Cloudflare infinite redirects

1. Caddy version:

v2.6.3

2. How I installed, and run Caddy:

docker compose:

  mastodon-proxy:
    image: 'caddy:latest'
    command: 'caddy reverse-proxy --from ${MASTODON_DOMAIN} --to mastodon-web:3000'
    volumes:
      - '/home/pi/compose/mastodon/certs:/root/certs'
      - 'caddy-data-volume:/data'
      - 'caddy-config-volume:/config'
      - '/home/pi/compose/mastodon/caddyfile:/etc/caddy/Caddyfile:ro'
    environment:
      MASTODON_DOMAIN: '${MASTODON_DOMAIN}'
    ports:
      - '3001:80'
      - '8443:443'
    depends_on:
      mastodon-web:
        condition: service_healthy

a. System environment:

Docker version 23.0.1, build a5ee5b1

b. Command:

{$MASTODON_DOMAIN} {
  tls self-signed 
  handle /api/v1/streaming* {
    reverse_proxy mastodon-streaming:4000
  }

  handle {
    reverse_proxy mastodon-web:3000
  }
}

tryed also

{$MASTODON_DOMAIN} {
  tls /root/certs/caddy.pem /root/certs/caddy.key
  handle /api/v1/streaming* {
    reverse_proxy mastodon-streaming:4000
  }

  handle {
    reverse_proxy mastodon-web:3000
  }
}

3. The problem I’m having:

I’m under cloudlare tunnel and I’m trying to set up mastodon with caddy reverse proxy and I followed this topic Infinite redirection - #5 by Whitestrake but neither cloduflare origin certificates or self signed works.

could yo please help me?

I strongly recommend using the Caddyfile config instead of overriding the command. The reverse-proxy command is only meant to be used for quick-and-dirty local development servers, not for anything running long-term such as a Docker container.

If you override the command, the Caddyfile will not work. So maybe that’s why your config changes are not working as you expect.

How did you configure CloudFlare? What encryption mode are you using?

What’s the value of your MASTODON_DOMAIN environment variable? Does it contain a scheme, or is it simply a domain? That can affect how Caddy runs.

Hi, now my caddyfile looks like this:
GNU nano 5.4 caddyfile *

https://{$MASTODON_DOMAIN} {
  tls /root/certs/caddy.pem /root/certs/caddy.key
  handle /api/v1/streaming* {
    reverse_proxy mastodon-streaming:4000
  }

  handle {
    reverse_proxy mastodon-web:3000
  }
}

with ${MASTODON_DOMAIN} = mastodon.mebitek.com
cloudflare is configured as Full (strict)
and I’ve installed origin cloudflare certificates

when my tunnel points on http://IP:3001 I get too many redirects
when my tunnel points on https://IP:8443 I get bad gataway

Because Caddy is attempting to upgrade the connection to HTTPS but the tunnel keeps making HTTP requests.

This is a better result than infinite redirects, but… Bad Gateway that means you’re connecting to Caddy fine, but Caddy can’t connect to your upstream for some reason.

Add debug to your global options (see: Global options (Caddyfile) — Caddy Documentation), make a request, and post the log output from Caddy here. This will give us a better idea of what Caddy sees each time it tries to connect upstream.


P.S.

To clarify, the Encryption Modes configured in the Cloudflare main dashboard (see: Encryption modes · Cloudflare SSL/TLS docs) is completely irrelevant for Cloudflare Tunnels. The latter rely on either the manual configuration of the tunnel OR the Cloudflare Zero Trust dashboard where managed tunnels are configured (specifying HTTP/S for upstream scheme and whether TLS is verified or not is done there).

1 Like

thx pointing me out! I fixed it
I checked the tunnel configuration under TLS option and I enable “No TLS Verify” and set " Origin Server Name" to ${MASTODON_DOMAIN}

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.