1. Caddy version (caddy version
):
v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=
2. How I run Caddy:
a. System environment:
Windows 8, running it from powerShell, installed with choco
b. Command:
xcaddy run
c. Service/unit/compose file:
Not relevant here
d. My complete Caddyfile or JSON config:
# That's global config thingy
{
# Without this, caddy binds to port 80, not the one stated for some reason
auto_https disable_redirects
}
# Where we listen
https://:8443 {
# I think this adds certificates?
tls E:\patht\cert.pem E:\path\key.pem
# Actual proxy
reverse_proxy {
# Where do we reroute, new endpoint/worker is entered after a space
to https://localhost:8444
# Load balancing policy, it's a custom one
lb_policy ww3token
# That's for certificates to work, but this works on dev
transport http {
tls_client_auth E:\path\cert.pem E:\path\key.pem
tls tls_insecure_skip_verify
}
}
}
3. The problem I’m having:
I get TLS handshake error when sending following request
curl -X post -v --insecure https://localhost:8443/authenticate/debug
4. Error messages and/or full log output:
Caddy error:
{"level":"error","ts":1649768326.5529923,"logger":"http.log.error","msg":"tls: first record does not look like a TLS handshake","request":{"remote_addr":"[::1]:56321","proto":"HTTP/2.0","method":"post","host":"localhost:8443","uri":"/authenticate/debug","headers":{"User-Agent":["curl/7.70.0"],"Accept":["*/*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"localhost"}},"duration":0.0012266,"status":502,"err_id":"ent9um9km","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
Curl log
$ curl -X post -v --insecure https://localhost:8443/authenticate/debug
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying ::1:8443...
* Connected to localhost (::1) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: C:/Users/jniesyto/AppData/Local/Programs/Git/mingw64/ssl/certs/ca-bundle.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [1451 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [520 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=example.org; C=US; ST=Virginia; L=Blacksburg; O=Test; OU=Test
* start date: Mar 14 11:22:19 2022 GMT
* expire date: Mar 14 11:22:19 2023 GMT
* issuer: CN=example.org; C=US; ST=Virginia; L=Blacksburg; O=Test; OU=Test
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0xe61380)
} [5 bytes data]
> post /authenticate/debug HTTP/2
> Host: localhost:8443
> user-agent: curl/7.70.0
> accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [130 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
} [5 bytes data]
< HTTP/2 502
< server: Caddy
< content-length: 0
< date: Tue, 12 Apr 2022 12:58:46 GMT
<
{ [0 bytes data]
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Connection #0 to host localhost left intact
5. What I already tried:
As I’ve found on this forum, it could mean that client sends http request while server is expecting an https request. The problem is that as you can see in my curl, and caddy config, I do send https requests, and my server is made with node’s https
library, so it does expect HTTPS. I’m at a loss now, don’t know where the issue is