1. The problem I’m having:
I am trying to serve custom domains with SSL using Caddy. So the custom domains do a reverse proxy to the internal reactJS site
The SSL certificates were issued successfully and the website seems to work but the resulting page appears blank with a 502 error
2. Error messages and/or full log output:
May 2 15:34:38 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041678.797339,"logger":"events","msg":"event","name":"tls_get_certificate","id":"87a929f3-825b-4c96-9b61-a0c06a722f12","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],"ServerName":"major.gouthamjay.com","SupportedCurves":[29,23,24,25,256,257],"SupportedPoints":"AA==","SignatureSchemes":[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
May 2 15:34:38 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041678.797392,"logger":"tls.handshake","msg":"choosing certificate","identifier":"major.gouthamjay.com","num_choices":1}
May 2 15:34:38 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041678.7974093,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"major.gouthamjay.com","subjects":["major.gouthamjay.com"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"6a42cc07ec38a0c06c98b36064243cbc479bd174a3769278143c16be2b6a09bc"}
May 2 15:34:38 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041678.7974186,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"122.164.82.120","remote_port":"3446","subjects":["major.gouthamjay.com"],"managed":true,"expiration":1690812494,"hash":"6a42cc07ec38a0c06c98b36064243cbc479bd174a3769278143c16be2b6a09bc"}
May 2 15:34:38 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041678.8194187,"logger":"http.stdlib","msg":"http: TLS handshake error from 172.104.242.173:39727: tls: first record does not look like a TLS handshake"}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.0486712,"logger":"events","msg":"event","name":"tls_get_certificate","id":"c264791c-32dc-4ec5-90cb-e82ac5497275","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],"ServerName":"major.gouthamjay.com","SupportedCurves":[29,23,24,25,256,257],"SupportedPoints":"AA==","SignatureSchemes":[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.0487387,"logger":"tls.handshake","msg":"choosing certificate","identifier":"major.gouthamjay.com","num_choices":1}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.0487568,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"major.gouthamjay.com","subjects":["major.gouthamjay.com"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"6a42cc07ec38a0c06c98b36064243cbc479bd174a3769278143c16be2b6a09bc"}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.048766,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"122.164.82.120","remote_port":"23783","subjects":["major.gouthamjay.com"],"managed":true,"expiration":1690812494,"hash":"6a42cc07ec38a0c06c98b36064243cbc479bd174a3769278143c16be2b6a09bc"}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.0789318,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","total_upstreams":1}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.4685972,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","duration":0.389560209,"request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","uri":"/?sourceHost=major.gouthamjay.com","headers":{"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-User":["?1"],"X-Forwarded-Host":["major.gouthamjay.com"],"Sec-Fetch-Site":["none"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Dnt":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"X-Forwarded-For":["122.164.82.120"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-Method":["GET"],"Te":["trailers"],"Sec-Fetch-Mode":["navigate"],"Accept-Language":["en-US,en;q=0.5"],"X-Forwarded-Uri":["/"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"X-Amzn-Trace-Id":["root=1-64512d8f-75a446ec6a86f529613683f5;sampled=0;lineage=9603592e:0"],"Content-Type":["application/json"],"X-Amzn-Requestid":["8920fd54-716a-4bca-a55a-4c0218da98b0"],"Domainhttpsroute":["https://ahfarmer.github.io"],"Pathroute":["/calculator/"],"Date":["Tue, 02 May 2023 15:34:39 GMT"],"Content-Length":["0"],"Connection":["keep-alive"],"Domainroute":["ahfarmer.github.io"]},"status":200}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.4708903,"logger":"http.handlers.reverse_proxy","msg":"handling response","handler":0}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.471009,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"/ahfarmer.github.io:0","total_upstreams":1}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.4711223,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{http.request.header.SecureDomain}","duration":0.000071325,"request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"/ahfarmer.github.io:0","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"X-Forwarded-Host":["major.gouthamjay.com"],"Domainway":["ahfarmer.github.io"],"Dnt":["1"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Accept-Encoding":["gzip, deflate, br"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Securedomain":["https://ahfarmer.github.io"],"Pathway":["/calculator/"],"X-Forwarded-For":["122.164.82.120"],"User-Custom-Domain":["major.gouthamjay.com"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Sec-Fetch-Dest":["document"],"Te":["trailers"],"Sec-Fetch-User":["?1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"error":"dial https:: unknown network https:"}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"error","ts":1683041679.4711752,"logger":"http.log.error","msg":"dial https:: unknown network https:","request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/","headers":{"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Sec-Fetch-Mode":["navigate"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"duration":0.392309194,"status":502,"err_id":"k2679xzqm","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"error","ts":1683041679.4711897,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/","headers":{"Sec-Fetch-Mode":["navigate"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"user_id":"","duration":0.392309194,"size":0,"status":502,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.8478343,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/favicon.ico","headers":{"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://major.gouthamjay.com/"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["image/avif,image/webp,*/*"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"],"Dnt":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"method":"GET","uri":"/"}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.847892,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","total_upstreams":1}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.8696053,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","duration":0.021668823,"request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","uri":"/?sourceHost=major.gouthamjay.com","headers":{"Sec-Fetch-Dest":["image"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"X-Forwarded-Host":["major.gouthamjay.com"],"X-Forwarded-Method":["GET"],"X-Forwarded-Uri":["/"],"X-Forwarded-For":["122.164.82.120"],"X-Forwarded-Proto":["https"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://major.gouthamjay.com/"],"Dnt":["1"],"Sec-Fetch-Mode":["no-cors"],"Accept":["image/avif,image/webp,*/*"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"Date":["Tue, 02 May 2023 15:34:39 GMT"],"Content-Length":["0"],"X-Amzn-Requestid":["9515a2ac-5a04-41c7-a49d-2344dc4c6b92"],"Pathroute":["/calculator/"],"Content-Type":["application/json"],"Connection":["keep-alive"],"Domainhttpsroute":["https://ahfarmer.github.io"],"Domainroute":["ahfarmer.github.io"],"X-Amzn-Trace-Id":["root=1-64512d8f-7198169d73bbbc5874626dd6;sampled=0;lineage=9603592e:0"]},"status":200}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.8696346,"logger":"http.handlers.reverse_proxy","msg":"handling response","handler":0}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.869708,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"/ahfarmer.github.io:0","total_upstreams":1}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.869782,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{http.request.header.SecureDomain}","duration":0.000037925,"request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"/ahfarmer.github.io:0","uri":"/","headers":{"Dnt":["1"],"Domainway":["ahfarmer.github.io"],"X-Forwarded-For":["122.164.82.120"],"Accept-Language":["en-US,en;q=0.5"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Sec-Fetch-Mode":["no-cors"],"X-Forwarded-Proto":["https"],"Accept":["image/avif,image/webp,*/*"],"Sec-Fetch-Dest":["image"],"Pathway":["/calculator/"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Site":["same-origin"],"User-Custom-Domain":["major.gouthamjay.com"],"X-Forwarded-Host":["major.gouthamjay.com"],"Referer":["https://major.gouthamjay.com/"],"Securedomain":["https://ahfarmer.github.io"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"error":"dial https:: unknown network https:"}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"error","ts":1683041679.8698306,"logger":"http.log.error","msg":"dial https:: unknown network https:","request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/favicon.ico","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["image/avif,image/webp,*/*"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://major.gouthamjay.com/"],"Accept-Language":["en-US,en;q=0.5"],"Dnt":["1"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"duration":0.022019542,"status":502,"err_id":"c55rqa55f","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
May 2 15:34:39 ip-172-31-86-244 caddy: {"level":"error","ts":1683041679.8698444,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/favicon.ico","headers":{"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://major.gouthamjay.com/"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["image/avif,image/webp,*/*"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"],"Dnt":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"user_id":"","duration":0.022019542,"size":0,"status":502,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
3. Caddy version:
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
4. How I installed and ran Caddy:
I installed on EC2 using serverless:
#!/bin/bash -xe
sudo wget -O /usr/bin/caddy "https://github.com/tobilg/aws-caddy-build/raw/main/releases/aws_caddy_v2.6.2_linux"
sudo chmod +x /usr/bin/caddy
sudo groupadd --system caddy
sudo useradd --system --gid caddy --create-home --home-dir /var/lib/caddy --shell /usr/sbin/nologin --comment "Caddy web server" caddy
a. System environment:
Amazon 2 Linux
b. Command:
Command above
c. Service/unit/compose file:
See the commands above
d. My complete Caddy config:
{
debug
admin off
on_demand_tls {
ask {env.DOMAIN_SERVICE_ENDPOINT}
}
storage_clean_interval 90d
log
}
:80 {
respond /health "Im healthy" 200
log
}
:443 {
tls {env.ENCRYPT_EMAIL} {
on_demand
}
forward_auth {env.MIDDLEWARE_SERVICE_ENDPOINT} {
uri /?sourceHost={host}
header_up Host {upstream_hostport}
copy_headers Pathroute Domainroute Domainhttpsroute
}
rewrite * {header.Pathroute}
reverse_proxy {header.Domainhttpsroute} {
header_up Host {upstream_hostport}
header_up User-Custom-Domain {host}
health_timeout 5s
}
log
}
forward_auth endpoint file:
exports.handler = async (event) => {
let statusCode;
return {
headers: {
'Pathroute': '/calculator/',
'Domainroute': 'ahfarmer.github.io',
'Domainhttpsroute': 'https://ahfarmer.github.io'
},
statusCode: 200,
};
};
5. Links to relevant resources:
Reference for setup: Setup Guide