log.access	handled request	{"request": {"method": "GET", "uri": "/img/forum.png", "proto": "HTTP/2.0", "remote_addr": "193.239.211.227:33104", "host": "caddytest.ikbennucleus.moe", "headers": {"Accept-Language": ["en-GB,en;q=0.5"], "Accept-Encoding": ["gzip, deflate, br"], "Referer": ["https://caddytest.ikbennucleus.moe/css/style.css"], "Dnt": ["1"], "Te": ["trailers"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"], "Accept": ["image/webp,*/*"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "caddytest.ikbennucleus.moe"}}, "common_log": "193.239.211.227 - -- [10/Feb/2020:19:41:19 +0100] \"GET /img/forum.png HTTP/2.0\" 200 3425", "latency": 0.012101659, "size": 3425, "status": 200, "resp_headers": {"Content-Type": ["image/png"], "Content-Length": ["3425"], "Last-Modified": ["Fri, 18 Oct 2019 10:13:59 GMT"], "Etag": ["\"d61-5952c97a7a7c0\""], "Accept-Ranges": ["bytes"], "Date": ["Mon, 10 Feb 2020 18:41:19 GMT"], "Server": ["Caddy", "nginx"]}}
2020/02/10 18:41:19.805	INFO	http.log.access	handled request	{"request": {"method": "GET", "uri": "/img/knowledge-base.png", "proto": "HTTP/2.0", "remote_addr": "193.239.211.227:33104", "host": "caddytest.ikbennucleus.moe", "headers": {"Dnt": ["1"], "Te": ["trailers"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"], "Accept": ["image/webp,*/*"], "Accept-Language": ["en-GB,en;q=0.5"], "Accept-Encoding": ["gzip, deflate, br"], "Referer": ["https://caddytest.ikbennucleus.moe/css/style.css"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "caddytest.ikbennucleus.moe"}}, "common_log": "193.239.211.227 - -- [10/Feb/2020:19:41:19 +0100] \"GET /img/knowledge-base.png HTTP/2.0\" 200 1495", "latency": 0.011922754, "size": 1495, "status": 200, "resp_headers": {"Content-Type": ["image/png"], "Content-Length": ["1495"], "Last-Modified": ["Fri, 18 Oct 2019 10:13:59 GMT"], "Etag": ["\"5d7-5952c97a7a7c0\""], "Accept-Ranges": ["bytes"], "Server": ["Caddy", "nginx"], "Date": ["Mon, 10 Feb 2020 18:41:19 GMT"]}}
2020/02/10 18:41:19.808	INFO	http.log.access	handled request	{"request": {"method": "GET", "uri": "/img/facebook.png", "proto": "HTTP/2.0", "remote_addr": "193.239.211.227:33104", "host": "caddytest.ikbennucleus.moe", "headers": {"Te": ["trailers"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"], "Accept": ["image/webp,*/*"], "Accept-Language": ["en-GB,en;q=0.5"], "Accept-Encoding": ["gzip, deflate, br"], "Referer": ["https://caddytest.ikbennucleus.moe/css/style.css"], "Dnt": ["1"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "caddytest.ikbennucleus.moe"}}, "common_log": "193.239.211.227 - -- [10/Feb/2020:19:41:19 +0100] \"GET /img/facebook.png HTTP/2.0\" 200 1933", "latency": 0.014063388, "size": 1933, "status": 200, "resp_headers": {"Date": ["Mon, 10 Feb 2020 18:41:19 GMT"], "Content-Type": ["image/png"], "Content-Length": ["1933"], "Last-Modified": ["Fri, 18 Oct 2019 10:13:59 GMT"], "Etag": ["\"78d-5952c97a7a7c0\""], "Accept-Ranges": ["bytes"], "Server": ["Caddy", "nginx"]}}
2020/02/10 18:41:19.808	INFO	http.log.access	handled request	{"request": {"method": "GET", "uri": "/img/linkedin.png", "proto": "HTTP/2.0", "remote_addr": "193.239.211.227:33104", "host": "caddytest.ikbennucleus.moe", "headers": {"Accept": ["image/webp,*/*"], "Accept-Language": ["en-GB,en;q=0.5"], "Accept-Encoding": ["gzip, deflate, br"], "Referer": ["https://caddytest.ikbennucleus.moe/css/style.css"], "Dnt": ["1"], "Te": ["trailers"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "caddytest.ikbennucleus.moe"}}, "common_log": "193.239.211.227 - -- [10/Feb/2020:19:41:19 +0100] \"GET /img/linkedin.png HTTP/2.0\" 200 737", "latency": 0.013647932, "size": 737, "status": 200, "resp_headers": {"Content-Length": ["737"], "Last-Modified": ["Fri, 18 Oct 2019 10:13:59 GMT"], "Etag": ["\"2e1-5952c97a7a7c0\""], "Server": ["Caddy", "nginx"], "Accept-Ranges": ["bytes"], "Date": ["Mon, 10 Feb 2020 18:41:19 GMT"], "Content-Type": ["image/png"]}}
^C2020/02/10 18:41:23.061	INFO	shutting down	{"signal": "SIGINT"}
2020/02/10 19:41:23 [INFO][cache:0xc000383590] Stopped certificate maintenance routine
2020/02/10 18:41:23.562	INFO	shutdown done	{"signal": "SIGINT"}
root@caddytest /etc/caddy # cat /etc/caddy/caddy-proxy.conf | jq
{
  "apps": {
    "http": {
      "servers": {
        "srv0": {
          "automatic_https": {
            "disable": false,
            "ignore_loaded_certificates": false
          },
          "listen": [
            ":80",
            ":443"
          ],
          "logs": {},
          "routes": [
            {
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "handler": "reverse_proxy",
                          "headers": {
                            "request": {
                              "set": {
                                "Host": [
                                  "{http.request.host}"
                                ],
                                "X-Forwarded-For": [
                                  "{http.request.remote}"
                                ],
                                "X-Forwarded-Port": [
                                  "{http.request.port}"
                                ],
                                "X-Forwarded-Proto": [
                                  "{http.request.scheme}"
                                ],
                                "X-Real-Ip": [
                                  "{http.request.remote}"
                                ]
                              }
                            }
                          },
                          "upstreams": [
                            {
                              "dial": "127.0.0.1:80"
                            }
                          ]
                        }
                      ]
                    }
                  ]
                }
              ],
              "match": [
                {
                  "host": [
                    "caddytest.ikbennucleus.moe"
                  ]
                }
              ]
            }
          ]
        }
      }
    }
  }
}

The logs from the second config again with a new domain:

2020/02/10 18:46:16.857	INFO	using provided configuration	{"config_file": "/etc/caddy/caddy-proxy.conf", "config_adapter": ""}
2020/02/10 18:46:16.859	INFO	admin	admin endpoint started	{"address": "localhost:2019", "enforce_origin": false, "origins": ["localhost:2019"]}
2020/02/10 18:46:16.859	INFO	http	enabling automatic HTTP->HTTPS redirects	{"server_name": "srv0"}
2020/02/10 18:46:16.859	WARN	http	server is listening on same interface as redirects, so automatic HTTP->HTTPS redirects might be overridden by your own configuration	{"server_name": "srv0", "interface": ":80"}
2020/02/10 18:46:16.859	INFO	http	enabling automatic TLS certificate management	{"domains": ["caddytest.ikbennucleus.moe"]}
2020/02/10 19:46:16 [INFO][cache:0xc00043e910] Started certificate maintenance routine
2020/02/10 18:46:16.862	INFO	tls	cleaned up storage units
2020/02/10 18:46:16.863	INFO	autosaved config	{"file": "/root/.config/caddy/autosave.json"}
2020/02/10 18:46:16.863	INFO	serving initial configuration
2020/02/10 19:46:31 http: TLS handshake error from 193.239.211.227:33710: no certificate available for 'somenewdomain.ikbennucleus.moe'
^C2020/02/10 18:46:37.512	INFO	shutting down	{"signal": "SIGINT"}
2020/02/10 19:46:37 [INFO][cache:0xc00043e910] Stopped certificate maintenance routine
2020/02/10 18:46:37.513	INFO	shutdown done	{"signal": "SIGINT"}
6

I compiled caddy again with the following commits, but unfortunately, the result for both configs remains the same with the new binaries
eb80165583776d878256359f1635ffa9a17f0171 (Thu Feb 13) and
0b09b070e54bca82ba399f43062c689a3d921f24 (Tue Feb 18)

I haven’t found anybody with a similar issue.
Is this an issue with my config files, or is it an issue with Caddy itself when combining on-demand certificates with a reverse proxy?

7

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.