1. Caddy version (caddy version):
v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=
2. How I run Caddy:
a. System environment:
Docker with compose
b. Command:
docker-compose up -d
c. Service/unit/compose file:
version: "3"
services:
caddy:
build:
context: .
env_file: /srv/caddy/.env
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- /srv/caddy:/etc/caddy
- /var/www/html:/srv
- caddy-config:/config
- caddy-data:/data
networks:
- caddy
contrascrotive:
build:
context: /home/web/git/contrascrotive
env_file: /srv/caddy/.env
restart: unless-stopped
container_name: contrascrotive
ports:
- "8080:8080"
volumes:
- /srv/caddy:/data
networks:
- caddy
networks:
caddy:
external: true
volumes:
caddy-data:
external: true
caddy-config:
external: true
d. My complete Caddyfile or JSON config:
{
debug
}
(auth) {
jwtauth {
sign_key {$CDY_JWT_SECRET}
from_cookies jwt
issuer_whitelist https://scrote.gay
audience_whitelist https://scrote.gay
user_claims uid
}
}
scrote.gay {
root * /srv/scrote.gay
file_server {
index index.html
}
try_files {path}.html {path}
templates
encode gzip
handle /static/* {
file_server browse
}
handle /include/* {
file_server
templates
}
redir /shit /shit/
route /shit/* {
import auth
rewrite /shit/ /shit.html
rewrite /shit/* /tmpl.html
}
handle_errors {
rewrite * /error.html
templates
file_server
}
redir /login /auth/ 303
handle_path /auth/* {
rewrite / ?redirect={http.request.hostport}{http.request.url}
reverse_proxy contrascrotive:8080 {
@error status 500 403 400 404
handle_response @error {
root * /srv/scrote.gay
file_server
templates
rewrite * /error.html
}
}
}
}
3. The problem I’m having:
I’m running an oauth2 proxy alongside Caddy. During development it worked fine, I was able to authenticate and view pages without issue. Now whenever I try to go through the flow, I am met with an error when I am redirected back to my domain. On Firefox, I am met with a vague error saying “an error in the data transmission was detected.” On Edge and Chrome, I am redirected to “scrote.gay%3Cnil%3E.” I attempted to use cURL as well, but cannot click the button to authorize my Discord account, meaning I am unable to complete the flow.
My immediate guess is this is something to do with 1) the reverse_proxy 2) the software behind the RP 3) Discord or 4) DNS; I know, really got it nailed down there, huh. There was little to no help when googling the specific error, so I figured I would ask here before going to other parties.
4. Error messages and/or full log output:
{"level":"info","ts":1631047441.4211535,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1631047441.450877,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1631047441.4640837,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1631047441.46472,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1631047441.4647632,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1631047441.4738293,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1631047441.482527,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1631047441.49052,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000266930"}
{"level":"debug","ts":1631047441.4927998,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
{"level":"debug","ts":1631047441.4933662,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
{"level":"info","ts":1631047441.4933977,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["scrote.gay"]}
{"level":"debug","ts":1631047441.4968772,"logger":"tls","msg":"loading managed certificate","domain":"scrote.gay","expiration":1638559256,"issuer_key":"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/data/caddy"}
{"level":"info","ts":1631047441.5577848,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1631047441.558328,"msg":"serving initial configuration"}
{"level":"debug","ts":1631047444.8922288,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/srv/scrote.gay","request_path":"/auth","result":"/srv/scrote.gay/auth"}
{"level":"debug","ts":1631047444.8958368,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_addr":"174.72.115.237:56676","proto":"HTTP/2.0","method":"GET","host":"scrote.gay","uri":"/auth","headers":{"Sec-Fetch-Mode":["navigate"],"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Cookie":["jwt=[redacted jwt]"],"Upgrade-Insecure-Requests":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"scrote.gay"}},"method":"GET","uri":"/error.html"}
{"level":"debug","ts":1631047444.896564,"logger":"http.handlers.file_server","msg":"sanitized path join","site_root":"/srv/scrote.gay","request_path":"/error.html","result":"/srv/scrote.gay/error.html"}
{"level":"debug","ts":1631047444.897222,"logger":"http.handlers.file_server","msg":"opening file","filename":"/srv/scrote.gay/error.html"}
{"level":"debug","ts":1631047447.4086463,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_addr":"174.72.115.237:56676","proto":"HTTP/2.0","method":"GET","host":"scrote.gay","uri":"/auth/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["jwt=[redacted jwt]"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0"],"Accept-Language":["en-US,en;q=0.5"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"scrote.gay"}},"method":"GET","uri":"/"}
{"level":"debug","ts":1631047447.4088285,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_addr":"174.72.115.237:56676","proto":"HTTP/2.0","method":"GET","host":"scrote.gay","uri":"/","headers":{"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["jwt=[redacted jwt]"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-US,en;q=0.5"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"scrote.gay"}},"method":"GET","uri":"/?redirect=scrote.gay%3Cnil%3E"}
{"level":"debug","ts":1631047447.4159975,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"contrascrotive:8080","request":{"remote_addr":"174.72.115.237:56676","proto":"HTTP/2.0","method":"GET","host":"scrote.gay","uri":"/?redirect=scrote.gay%3Cnil%3E","headers":{"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Te":["trailers"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["jwt=[redacted jwt]"],"X-Forwarded-For":["174.72.115.237"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"scrote.gay"}},"headers":{"Location":["https://discord.com/api/oauth2/authorize?access_type=offline&client_id=882348152642998343&redirect_uri=https%3A%2F%2Fscrote.gay%2Fauth%2Fcallback&response_type=code&scope=identify+guilds&state=c49c799d-9f62-4b30-8cfc-d1ba6f45daa0"],"Date":["Tue, 07 Sep 2021 20:44:07 GMT"],"Content-Length":["276"],"Content-Type":["text/html; charset=utf-8"]},"status":303}
{"level":"debug","ts":1631047449.702364,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_addr":"174.72.115.237:56676","proto":"HTTP/2.0","method":"GET","host":"scrote.gay","uri":"/auth/callback?code=8XcIETTiS9KFJaFtI8NgFmZ4ULeX8I&state=c49c799d-9f62-4b30-8cfc-d1ba6f45daa0","headers":{"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["cross-site"],"Te":["trailers"],"Accept-Language":["en-US,en;q=0.5"],"Dnt":["1"],"Referer":["https://discord.com/"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["jwt=[redacted jwt]"],"Sec-Fetch-User":["?1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"scrote.gay"}},"method":"GET","uri":"/callback?code=8XcIETTiS9KFJaFtI8NgFmZ4ULeX8I&state=c49c799d-9f62-4b30-8cfc-d1ba6f45daa0"}
{"level":"debug","ts":1631047450.0305624,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"contrascrotive:8080","request":{"remote_addr":"174.72.115.237:56676","proto":"HTTP/2.0","method":"GET","host":"scrote.gay","uri":"/callback?code=8XcIETTiS9KFJaFtI8NgFmZ4ULeX8I&state=c49c799d-9f62-4b30-8cfc-d1ba6f45daa0","headers":{"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-User":["?1"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Te":["trailers"],"X-Forwarded-For":["174.72.115.237"],"Accept-Language":["en-US,en;q=0.5"],"Dnt":["1"],"Referer":["https://discord.com/"],"Cookie":["jwt=[redacted jwt]"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"scrote.gay"}},"headers":{"Content-Type":["text/html; charset=utf-8"],"Location":["https://scrote.gay<nil>"],"Set-Cookie":["jwt=[redacted jwt]; Path=/; Domain=scrote.gay; Expires=Thu, 07 Oct 2021 20:44:10 GMT; HttpOnly; Secure"],"Date":["Tue, 07 Sep 2021 20:44:10 GMT"],"Content-Length":["56"]},"status":303}
{"level":"debug","ts":1631049226.2613008,"logger":"http.stdlib","msg":"http: TLS handshake error from 69.247.154.221:58296: no certificate available for 'vast.doubleverify.com'"}
5. What I already tried:
I’ve given each container a restart, I’ve cleared cache & tried various browsers. I disabled parts of the proxy; i.e. strict site cookie option (saw that briefly mentioned somewhere). I’ve had others off of my network verify they have the same issue. I’m not entirely sure what exactly to do because of how vague the error is.