Caddy with Metrics Enabled Causes Reverse Proxy Delays

MikeWaggs · September 7, 2024, 3:55am

1. The problem I’m having:

When metrics is enabled there is a delay in reverse proxies being accessible. While enabled I will receive the error below until roughly 10-30 minutes after a caddy reload.

2. Error messages and/or full log output:

net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED

3. Caddy version:

v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=

4. How I installed and ran Caddy:

a. System environment:

Proxmox Hypervisor, Ubuntu VM, Caddy in Docker

b. Command:

caddy reload

d. My complete Caddy config:

# Prom Metrics
{
	admin 0.0.0.0:2019
	servers {
		metrics
	}
}

# DNS Cloudflare

https://*.{$DOMAIN} {
	tls {
		dns cloudflare {$CLOUDFLARE_API_TOKEN}
	}
}

# Forward Auth Authentik

(authentik) {
	route {
		# always forward outpost path to actual outpost
		reverse_proxy /outpost.goauthentik.io/* http://192.168.0.205:9000

		# forward authentication to outpost
		forward_auth http://192.168.0.205:9000 {
			uri /outpost.goauthentik.io/auth/caddy

			# capitalization of the headers is important, otherwise they will be empty
			copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version authorization
		}
	}
}

# Import all .caddy files

import *.caddy

https://mealie.{$DOMAIN} {
    reverse_proxy 192.168.0.205:9925
}

5. Links to relevant resources:

This isn’t a deal breaker for me since I love Caddy, but I’d love to figure out if this is expected behavior or something that I messed up. For now I’ve opted to just take the metrics out while I’m spinning up some new services.

MikeWaggs · September 7, 2024, 4:58am

Apologies on the quick update here. It could have been timing but I tested this a few times and at first with Metrics removed it was propagating instantly. But after a few more tests, even with Metrics removed, the issue still occurs but doesn’t occur in Private Browsing which makes me think that it’s a caching/browser issue of some sort.

matt · September 9, 2024, 4:17pm

net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED

Can you give any more information? What is giving this error exactly? This looks like something a browser would give. What does curl say? (Please follow the tips in the help template so we have enough clear information.)

Because this error isn’t anything related to Caddy or reverse proxying.

system · October 9, 2024, 4:17pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.