Error handling using http.cat and reverse proxy not functioning (or I'm stupid, one of the two)

eip · November 14, 2020, 8:15am

1. Caddy version (`caddy version`):

v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=

2. How I run Caddy:

official systemd unit from the github repo, no alterations

a. System environment:

ubuntu 18.04 lts, systemd controlled start

b. Command:

systemctl start caddy

c. Service/unit/compose file:

official from caddy server github repo

d. My complete Caddyfile or JSON config:

(gen) {
    encode gzip
    try_files {path} {path}.html
    php_fastcgi unix//var/run/php/php7.4-fpm.sock
    file_server
    handle_errors {
    rewrite * /{http.error.status_code}
    reverse_proxy https://http.cat
    }
    log {
    format console
    output file /var/log/caddy.log {
        roll_size 25mb
        roll_keep 20
        roll_keep_for 720h
    }
    }
}

(dns) {
    tls {
    dns digitalocean redacted
    }
}

(header-gen) {
    header {
    Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"
    X-XSS-Protection "1; mode=block"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "DENY"
    }
}

eiphax.tech {
    header {
    Strict-Transport-Security "max-age=31536000; preload"
    X-XSS-Protection "1; mode=block"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "DENY"
    }
    root * /var/www/eipdox
    import gen
}

facts.eiphax.tech {
    import header-gen
    root * /var/www/eipdox/facts
    import gen
}

soultrader.net.au {
    import header-gen
    root * /var/www/st
    import gen
}

blog.eiphax.tech {
    import header-gen
    root * /var/www/blog
    import gen
}

album.eiphax.tech {
    import header-gen
    root * /var/www/lychee/public
    import gen
}

bin.eiphax.tech {
    import header-gen
    root * /var/www/eipbin
    import gen
}

3ds.eiphax.tech {
    import header-gen
    root * /var/www/eipdox/3ds
    import gen
}

http://wiiu.eiphax.tech {
    root * /var/www/eipdox/wiiu
    import gen
}

https://wiiu.eiphax.tech {
    root * /var/www/eipdox/wiiu
    import gen
}

nx.eiphax.tech {
    import header-gen
    root * /var/www/eipdox/nx
    import gen
}

nintendohomebrew.com {
    header {
    Strict-Transport-Security "max-age=31536000; preload"
    X-XSS-Protection "1; mode=block"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "DENY"
    }
    root * /var/www/eipdox/nh
    import gen
}

http://bhax.nintendohomebrew.com {
    root * /var/www/bhax/web/nbhax
    try_files {path} {path}.html
    encode gzip
}

bfm.nintendohomebrew.com {
    import header-gen
    root * /var/www/eipdox/nh/seed
    reverse_proxy localhost:8082
    encode gzip
    file_server
    log {
    level error
    format console
    output file /var/log/bfm_error.log {
        roll_size 25mb
        roll_keep 20
        roll_keep_for 720h
    }
    }
}


http://part1dumper.nintendohomebrew.com https://part1dumper.nintendohomebrew.com {
    reverse_proxy localhost:8081
}

shitpost.lol {
    import header-gen
    root * /var/www/sp
    import gen
}

hacc.me please.hacc.me {
    import header-gen
    root * /var/www/hacc
    import gen
}

friigaemsworld.com {
    import header-gen
    root * /var/www/frigam
    import gen
}

uwu.tax {
    import header-gen
    root * /var/www/uwu
    import gen
}

conversation.id {
    import header-gen
    root * /var/www/conv
    import gen
}

puebes.com {
    import header-gen
    root * /var/www/puebes
    import gen
}

3. The problem I’m having:

I’m trying to politely ask Caddy to serve error images from https://http.cat in response to http errors.
It just seems to endlessly redirect and/or rewrites the status code to the base domain, rather than reverse proxying it to http.cat. See https://uwu.tax/thispagedoesnotexist.html for an example.

4. Error messages and/or full log output:

as above. caddy logs just contain the request:

1.60534013800369e+09	info	http.log.access.log17	handled request	{"request": {"remote_addr": "115.129.10.61:50530", "proto": "HTTP/2.0", "method": "GET", "host": "uwu.tax", "uri": "/404/ghost","headers": {"Sec-Fetch-Mode": ["navigate"], "Sec-Fetch-User": ["?1"], "Cache-Control": ["max-age=0"], "Dnt": ["1"], "Upgrade-Insecure-Requests": ["1"], "User-Agent": ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Sec-Fetch-Site": ["cross-site"], "Sec-Fetch-Dest": ["document"], "Accept-Encoding": ["gzip, deflate, br"], "Accept-Language": ["en-US,en;q=0.9"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "proto_mutual": true, "server_name": "uwu.tax"}}, "common_log": "115.129.10.61 - - [14/Nov/2020:18:48:58 +1100] \"GET /404/ghost HTTP/2.0\" 301 178", "duration": 0.0002685, "size": 178, "status": 301, "resp_headers": {"X-Frame-Options": ["DENY"], "X-Xss-Protection": ["1; mode=block"], "Date": ["Sat, 14 Nov 2020 07:48:57 GMT"], "Server": ["Caddy", "nginx/1.18.0 (Ubuntu)"], "Strict-Transport-Security": ["max-age=31536000; includeSubdomains; preload"], "Location": ["https://uwu.tax/404/ghost"], "Content-Type": ["text/html"], "X-Content-Type-Options": ["nosniff"], "Content-Length": ["178"]}}

5. What I already tried:

unfortunately i’m not fully sure what i’m doing, so i haven’t made any changes.

6. Links to relevant resources:

got the handle errors block from here

francislavoie · November 16, 2020, 1:43am

I think you might need to override the Host header when proxying to it. It likely expects the domain to match. By default, Caddy passes the Host of the original request through.

	handle_errors {
		rewrite * /{http.error.status_code}
		reverse_proxy https://http.cat {
			header_up Host http.cat
		}
	}

eip · November 16, 2020, 2:00am

Hi Francis,
Thanks for saving me again.

    handle_errors {
    rewrite * /{http.error.status_code}
    reverse_proxy https://http.cat {
    header_up Host http.cat
    }
    }

Could this example block be updated in the docs? It’s clearly not a massive issue, but may save an idiot like me in the future.

francislavoie · November 16, 2020, 2:21am

I recommend you use the caddy fmt command to fix the indentation in your config, it makes it much easier to read.

Also there is an example that should cover this already:

Set the upstream Host header to the address of the upstream (by default, it will retain its original, incoming value):

eip · November 16, 2020, 7:07am

Sorry… it’s formatted more for me, but I should probably get used to prettier formats.
I’m (now) aware of the example in reverse_proxy, I was more referring to the one in handle_errors, as it seems to me that for the error handler to work as exemplified it needs the extra Host directive.

system · December 14, 2020, 8:15am

This topic was automatically closed after 30 days. New replies are no longer allowed.