Ok, I updated my docker-compose.yaml
file so that both the Caddy and PHP services mount files to var/www/html
. That fixed the one issue where existing files were redirecting to the root index.php
file. Thanks!
I’m still having a problem with non-existent files showing up at root index.php
rather than 404. I think this may be a default setting of php_fastcgi
but I can’t figure out what to change to make the 404 show for files that do not exist.
Results of curl -v https://obscure.cc
:
* Trying 2606:4700:3031::6815:46c8:443...
* Connected to obscure.cc (2606:4700:3031::6815:46c8) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
* subject: CN=*.obscure.cc
* start date: Feb 22 18:15:13 2023 GMT
* expire date: May 23 18:15:12 2023 GMT
* subjectAltName: host "obscure.cc" matched cert's "obscure.cc"
* issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1P5
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: obscure.cc]
* h2h3 [user-agent: curl/7.85.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x55f2101c4b50)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: obscure.cc
> user-agent: curl/7.85.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 200
< date: Sun, 19 Mar 2023 05:07:22 GMT
< content-type: text/html; charset=UTF-8
< x-powered-by: PHP/8.2.3
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z2VC4%2B4SZsr4GhZjoXiyHZnvHS2njq3k6kRDu9Jhn0QVblwp6ClOry%2BlQhNyu0UAIh7VFQQdF9FYyIvWdcQ0fASZ5xBTBN9w7j9T9ezhRhklgzacPiwegmdi37UmH582jUcVVok9jUdu"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< strict-transport-security: max-age=15552000; includeSubDomains; preload
< x-content-type-options: nosniff
< server: cloudflare
< cf-ray: 7aa33104186afad6-SJC
<
{The rendered HTML}
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection #0 to host obscure.cc left intact
Debug log:
2023/03/19 05:07:22.913 DEBUG events event {"name": "tls_get_certificate", "id": "50a4b7c6-0e41-4ac3-a68c-4a8d79c1f64b", "origin": "tls", "data": {"client_hello":{"CipherSuites":[4865,4866,4867,49195,49196,49199,49200,49171,49192,156,157,47,53,10],"ServerName":"obscure.cc","SupportedCurves":[29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537,513],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771,770,769],"Conn":{}}}}
2023/03/19 05:07:22.914 DEBUG tls.handshake choosing certificate {"identifier": "obscure.cc", "num_choices": 1}
2023/03/19 05:07:22.915 DEBUG tls.handshake default certificate selection results {"identifier": "obscure.cc", "subjects": ["obscure.cc"], "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "f7c74044bc496ec447d21d6161c444c331ba3f49e155a3242a6173039f308525"}
2023/03/19 05:07:22.915 DEBUG tls.handshake matched certificate in cache {"remote_ip": "172.69.22.224", "remote_port": "34146", "subjects": ["obscure.cc"], "managed": true, "expiration": "2023/06/17 03:57:59.000", "hash": "f7c74044bc496ec447d21d6161c444c331ba3f49e155a3242a6173039f308525"}
2023/03/19 05:07:22.920 DEBUG http.handlers.rewrite rewrote request {"request": {"remote_ip": "172.69.22.224", "remote_port": "34146", "proto": "HTTP/2.0", "method": "GET", "host": "obscure.cc", "uri": "/", "headers": {"Cdn-Loop": ["cloudflare"], "X-Forwarded-For": ["2600:3c01::f03c:93ff:feb8:f4df"], "Cf-Ray": ["7aa33104186afad6-SJC"], "X-Forwarded-Proto": ["https"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Accept": ["*/*"], "Cf-Connecting-Ip": ["2600:3c01::f03c:93ff:feb8:f4df"], "Cf-Ipcountry": ["US"], "Accept-Encoding": ["gzip"], "User-Agent": ["curl/7.85.0"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "obscure.cc"}}, "method": "GET", "uri": "/index.php"}
2023/03/19 05:07:22.921 DEBUG http.handlers.reverse_proxy selected upstream {"dial": "php:9000", "total_upstreams": 1}
2023/03/19 05:07:22.922 DEBUG http.reverse_proxy.transport.fastcgi roundtrip {"request": {"remote_ip": "172.69.22.224", "remote_port": "34146", "proto": "HTTP/2.0", "method": "GET", "host": "obscure.cc", "uri": "/index.php", "headers": {"User-Agent": ["curl/7.85.0"], "X-Forwarded-Host": ["obscure.cc"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Accept": ["*/*"], "Cf-Ipcountry": ["US"], "Cf-Ray": ["7aa33104186afad6-SJC"], "X-Forwarded-Proto": ["https"], "Accept-Encoding": ["gzip"], "Cf-Connecting-Ip": ["2600:3c01::f03c:93ff:feb8:f4df"], "Cdn-Loop": ["cloudflare"], "X-Forwarded-For": ["172.69.22.224"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "obscure.cc"}}, "env": {"REMOTE_HOST": "172.69.22.224", "HTTP_HOST": "obscure.cc", "HTTPS": "on", "SSL_PROTOCOL": "TLSv1.3", "GATEWAY_INTERFACE": "CGI/1.1", "REMOTE_ADDR": "172.69.22.224", "DOCUMENT_URI": "/index.php", "SERVER_PORT": "443", "SERVER_PROTOCOL": "HTTP/2.0", "DOCUMENT_ROOT": "/var/www/html", "HTTP_X_FORWARDED_PROTO": "https", "QUERY_STRING": "", "HTTP_CDN_LOOP": "cloudflare", "REQUEST_SCHEME": "https", "SERVER_NAME": "obscure.cc", "SERVER_SOFTWARE": "Caddy/v2.6.4", "SCRIPT_NAME": "/index.php", "HTTP_CF_RAY": "7aa33104186afad6-SJC", "CONTENT_TYPE": "", "REMOTE_PORT": "34146", "AUTH_TYPE": "", "REMOTE_IDENT": "", "REQUEST_METHOD": "GET", "HTTP_CF_CONNECTING_IP": "2600:3c01::f03c:93ff:feb8:f4df", "HTTP_ACCEPT": "*/*", "HTTP_CF_IPCOUNTRY": "US", "CONTENT_LENGTH": "", "REMOTE_USER": "", "HTTP_X_FORWARDED_FOR": "172.69.22.224", "HTTP_CF_VISITOR": "{\"scheme\":\"https\"}", "HTTP_USER_AGENT": "curl/7.85.0", "PATH_INFO": "", "SSL_CIPHER": "TLS_AES_128_GCM_SHA256", "HTTP_ACCEPT_ENCODING": "gzip", "HTTP_X_FORWARDED_HOST": "obscure.cc", "REQUEST_URI": "/", "SCRIPT_FILENAME": "/var/www/html/index.php"}, "dial": "php:9000", "env": {"PATH_INFO": "", "SSL_CIPHER": "TLS_AES_128_GCM_SHA256", "HTTP_X_FORWARDED_FOR": "172.69.22.224", "HTTP_CF_VISITOR": "{\"scheme\":\"https\"}", "HTTP_USER_AGENT": "curl/7.85.0", "R
RI": "/", "SCRIPT_FILENAME": "/var/www/html/index.php", "HTTP_ACCEPT_ENCODING": "gzip", "HTTP_X_FORWARDED_HOST": "obscure.cc", "GATEWAY_INTERFACE": "CGI/1.1", "REMOTE_ADDR": "172.69.22.224", "REMOTE_HOST": "172.69.22.224", "HTTP_HOST": "obscure.cc", "HTTPS": "on", "SSL_PROTOCOL": "TLSv1.3", "SERVER_PROTOCOL": "HTTP/2.0", "DOCUMENT_ROOT": "/var/www/html", "DOCUMENT_URI": "/index.php", "SERVER_PORT": "443", "QUERY_STRING": "", "HTTP_CDN_LOOP": "cloudflare", "HTTP_X_FORWARDED_PROTO": "https", "CONTENT_TYPE": "", "REMOTE_PORT": "34146", "REQUEST_SCHEME": "https", "SERVER_NAME": "obscure.cc", "SERVER_SOFTWARE": "Caddy/v2.6.4", "SCRIPT_NAME": "/index.php", "HTTP_CF_RAY": "7aa33104186afad6-SJC", "AUTH_TYPE": "", "REMOTE_IDENT": "", "CONTENT_LENGTH": "", "REMOTE_USER": "", "REQUEST_METHOD": "GET", "HTTP_CF_CONNECTING_IP": "2600:3c01::f03c:93ff:feb8:f4df", "HTTP_ACCEPT": "*/*", "HTTP_CF_IPCOUNTRY": "US"}, "request": {"remote_ip": "172.69.22.224", "remote_port": "34146", "proto": "HTTP/2.0", "method": "GET", "host": "obscure.cc", "uri": "/index.php", "headers": {"Cf-Connecting-Ip": ["2600:3c01::f03c:93ff:feb8:f4df"], "Cdn-Loop": ["cloudflare"], "X-Forwarded-For": ["172.69.22.224"], "Cf-Ray": ["7aa33104186afad6-SJC"], "X-Forwarded-Proto": ["https"], "Accept-Encoding": ["gzip"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Accept": ["*/*"], "Cf-Ipcountry": ["US"], "User-Agent": ["curl/7.85.0"], "X-Forwarded-Host": ["obscure.cc"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "obscure.cc"}}}
2023/03/19 05:07:22.924 DEBUG http.handlers.reverse_proxy upstream roundtrip {"upstream": "php:9000", "duration": 0.002511522, "request": {"remote_ip": "172.69.22.224", "remote_port": "34146", "proto": "HTTP/2.0", "method": "GET", "host": "obscure.cc", "uri": "/index.php", "headers": {"Cf-Visitor": ["{\"scheme\":\"https\"}"], "Accept": ["*/*"], "Cf-Ipcountry": ["US"], "User-Agent": ["curl/7.85.0"], "X-Forwarded-Host": ["obscure.cc"], "Cf-Connecting-Ip": ["2600:3c01::f03c:93ff:feb8:f4df"], "Cdn-Loop": ["cloudflare"], "X-Forwarded-For": ["172.69.22.224"], "Cf-Ray": ["7aa33104186afad6-SJC"], "X-Forwarded-Proto": ["https"], "Accept-Encoding": ["gzip"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "obscure.cc"}}, "headers": {"X-Powered-By": ["PHP/8.2.3"], "Content-Type": ["text/html; charset=UTF-8"]}, "status": 200}