Caddy with reverse_proxy to React website displays a blank page

1. The problem I’m having:

I am trying to serve custom domains with SSL using Caddy. So the custom domains do a reverse proxy to the internal reactJS site

The SSL certificates were issued successfully and the website seems to work but the resulting page appears blank with a 502 error

finalehere1913×501 33.9 KB

2. Error messages and/or full log output:

May  2 15:34:38 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041678.797339,"logger":"events","msg":"event","name":"tls_get_certificate","id":"87a929f3-825b-4c96-9b61-a0c06a722f12","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],"ServerName":"major.gouthamjay.com","SupportedCurves":[29,23,24,25,256,257],"SupportedPoints":"AA==","SignatureSchemes":[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
May  2 15:34:38 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041678.797392,"logger":"tls.handshake","msg":"choosing certificate","identifier":"major.gouthamjay.com","num_choices":1}
May  2 15:34:38 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041678.7974093,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"major.gouthamjay.com","subjects":["major.gouthamjay.com"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"6a42cc07ec38a0c06c98b36064243cbc479bd174a3769278143c16be2b6a09bc"}
May  2 15:34:38 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041678.7974186,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"122.164.82.120","remote_port":"3446","subjects":["major.gouthamjay.com"],"managed":true,"expiration":1690812494,"hash":"6a42cc07ec38a0c06c98b36064243cbc479bd174a3769278143c16be2b6a09bc"}
May  2 15:34:38 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041678.8194187,"logger":"http.stdlib","msg":"http: TLS handshake error from 172.104.242.173:39727: tls: first record does not look like a TLS handshake"}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.0486712,"logger":"events","msg":"event","name":"tls_get_certificate","id":"c264791c-32dc-4ec5-90cb-e82ac5497275","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],"ServerName":"major.gouthamjay.com","SupportedCurves":[29,23,24,25,256,257],"SupportedPoints":"AA==","SignatureSchemes":[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.0487387,"logger":"tls.handshake","msg":"choosing certificate","identifier":"major.gouthamjay.com","num_choices":1}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.0487568,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"major.gouthamjay.com","subjects":["major.gouthamjay.com"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"6a42cc07ec38a0c06c98b36064243cbc479bd174a3769278143c16be2b6a09bc"}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.048766,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"122.164.82.120","remote_port":"23783","subjects":["major.gouthamjay.com"],"managed":true,"expiration":1690812494,"hash":"6a42cc07ec38a0c06c98b36064243cbc479bd174a3769278143c16be2b6a09bc"}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.0789318,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","total_upstreams":1}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.4685972,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","duration":0.389560209,"request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","uri":"/?sourceHost=major.gouthamjay.com","headers":{"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-User":["?1"],"X-Forwarded-Host":["major.gouthamjay.com"],"Sec-Fetch-Site":["none"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Dnt":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"X-Forwarded-For":["122.164.82.120"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-Method":["GET"],"Te":["trailers"],"Sec-Fetch-Mode":["navigate"],"Accept-Language":["en-US,en;q=0.5"],"X-Forwarded-Uri":["/"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"X-Amzn-Trace-Id":["root=1-64512d8f-75a446ec6a86f529613683f5;sampled=0;lineage=9603592e:0"],"Content-Type":["application/json"],"X-Amzn-Requestid":["8920fd54-716a-4bca-a55a-4c0218da98b0"],"Domainhttpsroute":["https://ahfarmer.github.io"],"Pathroute":["/calculator/"],"Date":["Tue, 02 May 2023 15:34:39 GMT"],"Content-Length":["0"],"Connection":["keep-alive"],"Domainroute":["ahfarmer.github.io"]},"status":200}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.4708903,"logger":"http.handlers.reverse_proxy","msg":"handling response","handler":0}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.471009,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"/ahfarmer.github.io:0","total_upstreams":1}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.4711223,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{http.request.header.SecureDomain}","duration":0.000071325,"request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"/ahfarmer.github.io:0","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"X-Forwarded-Host":["major.gouthamjay.com"],"Domainway":["ahfarmer.github.io"],"Dnt":["1"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Accept-Encoding":["gzip, deflate, br"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Securedomain":["https://ahfarmer.github.io"],"Pathway":["/calculator/"],"X-Forwarded-For":["122.164.82.120"],"User-Custom-Domain":["major.gouthamjay.com"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Sec-Fetch-Dest":["document"],"Te":["trailers"],"Sec-Fetch-User":["?1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"error":"dial https:: unknown network https:"}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"error","ts":1683041679.4711752,"logger":"http.log.error","msg":"dial https:: unknown network https:","request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/","headers":{"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Sec-Fetch-Mode":["navigate"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"duration":0.392309194,"status":502,"err_id":"k2679xzqm","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"error","ts":1683041679.4711897,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/","headers":{"Sec-Fetch-Mode":["navigate"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"user_id":"","duration":0.392309194,"size":0,"status":502,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.8478343,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/favicon.ico","headers":{"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://major.gouthamjay.com/"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["image/avif,image/webp,*/*"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"],"Dnt":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"method":"GET","uri":"/"}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.847892,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","total_upstreams":1}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.8696053,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","duration":0.021668823,"request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","uri":"/?sourceHost=major.gouthamjay.com","headers":{"Sec-Fetch-Dest":["image"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"X-Forwarded-Host":["major.gouthamjay.com"],"X-Forwarded-Method":["GET"],"X-Forwarded-Uri":["/"],"X-Forwarded-For":["122.164.82.120"],"X-Forwarded-Proto":["https"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://major.gouthamjay.com/"],"Dnt":["1"],"Sec-Fetch-Mode":["no-cors"],"Accept":["image/avif,image/webp,*/*"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"Date":["Tue, 02 May 2023 15:34:39 GMT"],"Content-Length":["0"],"X-Amzn-Requestid":["9515a2ac-5a04-41c7-a49d-2344dc4c6b92"],"Pathroute":["/calculator/"],"Content-Type":["application/json"],"Connection":["keep-alive"],"Domainhttpsroute":["https://ahfarmer.github.io"],"Domainroute":["ahfarmer.github.io"],"X-Amzn-Trace-Id":["root=1-64512d8f-7198169d73bbbc5874626dd6;sampled=0;lineage=9603592e:0"]},"status":200}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.8696346,"logger":"http.handlers.reverse_proxy","msg":"handling response","handler":0}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.869708,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"/ahfarmer.github.io:0","total_upstreams":1}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"debug","ts":1683041679.869782,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{http.request.header.SecureDomain}","duration":0.000037925,"request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"/ahfarmer.github.io:0","uri":"/","headers":{"Dnt":["1"],"Domainway":["ahfarmer.github.io"],"X-Forwarded-For":["122.164.82.120"],"Accept-Language":["en-US,en;q=0.5"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Sec-Fetch-Mode":["no-cors"],"X-Forwarded-Proto":["https"],"Accept":["image/avif,image/webp,*/*"],"Sec-Fetch-Dest":["image"],"Pathway":["/calculator/"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Site":["same-origin"],"User-Custom-Domain":["major.gouthamjay.com"],"X-Forwarded-Host":["major.gouthamjay.com"],"Referer":["https://major.gouthamjay.com/"],"Securedomain":["https://ahfarmer.github.io"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"error":"dial https:: unknown network https:"}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"error","ts":1683041679.8698306,"logger":"http.log.error","msg":"dial https:: unknown network https:","request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/favicon.ico","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["image/avif,image/webp,*/*"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://major.gouthamjay.com/"],"Accept-Language":["en-US,en;q=0.5"],"Dnt":["1"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"duration":0.022019542,"status":502,"err_id":"c55rqa55f","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
May  2 15:34:39 ip-172-31-86-244 caddy: {"level":"error","ts":1683041679.8698444,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"122.164.82.120","remote_port":"3446","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/favicon.ico","headers":{"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://major.gouthamjay.com/"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["image/avif,image/webp,*/*"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"],"Dnt":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"user_id":"","duration":0.022019542,"size":0,"status":502,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}

3. Caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

4. How I installed and ran Caddy:

I installed on EC2 using serverless:

 #!/bin/bash -xe
 sudo wget -O /usr/bin/caddy "https://github.com/tobilg/aws-caddy-build/raw/main/releases/aws_caddy_v2.6.2_linux"
sudo chmod +x /usr/bin/caddy
sudo groupadd --system caddy
sudo useradd --system --gid caddy --create-home --home-dir /var/lib/caddy --shell /usr/sbin/nologin --comment "Caddy web server" caddy

a. System environment:

Amazon 2 Linux

b. Command:

Command above

c. Service/unit/compose file:

See the commands above

d. My complete Caddy config:

{
        debug
        admin off
        on_demand_tls {
                ask {env.DOMAIN_SERVICE_ENDPOINT}
        }

        storage_clean_interval 90d

        log
}

:80 {
        respond /health "Im healthy" 200

        log
}

:443 {
        tls {env.ENCRYPT_EMAIL} {
                on_demand
        }

        forward_auth {env.MIDDLEWARE_SERVICE_ENDPOINT} {
                uri /?sourceHost={host}
                header_up Host {upstream_hostport}
                copy_headers Pathroute Domainroute Domainhttpsroute
        }

        rewrite * {header.Pathroute}

        reverse_proxy {header.Domainhttpsroute} {
                header_up Host {upstream_hostport}
                header_up User-Custom-Domain {host}

                health_timeout 5s
        }

        log
}

forward_auth endpoint file:

exports.handler = async (event) => {
    let statusCode;

    return {
        headers: {
          'Pathroute': '/calculator/',
          'Domainroute': 'ahfarmer.github.io',
          'Domainhttpsroute': 'https://ahfarmer.github.io'
        },
        statusCode: 200,
      };
  };

5. Links to relevant resources:

Reference for setup: Setup Guide

You can’t include a scheme in the value used as an upstream address. The https:// scheme is simply a Caddyfile shortcut for configuring transport http with tls enabled. The address must be a hostname and port only.

If you do want HTTPS with a dynamic placeholder, then you must configure the transport yourself to enable tls (you can’t rely on the shortcut).

Oh how can transport be configured as you mention?

The use case is that if a custom domain say → abc.example.com is entered, I would want to manually look it up in our database server to which domain it needs to be mapped and then make caddy to direct it to first.website.com or to second.website.com dynamically at run time. That is reverse proxying based on {host} field

So what’s the best way to approach this?

	reverse_proxy {header.Domainroute} {
		header_up Host {upstream_hostport}
		header_up User-Custom-Domain {host}
		health_timeout 5s
		transport http {
			tls
		}
	}

Retried with the transport tls configured. Got these errors:

May  2 18:10:31 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051031.4345918,"logger":"tls.cache","msg":"certificate already cached","subjects":["major.gouthamjay.com"],"expiration":1690848000,"managed":true,"issuer_key":"acme.zerossl.com-v2-DV90","hash":"c4e2f44929a3ea28507fdffdf9432b426dfd084c625c1a4742ce9490bb3e23aa"}
May  2 18:10:31 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051031.434946,"logger":"events","msg":"event","name":"cached_managed_cert","id":"1a2cb94a-6e94-45c8-ae5f-c50563e43fb9","origin":"tls","data":{"sans":["major.gouthamjay.com"]}}
May  2 18:10:31 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051031.435234,"logger":"tls.handshake","msg":"loaded certificate from storage","remote_ip":"122.164.86.235","remote_port":"24414","subjects":["major.gouthamjay.com"],"managed":true,"expiration":1690848000,"hash":"c4e2f44929a3ea28507fdffdf9432b426dfd084c625c1a4742ce9490bb3e23aa"}
May  2 18:10:31 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051031.707062,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","total_upstreams":1}
May  2 18:10:32 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051032.0330815,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","duration":0.325928245,"request":{"remote_ip":"122.164.86.235","remote_port":"2730","proto":"HTTP/2.0","method":"GET","host":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","uri":"/?sourceHost=major.gouthamjay.com","headers":{"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-User":["?1"],"X-Forwarded-Proto":["https"],"Dnt":["1"],"X-Forwarded-Uri":["/"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"X-Forwarded-For":["122.164.86.235"],"X-Forwarded-Host":["major.gouthamjay.com"],"X-Forwarded-Method":["GET"],"Te":["trailers"],"Sec-Fetch-Dest":["document"],"Upgrade-Insecure-Requests":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"Date":["Tue, 02 May 2023 18:10:32 GMT"],"Connection":["keep-alive"],"Domainhttpsroute":["https://ahfarmer.github.io"],"Content-Type":["application/json"],"Content-Length":["0"],"X-Amzn-Requestid":["3607a72c-9cd3-480b-aa27-8ed72689ca73"],"Pathroute":["/calculator/"],"Domainroute":["ahfarmer.github.io"],"X-Amzn-Trace-Id":["root=1-64515217-19f1ac4213b412d9785bb16d;sampled=0;lineage=9603592e:0"]},"status":200}
May  2 18:10:32 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051032.0355296,"logger":"http.handlers.reverse_proxy","msg":"handling response","handler":0}
May  2 18:10:32 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051032.0359683,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"ahfarmer.github.io:0","total_upstreams":1}
May  2 18:10:35 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051035.036736,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{http.request.header.Domainroute}","duration":3.00025455,"request":{"remote_ip":"122.164.86.235","remote_port":"2730","proto":"HTTP/2.0","method":"GET","host":"ahfarmer.github.io:0","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"X-Forwarded-For":["122.164.86.235"],"Sec-Fetch-Mode":["navigate"],"Domainhttpsroute":["https://ahfarmer.github.io"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Dest":["document"],"Dnt":["1"],"Sec-Fetch-Site":["none"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Pathroute":["/calculator/"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"X-Forwarded-Host":["major.gouthamjay.com"],"Domainroute":["ahfarmer.github.io"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"Accept-Encoding":["gzip, deflate, br"],"User-Custom-Domain":["major.gouthamjay.com"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"error":"dial tcp 185.199.111.153:0: i/o timeout"}
May  2 18:10:35 ip-172-31-82-207 caddy: {"level":"error","ts":1683051035.037669,"logger":"http.log.error","msg":"dial tcp 185.199.111.153:0: i/o timeout","request":{"remote_ip":"122.164.86.235","remote_port":"2730","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/","headers":{"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Te":["trailers"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"duration":3.330650044,"status":502,"err_id":"6pcrir9iy","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
May  2 18:10:35 ip-172-31-82-207 caddy: {"level":"error","ts":1683051035.037694,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"122.164.86.235","remote_port":"2730","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"user_id":"","duration":3.330650044,"size":0,"status":502,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}
May  2 18:10:35 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051035.3722813,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_ip":"122.164.86.235","remote_port":"2730","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/favicon.ico","headers":{"Accept-Language":["en-US,en;q=0.5"],"Referer":["https://major.gouthamjay.com/"],"Sec-Fetch-Dest":["image"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["image/avif,image/webp,*/*"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Sec-Fetch-Mode":["no-cors"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"method":"GET","uri":"/"}
May  2 18:10:35 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051035.3723247,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","total_upstreams":1}
May  2 18:10:35 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051035.388258,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","duration":0.015888063,"request":{"remote_ip":"122.164.86.235","remote_port":"2730","proto":"HTTP/2.0","method":"GET","host":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","uri":"/?sourceHost=major.gouthamjay.com","headers":{"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"],"Referer":["https://major.gouthamjay.com/"],"X-Forwarded-Uri":["/"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-For":["122.164.86.235"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Dest":["image"],"Dnt":["1"],"X-Forwarded-Host":["major.gouthamjay.com"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Mode":["no-cors"],"Accept":["image/avif,image/webp,*/*"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"X-Forwarded-Method":["GET"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"Connection":["keep-alive"],"X-Amzn-Requestid":["4b32e394-6675-4bfb-a5e7-da4ecf32a919"],"Domainhttpsroute":["https://ahfarmer.github.io"],"Pathroute":["/calculator/"],"Domainroute":["ahfarmer.github.io"],"Date":["Tue, 02 May 2023 18:10:35 GMT"],"Content-Type":["application/json"],"Content-Length":["0"],"X-Amzn-Trace-Id":["root=1-6451521b-477fa4336bce23cb518e8d83;sampled=0;lineage=9603592e:0"]},"status":200}
May  2 18:10:35 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051035.388284,"logger":"http.handlers.reverse_proxy","msg":"handling response","handler":0}
May  2 18:10:35 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051035.3883417,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"ahfarmer.github.io:0","total_upstreams":1}
May  2 18:10:38 ip-172-31-82-207 caddy: {"level":"debug","ts":1683051038.3886616,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{http.request.header.Domainroute}","duration":3.000252353,"request":{"remote_ip":"122.164.86.235","remote_port":"2730","proto":"HTTP/2.0","method":"GET","host":"ahfarmer.github.io:0","uri":"/","headers":{"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Dest":["image"],"Referer":["https://major.gouthamjay.com/"],"Sec-Fetch-Site":["same-origin"],"User-Custom-Domain":["major.gouthamjay.com"],"Accept":["image/avif,image/webp,*/*"],"X-Forwarded-For":["122.164.86.235"],"Sec-Fetch-Mode":["no-cors"],"Dnt":["1"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-US,en;q=0.5"],"Domainroute":["ahfarmer.github.io"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"X-Forwarded-Host":["major.gouthamjay.com"],"Pathroute":["/calculator/"],"Domainhttpsroute":["https://ahfarmer.github.io"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"error":"dial tcp 185.199.110.153:0: i/o timeout"}
May  2 18:10:38 ip-172-31-82-207 caddy: {"level":"error","ts":1683051038.388757,"logger":"http.log.error","msg":"dial tcp 185.199.110.153:0: i/o timeout","request":{"remote_ip":"122.164.86.235","remote_port":"2730","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/favicon.ico","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["image/avif,image/webp,*/*"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"],"Referer":["https://major.gouthamjay.com/"],"Sec-Fetch-Dest":["image"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"duration":3.016483218,"status":502,"err_id":"skr3zmx0a","err_trace":"reverseproxy.statusError (reverseproxy.go:1272)"}
May  2 18:10:38 ip-172-31-82-207 caddy: {"level":"error","ts":1683051038.3887792,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"122.164.86.235","remote_port":"2730","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/favicon.ico","headers":{"Accept-Language":["en-US,en;q=0.5"],"Referer":["https://major.gouthamjay.com/"],"Sec-Fetch-Dest":["image"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["image/avif,image/webp,*/*"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"user_id":"","duration":3.016483218,"size":0,"status":502,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"]}}

And the same 502 blank page error

Oh, it defaulted to port 0. I think you need to include the port (443) in your header.

This might be fixed on the master branch in Caddy though, we did some changes to how ports/addresses are handled recently.

Edit: Or actually you could just do reverse_proxy {header.Domainroute}:443 that should be fine as well

Appreciate your kind help. It works fine but the ReactJS website result seems unexpected

This is the caddy server proxy result

actualOutput1549×1009 12 KB

While the expected website can be found at https://ahfarmer.github.io/calculator/

Here are the logs from the server

May  2 18:54:22 ip-172-31-82-207 caddy: {"level":"debug","ts":1683053662.8808446,"logger":"http.handlers.reverse_proxy","msg":"handling response","handler":0}
May  2 18:54:22 ip-172-31-82-207 caddy: {"level":"debug","ts":1683053662.8809252,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"ahfarmer.github.io:443","total_upstreams":1}
May  2 18:54:22 ip-172-31-82-207 caddy: {"level":"debug","ts":1683053662.8831398,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{http.request.header.Domainroute}:443","duration":0.002172373,"request":{"remote_ip":"122.164.86.235","remote_port":"10641","proto":"HTTP/2.0","method":"GET","host":"ahfarmer.github.io:443","uri":"/calculator/","headers":{"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US,en;q=0.5"],"Domainroute":["ahfarmer.github.io"],"Te":["trailers"],"Domainhttpsroute":["https://ahfarmer.github.io"],"Sec-Fetch-Dest":["script"],"Sec-Fetch-Site":["same-origin"],"X-Forwarded-Proto":["https"],"Accept":["*/*"],"X-Forwarded-For":["122.164.86.235"],"User-Custom-Domain":["major.gouthamjay.com"],"Referer":["https://major.gouthamjay.com/"],"Dnt":["1"],"X-Forwarded-Host":["major.gouthamjay.com"],"Sec-Fetch-Mode":["no-cors"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Pathroute":["/calculator/"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"X-Cache-Hits":["3"],"X-Fastly-Request-Id":["058188a3482cc878cc32877815bf96ee10205682"],"Last-Modified":["Sun, 27 May 2018 22:46:18 GMT"],"X-Cache":["HIT"],"Date":["Tue, 02 May 2023 18:54:22 GMT"],"Age":["0"],"X-Timer":["S1683053663.881915,VS0,VE0"],"Content-Length":["400"],"Server":["GitHub.com"],"Permissions-Policy":["interest-cohort=()"],"X-Github-Request-Id":["35A2:4092:12C22AB:1C96E08:64515152"],"Accept-Ranges":["bytes"],"Etag":["W/\"5b0b353a-2a0\""],"Content-Encoding":["gzip"],"Expires":["Tue, 02 May 2023 18:17:14 GMT"],"Cache-Control":["max-age=600"],"X-Proxy-Cache":["MISS"],"Via":["1.1 varnish"],"X-Served-By":["cache-iad-kcgs7200026-IAD"],"Vary":["Accept-Encoding"],"Content-Type":["text/html; charset=utf-8"],"Access-Control-Allow-Origin":["*"]},"status":200}
May  2 18:54:22 ip-172-31-82-207 caddy: {"level":"info","ts":1683053662.8832128,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"122.164.86.235","remote_port":"10641","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/calculator/static/js/main.b319222a.js","headers":{"Sec-Fetch-Mode":["no-cors"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Sec-Fetch-Dest":["script"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Referer":["https://major.gouthamjay.com/"],"Sec-Fetch-Site":["same-origin"],"Accept":["*/*"],"Accept-Language":["en-US,en;q=0.5"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"user_id":"","duration":0.025997569,"size":400,"status":200,"resp_headers":{"X-Proxy-Cache":["MISS"],"Via":["1.1 varnish"],"Vary":["Accept-Encoding"],"X-Cache-Hits":["3"],"Content-Length":["400"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"X-Github-Request-Id":["35A2:4092:12C22AB:1C96E08:64515152"],"Content-Type":["text/html; charset=utf-8"],"X-Cache":["HIT"],"Etag":["W/\"5b0b353a-2a0\""],"X-Served-By":["cache-iad-kcgs7200026-IAD"],"Age":["0"],"X-Timer":["S1683053663.881915,VS0,VE0"],"Permissions-Policy":["interest-cohort=()"],"Last-Modified":["Sun, 27 May 2018 22:46:18 GMT"],"Server":["Caddy","GitHub.com"],"Accept-Ranges":["bytes"],"Content-Encoding":["gzip"],"Expires":["Tue, 02 May 2023 18:17:14 GMT"],"Cache-Control":["max-age=600"],"Access-Control-Allow-Origin":["*"],"X-Fastly-Request-Id":["058188a3482cc878cc32877815bf96ee10205682"],"Date":["Tue, 02 May 2023 18:54:22 GMT"]}}
May  2 18:54:23 ip-172-31-82-207 caddy: {"level":"debug","ts":1683053663.160176,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","total_upstreams":1}
May  2 18:54:23 ip-172-31-82-207 caddy: {"level":"debug","ts":1683053663.2127943,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","duration":0.052552208,"request":{"remote_ip":"122.164.86.235","remote_port":"10641","proto":"HTTP/2.0","method":"GET","host":"ghoh24fvt2qmkfzuzit5ao4rei0hrbox.lambda-url.us-east-1.on.aws:443","uri":"/?sourceHost=major.gouthamjay.com","headers":{"Sec-Fetch-Mode":["no-cors"],"X-Forwarded-Host":["major.gouthamjay.com"],"X-Forwarded-Proto":["https"],"Dnt":["1"],"Accept-Language":["en-US,en;q=0.5"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Te":["trailers"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-For":["122.164.86.235"],"X-Forwarded-Uri":["/calculator/favicon.ico"],"Referer":["https://major.gouthamjay.com/"],"Accept":["image/avif,image/webp,*/*"],"X-Forwarded-Method":["GET"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Dest":["image"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"Content-Type":["application/json"],"Connection":["keep-alive"],"Pathroute":["/calculator/"],"Domainroute":["ahfarmer.github.io"],"Date":["Tue, 02 May 2023 18:54:23 GMT"],"X-Amzn-Requestid":["05ad66bf-9d86-4c5d-b506-6a7bd48a320f"],"Domainhttpsroute":["https://ahfarmer.github.io"],"X-Amzn-Trace-Id":["root=1-64515c5f-70a490261baea62155bb90db;sampled=0;lineage=9603592e:0"],"Content-Length":["0"]},"status":200}
May  2 18:54:23 ip-172-31-82-207 caddy: {"level":"debug","ts":1683053663.2128425,"logger":"http.handlers.reverse_proxy","msg":"handling response","handler":0}
May  2 18:54:23 ip-172-31-82-207 caddy: {"level":"debug","ts":1683053663.2129247,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"ahfarmer.github.io:443","total_upstreams":1}
May  2 18:54:23 ip-172-31-82-207 caddy: {"level":"debug","ts":1683053663.2166955,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{http.request.header.Domainroute}:443","duration":0.00373284,"request":{"remote_ip":"122.164.86.235","remote_port":"10641","proto":"HTTP/2.0","method":"GET","host":"ahfarmer.github.io:443","uri":"/calculator/","headers":{"Sec-Fetch-Mode":["no-cors"],"Accept-Encoding":["gzip, deflate, br"],"Domainhttpsroute":["https://ahfarmer.github.io"],"Te":["trailers"],"Referer":["https://major.gouthamjay.com/"],"Accept":["image/avif,image/webp,*/*"],"Sec-Fetch-Dest":["image"],"User-Custom-Domain":["major.gouthamjay.com"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Pathroute":["/calculator/"],"Sec-Fetch-Site":["same-origin"],"X-Forwarded-Host":["major.gouthamjay.com"],"Accept-Language":["en-US,en;q=0.5"],"Dnt":["1"],"Domainroute":["ahfarmer.github.io"],"X-Forwarded-For":["122.164.86.235"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"X-Cache":["HIT"],"X-Cache-Hits":["4"],"X-Fastly-Request-Id":["e00e775190967e86ed6ba3ebec0e7614b620ad43"],"Last-Modified":["Sun, 27 May 2018 22:46:18 GMT"],"Permissions-Policy":["interest-cohort=()"],"Etag":["W/\"5b0b353a-2a0\""],"X-Github-Request-Id":["35A2:4092:12C22AB:1C96E08:64515152"],"Via":["1.1 varnish"],"Vary":["Accept-Encoding"],"Content-Length":["400"],"Content-Type":["text/html; charset=utf-8"],"Access-Control-Allow-Origin":["*"],"Expires":["Tue, 02 May 2023 18:17:14 GMT"],"Cache-Control":["max-age=600"],"Age":["1"],"Server":["GitHub.com"],"X-Proxy-Cache":["MISS"],"Accept-Ranges":["bytes"],"Date":["Tue, 02 May 2023 18:54:23 GMT"],"X-Served-By":["cache-iad-kcgs7200026-IAD"],"X-Timer":["S1683053663.215392,VS0,VE1"],"Content-Encoding":["gzip"]},"status":200}
May  2 18:54:23 ip-172-31-82-207 caddy: {"level":"info","ts":1683053663.2167573,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"122.164.86.235","remote_port":"10641","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/calculator/favicon.ico","headers":{"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Referer":["https://major.gouthamjay.com/"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept-Language":["en-US,en;q=0.5"],"Te":["trailers"],"Accept":["image/avif,image/webp,*/*"],"Sec-Fetch-Dest":["image"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"user_id":"","duration":0.056619292,"size":400,"status":200,"resp_headers":{"Cache-Control":["max-age=600"],"X-Timer":["S1683053663.215392,VS0,VE1"],"Content-Encoding":["gzip"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"X-Cache":["HIT"],"Vary":["Accept-Encoding"],"Content-Length":["400"],"Expires":["Tue, 02 May 2023 18:17:14 GMT"],"Permissions-Policy":["interest-cohort=()"],"X-Github-Request-Id":["35A2:4092:12C22AB:1C96E08:64515152"],"Content-Type":["text/html; charset=utf-8"],"Age":["1"],"Server":["Caddy","GitHub.com"],"Access-Control-Allow-Origin":["*"],"Accept-Ranges":["bytes"],"Date":["Tue, 02 May 2023 18:54:23 GMT"],"X-Proxy-Cache":["MISS"],"X-Served-By":["cache-iad-kcgs7200026-IAD"],"X-Cache-Hits":["4"],"X-Fastly-Request-Id":["e00e775190967e86ed6ba3ebec0e7614b620ad43"],"Last-Modified":["Sun, 27 May 2018 22:46:18 GMT"],"Etag":["W/\"5b0b353a-2a0\""],"Via":["1.1 varnish"]}}

This is rewriting every request to exactly that path. I don’t think that’s what you intended. You probably want rewrite * {header.Pathroute}{uri}

But keep in mind, rewrite runs before forward_auth because of directive ordering. You’d probably need to wrap that in a route to happen in the correct order, or you can move the rewrite into reverse_proxy (and remove * because the rewrite option in reverse_proxy doesn’t take a matcher).

I actually shifted “rewrite” rule inside the reverse_proxy but now this issue seems to be strange since the website does not load the styles and build the JS for the React website

If you hadn’t noticed the previous message, this was the image while expected result was https://ahfarmer.github.io/calculator/

actualOutput1549×1009 12 KB

Any idea what could be the solution for this?

Re-read my previous answer. Make sure you include {uri} in the rewrite.

Oh I’m totally sorry, I didn’t realize that was the solution. Now it makes a lot of sense, Francis. Thank you so much

So in that case if I only want to append path for the first request that is for https://ahfarmer.github.io but for rest all, if I want to have it as just {uri} how would I do it?

I could see there’s regex matching for different paths in rewrite but is it possible to apply {header.Pathroute} variable only once just for the first Get request, that is, I want to reverse proxy to https://ahfarmer.github.io/calculator/ initially while other requests can continue as usual

That’s up to your forward_auth upstream to decide.

Caddy’s handling is per-request. It doesn’t persist state internally across multiple requests (except when it does for things like load balancing, but that’s totally separate).

Okay I’ve just set it dynamically and the routing part works but for some strange reason, a site hosted on AWS amplify shows the following error when visiting https://major.gouthamjay.com. Is this a known issue?

error1859×211 17.5 KB

Caddy logs:

May  3 04:41:53 ip-172-31-82-207 caddy: {"level":"debug","ts":1683088913.3268886,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"brand.famewall.io:443","total_upstreams":1}
May  3 04:41:53 ip-172-31-82-207 caddy: {"level":"debug","ts":1683088913.5665083,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{http.request.header.Domainroute}:443","duration":0.239564099,"request":{"remote_ip":"122.164.86.235","remote_port":"30607","proto":"HTTP/2.0","method":"GET","host":"brand.famewall.io:443","uri":"/goutham","headers":{"Shouldredirect":["{http.reverse_proxy.header.Shouldredirect}"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"X-Forwarded-For":["122.164.86.235"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"X-Forwarded-Host":["major.gouthamjay.com"],"Sec-Fetch-User":["?1"],"User-Custom-Domain":["major.gouthamjay.com"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Dest":["document"],"Accept-Language":["en-US,en;q=0.5"],"Domainroute":["brand.famewall.io"],"Sec-Fetch-Site":["none"],"Upgrade-Insecure-Requests":["1"],"Domainhttpsroute":["https://brand.famewall.io"],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-Proto":["https"],"Pathroute":["/goutham"],"Dnt":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"X-Amz-Cf-Pop":["IAD12-P1"],"X-Amz-Cf-Id":["MO8BRadSQCwjqFbwoJYk-IA83SGNS3Y9Tj12BU0a2tFCvRqHytN2wQ=="],"Content-Type":["text/html"],"Content-Length":["1022"],"Server":["CloudFront"],"Date":["Wed, 03 May 2023 04:41:53 GMT"],"X-Cache":["LambdaValidationError from cloudfront"],"Via":["1.1 f588325f7617672d954c4267c8bee1ea.cloudfront.net (CloudFront)"]},"status":502}
May  3 04:41:53 ip-172-31-82-207 caddy: {"level":"error","ts":1683088913.5665765,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"122.164.86.235","remote_port":"30607","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/","headers":{"Sec-Fetch-User":["?1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Sec-Fetch-Mode":["navigate"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"user_id":"","duration":0.267857705,"size":1022,"status":502,"resp_headers":{"X-Cache":["LambdaValidationError from cloudfront"],"X-Amz-Cf-Pop":["IAD12-P1"],"Content-Type":["text/html"],"Date":["Wed, 03 May 2023 04:41:53 GMT"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Via":["1.1 f588325f7617672d954c4267c8bee1ea.cloudfront.net (CloudFront)"],"X-Amz-Cf-Id":["MO8BRadSQCwjqFbwoJYk-IA83SGNS3Y9Tj12BU0a2tFCvRqHytN2wQ=="],"Content-Length":["1022"],"Server":["Caddy","CloudFront"]}}
May  3 04:43:13 ip-172-31-82-207 dhclient[2925]: XMT: Solicit on eth0, interval 111750ms.
 

And caddyfile:

{
        debug
        order rewrite after forward_auth
        admin off
        on_demand_tls {
                ask {env.DOMAIN_SERVICE_ENDPOINT}
        }

        storage_clean_interval 90d

        log
}

:80 {
        respond /health "Im healthy" 200

        log
}

:443 {
        tls {env.ENCRYPT_EMAIL} {
                on_demand
        }

        forward_auth {env.MIDDLEWARE_SERVICE_ENDPOINT} {
                uri /?sourceHost={host}&extraUri={uri}
                header_up Host {upstream_hostport}
                copy_headers Pathroute Domainroute Domainhttpsroute Shouldredirect

        }

        rewrite * {header.Pathroute}

        reverse_proxy {header.Domainroute}:443 {
                header_up Host {upstream_hostport}
                header_up User-Custom-Domain {host}

                health_timeout 5s

                transport http {
                        tls
                }
        }

        log
}

Hmm. My guess is Cloudfront doesn’t like that the Host contains the port. You could try {http.reverse_proxy.upstream.host} instead of {upstream_hostport}. Generally upstreams should accept the port as well and ignore it if they don’t care about it, but maybe Cloudfront doesn’t do that.

Oh! It still seems to show the error in browsers like Firefox, Edge and other browsers

errorCloud1915×255 24.1 KB

I know nothing about Cloudfront. And I can’t do much if you don’t share up to date logs.

Oh sorry about that. Here are the logs and this seems to be some form of a header issue. Maybe a specific header is needed? I even tried Cache-control header

Caddy logs:

May  3 08:56:23 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104183.601169,"logger":"events","msg":"event","name":"tls_get_certificate","id":"dc8dd16d-ee9f-4708-b9ba-2c57f1946273","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,49172,156,157,47,53],"ServerName":"major.gouthamjay.com","SupportedCurves":[29,23,24,25,256,257],"SupportedPoints":"AA==","SignatureSchemes":[1027,1283,1539,2052,2053,2054,1025,1281,1537,515,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"Conn":{}}}}
May  3 08:56:23 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104183.601229,"logger":"tls.handshake","msg":"choosing certificate","identifier":"major.gouthamjay.com","num_choices":1}
May  3 08:56:23 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104183.6012473,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"major.gouthamjay.com","subjects":["major.gouthamjay.com"],"managed":true,"issuer_key":"acme.zerossl.com-v2-DV90","hash":"1b9a83be7b3e89b460a6413a2c90ce4f331da1b0447114ffd84519b853a9e26c"}
May  3 08:56:23 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104183.6012566,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"122.164.86.235","remote_port":"31864","subjects":["major.gouthamjay.com"],"managed":true,"expiration":1690934400,"hash":"1b9a83be7b3e89b460a6413a2c90ce4f331da1b0447114ffd84519b853a9e26c"}
May  3 08:56:23 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104183.8652475,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"5gmfjsk5ahetoavmnsqjplsnae0azkhp.lambda-url.us-east-1.on.aws:443","total_upstreams":1}
May  3 08:56:24 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104184.3009827,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"5gmfjsk5ahetoavmnsqjplsnae0azkhp.lambda-url.us-east-1.on.aws:443","duration":0.435635331,"request":{"remote_ip":"122.164.86.235","remote_port":"31864","proto":"HTTP/2.0","method":"GET","host":"5gmfjsk5ahetoavmnsqjplsnae0azkhp.lambda-url.us-east-1.on.aws:443","uri":"/?sourceHost=major.gouthamjay.com&extraUri=%2F","headers":{"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Te":["trailers"],"X-Forwarded-Proto":["https"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Site":["none"],"X-Forwarded-For":["122.164.86.235"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Upgrade-Insecure-Requests":["1"],"X-Forwarded-Method":["GET"],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-Host":["major.gouthamjay.com"],"X-Forwarded-Uri":["/"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"Date":["Wed, 03 May 2023 08:56:24 GMT"],"Content-Type":["application/json"],"Domainhttpsroute":["https://brand.famewall.io"],"Pathroute":["/goutham"],"Domainroute":["brand.famewall.io"],"X-Amzn-Trace-Id":["root=1-645221b7-4ef56542040567c57e5e5360;sampled=0;lineage=9603592e:0"],"Content-Length":["0"],"Connection":["keep-alive"],"X-Amzn-Requestid":["334c2279-f4f4-478b-8138-b5ca4bc5d6e8"]},"status":200}
May  3 08:56:24 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104184.3035066,"logger":"http.handlers.reverse_proxy","msg":"handling response","handler":0}
May  3 08:56:24 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104184.3036258,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_ip":"122.164.86.235","remote_port":"31864","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Pathroute":["/goutham"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Domainhttpsroute":["https://brand.famewall.io"],"Shouldredirect":["{http.reverse_proxy.header.Shouldredirect}"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Dnt":["1"],"Sec-Fetch-Site":["none"],"Te":["trailers"],"Domainroute":["brand.famewall.io"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"method":"GET","uri":"/goutham"}
May  3 08:56:24 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104184.3036559,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"brand.famewall.io:443","total_upstreams":1}
May  3 08:56:25 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104185.1950583,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{http.request.header.Domainroute}:443","duration":0.891340074,"request":{"remote_ip":"122.164.86.235","remote_port":"31864","proto":"HTTP/2.0","method":"GET","host":"brand.famewall.io","uri":"/goutham","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept-Encoding":["gzip, deflate, br"],"Pathroute":["/goutham"],"X-Forwarded-Host":["major.gouthamjay.com"],"Sec-Fetch-Mode":["navigate"],"Dnt":["1"],"User-Custom-Domain":["major.gouthamjay.com"],"Shouldredirect":["{http.reverse_proxy.header.Shouldredirect}"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-User":["?1"],"Domainroute":["brand.famewall.io"],"X-Forwarded-For":["122.164.86.235"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Dest":["document"],"Domainhttpsroute":["https://brand.famewall.io"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"X-Amz-Cf-Pop":["IAD12-P1"],"X-Amz-Cf-Id":["yhUvhlnXckV2U5WIWw24AQUORvYoKK9WRSHcimb9aSALkZgrDRdQ4Q=="],"Content-Type":["text/html"],"Content-Length":["1022"],"Server":["CloudFront"],"Date":["Wed, 03 May 2023 08:56:25 GMT"],"X-Cache":["LambdaValidationError from cloudfront"],"Via":["1.1 6f067a3fd6e721a7db2a2901701a65d8.cloudfront.net (CloudFront)"]},"status":502}
May  3 08:56:25 ip-172-31-90-245 caddy: {"level":"error","ts":1683104185.1951678,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"122.164.86.235","remote_port":"31864","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/","headers":{"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"user_id":"","duration":1.329962075,"size":1022,"status":502,"resp_headers":{"Date":["Wed, 03 May 2023 08:56:25 GMT"],"X-Amz-Cf-Pop":["IAD12-P1"],"Content-Type":["text/html"],"Content-Length":["1022"],"Server":["Caddy","CloudFront"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"X-Amz-Cf-Id":["yhUvhlnXckV2U5WIWw24AQUORvYoKK9WRSHcimb9aSALkZgrDRdQ4Q=="],"X-Cache":["LambdaValidationError from cloudfront"],"Via":["1.1 6f067a3fd6e721a7db2a2901701a65d8.cloudfront.net (CloudFront)"]}}
May  3 08:56:25 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104185.5853622,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"5gmfjsk5ahetoavmnsqjplsnae0azkhp.lambda-url.us-east-1.on.aws:443","total_upstreams":1}
May  3 08:56:25 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104185.600095,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"5gmfjsk5ahetoavmnsqjplsnae0azkhp.lambda-url.us-east-1.on.aws:443","duration":0.014672301,"request":{"remote_ip":"122.164.86.235","remote_port":"31864","proto":"HTTP/2.0","method":"GET","host":"5gmfjsk5ahetoavmnsqjplsnae0azkhp.lambda-url.us-east-1.on.aws:443","uri":"/?sourceHost=major.gouthamjay.com&extraUri=%2Ffavicon.ico","headers":{"X-Forwarded-Host":["major.gouthamjay.com"],"Sec-Fetch-Dest":["image"],"X-Forwarded-For":["122.164.86.235"],"X-Forwarded-Uri":["/favicon.ico"],"Sec-Fetch-Mode":["no-cors"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-US,en;q=0.5"],"Accept":["image/avif,image/webp,*/*"],"Dnt":["1"],"Sec-Fetch-Site":["same-origin"],"Te":["trailers"],"Accept-Encoding":["gzip, deflate, br"],"Referer":["https://major.gouthamjay.com/"],"X-Forwarded-Method":["GET"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"X-Amzn-Trace-Id":["root=1-645221b9-367eae3b72548ec86795b5a0;sampled=0;lineage=9603592e:0"],"Date":["Wed, 03 May 2023 08:56:25 GMT"],"Content-Type":["application/json"],"Connection":["keep-alive"],"Domainhttpsroute":["https://brand.famewall.io"],"Content-Length":["0"],"X-Amzn-Requestid":["40dd2cbe-79db-489e-84ab-2c6bb0d7fce6"],"Pathroute":["/favicon.ico"],"Domainroute":["brand.famewall.io"]},"status":200}
May  3 08:56:25 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104185.600126,"logger":"http.handlers.reverse_proxy","msg":"handling response","handler":0}
May  3 08:56:25 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104185.6002045,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"brand.famewall.io:443","total_upstreams":1}
May  3 08:56:25 ip-172-31-90-245 caddy: {"level":"debug","ts":1683104185.8119526,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{http.request.header.Domainroute}:443","duration":0.21168884,"request":{"remote_ip":"122.164.86.235","remote_port":"31864","proto":"HTTP/2.0","method":"GET","host":"brand.famewall.io","uri":"/favicon.ico","headers":{"Accept":["image/avif,image/webp,*/*"],"User-Custom-Domain":["major.gouthamjay.com"],"Accept-Language":["en-US,en;q=0.5"],"Dnt":["1"],"Domainroute":["brand.famewall.io"],"Te":["trailers"],"Shouldredirect":["{http.reverse_proxy.header.Shouldredirect}"],"X-Forwarded-Host":["major.gouthamjay.com"],"Sec-Fetch-Site":["same-origin"],"X-Forwarded-For":["122.164.86.235"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Dest":["image"],"Pathroute":["/favicon.ico"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Referer":["https://major.gouthamjay.com/"],"Accept-Encoding":["gzip, deflate, br"],"Domainhttpsroute":["https://brand.famewall.io"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"headers":{"Date":["Wed, 03 May 2023 08:56:25 GMT"],"X-Cache":["LambdaValidationError from cloudfront"],"Via":["1.1 6f067a3fd6e721a7db2a2901701a65d8.cloudfront.net (CloudFront)"],"X-Amz-Cf-Pop":["IAD12-P1"],"X-Amz-Cf-Id":["PS1nQmaIWHURxDw12Mw2hO3OnQbU1gDNxaKoodYzSHAw_pXYvDqejQ=="],"Content-Type":["text/html"],"Content-Length":["1022"],"Server":["CloudFront"]},"status":502}
May  3 08:56:25 ip-172-31-90-245 caddy: {"level":"error","ts":1683104185.8120332,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"122.164.86.235","remote_port":"31864","proto":"HTTP/2.0","method":"GET","host":"major.gouthamjay.com","uri":"/favicon.ico","headers":{"Accept":["image/avif,image/webp,*/*"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Referer":["https://major.gouthamjay.com/"],"Sec-Fetch-Dest":["image"],"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"major.gouthamjay.com"}},"user_id":"","duration":0.226711962,"size":1022,"status":502,"resp_headers":{"Content-Type":["text/html"],"Server":["Caddy","CloudFront"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"X-Cache":["LambdaValidationError from cloudfront"],"X-Amz-Cf-Id":["PS1nQmaIWHURxDw12Mw2hO3OnQbU1gDNxaKoodYzSHAw_pXYvDqejQ=="],"Date":["Wed, 03 May 2023 08:56:25 GMT"],"Via":["1.1 6f067a3fd6e721a7db2a2901701a65d8.cloudfront.net (CloudFront)"],"X-Amz-Cf-Pop":["IAD12-P1"],"Content-Length":["1022"]}}

Caddyfile:

{
        debug
        order rewrite after forward_auth
        admin off
        on_demand_tls {
                ask {env.DOMAIN_SERVICE_ENDPOINT}
        }

        storage_clean_interval 90d

        log
}

:80 {
        respond /health "Im healthy" 200

        log
}

:443 {
        tls {env.EMAIL_ADDRESS} {
                on_demand
        }

        forward_auth https://5gmfjsk5ahetoavmnsqjplsnae0azkhp.lambda-url.us-east-1.on.aws {
                uri /?sourceHost={host}&extraUri={uri}
                header_up Host {upstream_hostport}
                copy_headers Pathroute Domainroute Domainhttpsroute Shouldredirect

        }

        rewrite * {header.Pathroute}

        reverse_proxy {header.Domainroute}:443 {
                header_up Host {http.reverse_proxy.upstream.host}

                header_down Cache-Control "max-age=5184000"
                header_down Access-Control-Allow-Origin {host}

                header_up Access-Control-Allow-Origin {host}


                health_timeout 5s

                transport http {
                        tls
                }
        }

        log
}

And the forward_auth file as of now for debugging:

exports.handler = async (event) => {
    let statusCode;

    let pathRoute = '';
  
    if (event.queryStringParameters && event.queryStringParameters.hasOwnProperty('sourceHost')) {
     
     
      const extraUri = event.queryStringParameters.extraUri;
      if(extraUri==='/' || !extraUri || extraUri===''){
        pathRoute = '/person1';
      }
      else{
        pathRoute = extraUri
      }

      statusCode = 200;
    } else {
      statusCode = 400;
    }

  
    return {
        headers: {
          'Pathroute': pathRoute,
          'Domainroute': 'brand.example.io',
          'Domainhttpsroute': 'https://brand.example.io',
        },
        statusCode: 200,
      };
  };

I think you’ll probably need to reach out to AWS support to get them to explain what that error means. I’m not seeing anything obvious.

Hi. So I reached to AWS support regarding this. They mentioned the following:

Verify your certs are right
Cloudfront expects the full cert chain, that might be one of the problems. Check HTTP 502 status code (Bad Gateway) - Amazon CloudFront

Could you help with this on how it could be avoided with Caddy?

I don’t know how your stack is set up. Is CloudFront trying to make a request to Caddy, or do you have Caddy in front of CloudFront? Their message implies that the problem is between CloudFront and your upstream app, and this has nothing to do with Caddy.