1. Caddy version (caddy version
):
v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=
2. How I run Caddy:
a. System environment:
HOST: Ubuntu 22.04 LTS
Docker: Docker version 20.10.16, build aa7e414
b. Command:
docker compose up -d
c. Service/unit/compose file:
caddy:
container_name: caddy
image: cr.hotio.dev/hotio/caddy
<<: *security-restart
cap_add:
- NET_ADMIN
networks:
traefik_proxy:
ports:
- "80:8080"
- "443:8443"
environment:
<<: *default-tz-puid-pgid
CUSTOM_BUILD: "/config/caddy_custom"
FILE__CF_API_KEY: /run/secrets/cloudflare_zone_token
DOMAINNAME: ${DOMAINNAME}
volumes:
- $DOCKERDIR/caddy:/config
secrets:
- cloudflare_zone_token
labels:
## Watchtower
- *watchtower
d. My complete Caddyfile or JSON config:
{
http_port 8080
https_port 8443
email REDACTED
}
(auth) {
forward_auth authelia:9091 {
uri /api/verify?rd=https://auth.{$DOMAINNAME}
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
}
*.{$DOMAINNAME}, {$DOMAINNAME} {
tls {
dns cloudflare {$CF_API_KEY}
}
@authelia host auth.{$DOMAINNAME}
handle @authelia {
reverse_proxy authelia:9091
}
@sonarr host sonarr.REDACTED
handle @sonarr {
import auth
reverse_proxy sonarr:8989
}
# Fallback for otherwise unhandled domains
handle {
abort
}
}
3. The problem I’m having:
I am trying to use authelia to authenticate access to some of my sites.
When access one of those sites I get redirected to authelia.
The problem seems to be the URL rewrite redirects authelia to site to authelia to site, on a loop.
https://auth.REDACTED/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET,%20https://auth.REDACTED/?rd=https://sonarr.REDACTED/,GET*
The urls without the import auth
seem to work.
4. Error messages and/or full log output:
caddy | Server ready
caddy | {"level":"debug","ts":1653470746.3097873,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"home.REDACTED"}
caddy | {"level":"debug","ts":1653470746.309861,"logger":"tls.handshake","msg":"choosing certificate","identifier":"*.REDACTED","num_choices":1}
caddy | {"level":"debug","ts":1653470746.3099043,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"*.REDACTED","subjects":["*.REDACTED"],"managed":true,"issuer_key":"acme.zerossl.com-v2-DV90","hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470746.309929,"logger":"tls.handshake","msg":"matched certificate in cache","subjects":["*.REDACTED"],"managed":true,"expiration":1661212799,"hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470746.3185263,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"hermes.local:8123","total_upstreams":1}
caddy | {"level":"debug","ts":1653470746.3207893,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"hermes.local:8123","duration":0.002223922,"request":{"remote_ip":"192.168.2.2","remote_port":"53816","proto":"HTTP/1.1","method":"GET","host":"home.REDACTED","uri":"/api/websocket","headers":{"Sec-Websocket-Key":["/LSeYa+/hGeo3Yw4lNlNog=="],"Upgrade":["websocket"],"Sec-Websocket-Extensions":["permessage-deflate; client_max_window_bits"],"X-Forwarded-For":["192.168.2.2"],"Sec-Websocket-Version":["13"],"Connection":["Upgrade"],"User-Agent":[""],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["home.REDACTED"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"home.REDACTED"}},"headers":{"Sec-Websocket-Accept":["6SD/XKkta7b+c6z16n4ECgwGwBA="],"Sec-Websocket-Extensions":["permessage-deflate"],"Content-Type":["application/octet-stream"],"Date":["Wed, 25 May 2022 09:25:46 GMT"],"Server":["Python/3.9 aiohttp/3.8.1"],"Upgrade":["websocket"],"Connection":["upgrade"]},"status":101}
caddy | {"level":"debug","ts":1653470746.3208344,"logger":"http.handlers.reverse_proxy","msg":"upgrading connection","upstream":"hermes.local:8123","duration":0.002223922,"request":{"remote_ip":"192.168.2.2","remote_port":"53816","proto":"HTTP/1.1","method":"GET","host":"home.REDACTED","uri":"/api/websocket","headers":{"Sec-Websocket-Key":["/LSeYa+/hGeo3Yw4lNlNog=="],"Upgrade":["websocket"],"Sec-Websocket-Extensions":["permessage-deflate; client_max_window_bits"],"X-Forwarded-For":["192.168.2.2"],"Sec-Websocket-Version":["13"],"Connection":["Upgrade"],"User-Agent":[""],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["home.REDACTED"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"home.REDACTED"}}}
caddy | {"level":"debug","ts":1653470770.5857382,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"rss.REDACTED"}
caddy | {"level":"debug","ts":1653470770.5858128,"logger":"tls.handshake","msg":"choosing certificate","identifier":"*.REDACTED","num_choices":1}
caddy | {"level":"debug","ts":1653470770.585857,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"*.REDACTED","subjects":["*.REDACTED"],"managed":true,"issuer_key":"acme.zerossl.com-v2-DV90","hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470770.5858862,"logger":"tls.handshake","msg":"matched certificate in cache","subjects":["*.REDACTED"],"managed":true,"expiration":1661212799,"hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470770.714744,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"freshrss:80","total_upstreams":1}
caddy | {"level":"debug","ts":1653470770.7502217,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"freshrss:80","duration":0.035418721,"request":{"remote_ip":"172.70.127.23","remote_port":"12762","proto":"HTTP/2.0","method":"POST","host":"rss.REDACTED","uri":"/api/pshb.php?k=cf740a2ea636ebd5ba159c8fe3000848edf1d903","headers":{"User-Agent":["FeedFetcher-Google; (+http://www.google.com/feedfetcher.html)"],"From":["googlebot(at)googlebot.com"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Content-Length":["3521"],"Cf-Ipcountry":["US"],"Accept-Encoding":["gzip"],"Cdn-Loop":["cloudflare"],"Accept":["*/*"],"Link":["<http://feeds.feedburner.com/expresso-geral>; rel=self, <http://pubsubhubbub.appspot.com/>; rel=hub"],"Cf-Ray":["710d3a5b0f252b03-ORD"],"Content-Type":["application/rss+xml"],"Pragma":["no-cache"],"X-Forwarded-For":["172.70.127.23"],"Cache-Control":["no-cache,max-age=0"],"Cf-Connecting-Ip":["74.125.212.87"],"X-Forwarded-Host":["rss.REDACTED"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"rss.REDACTED"}},"headers":{"X-Content-Type-Options":["nosniff"],"Expires":["Thu, 19 Nov 1981 08:52:00 GMT"],"Pragma":["no-cache"],"Set-Cookie":[],"Date":["Wed, 25 May 2022 09:26:10 GMT"],"Server":["Apache/2.4.52 (Debian)"],"Cache-Control":["no-store, no-cache, must-revalidate"],"Content-Length":["8"],"Content-Type":["text/plain; charset=UTF-8"]},"status":200}
caddy | {"level":"debug","ts":1653470777.5129185,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"auth.REDACTED"}
caddy | {"level":"debug","ts":1653470777.5129862,"logger":"tls.handshake","msg":"choosing certificate","identifier":"*.REDACTED","num_choices":1}
caddy | {"level":"debug","ts":1653470777.513017,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"*.REDACTED","subjects":["*.REDACTED"],"managed":true,"issuer_key":"acme.zerossl.com-v2-DV90","hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470777.513038,"logger":"tls.handshake","msg":"matched certificate in cache","subjects":["*.REDACTED"],"managed":true,"expiration":1661212799,"hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470777.5604498,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"authelia:9091","total_upstreams":1}
caddy | {"level":"debug","ts":1653470777.5636759,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"authelia:9091","duration":0.003077199,"request":{"remote_ip":"172.70.85.12","remote_port":"46836","proto":"HTTP/2.0","method":"GET","host":"auth.REDACTED","uri":"/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET,%20https://auth.REDACTED/?rd=https://sonarr.REDACTED/,GET","headers":{"Accept-Encoding":["gzip"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15"],"Cdn-Loop":["cloudflare"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept-Language":["en-GB,en;q=0.9"],"Cookie":[],"Cf-Connecting-Ip":["188.251.234.206"],"Cf-Ray":["710d3a86fe0f7779-LHR"],"X-Forwarded-Host":["auth.REDACTED"],"Cf-Ipcountry":["PT"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"X-Forwarded-For":["172.70.85.12"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"auth.REDACTED"}},"headers":{"X-Content-Type-Options":["nosniff"],"Referrer-Policy":["strict-origin-when-cross-origin"],"X-Xss-Protection":["1; mode=block"],"Content-Type":["text/html; charset=utf-8"],"X-Frame-Options":["SAMEORIGIN"],"Content-Length":["984"],"Content-Security-Policy":["default-src 'self'; object-src 'none'; style-src 'self' 'nonce-QrK1nRM44DATyx6OHD4YBHrk6qJGeswt'"],"Date":["Wed, 25 May 2022 09:26:17 GMT"],"Permissions-Policy":["interest-cohort=()"]},"status":200}
caddy | {"level":"debug","ts":1653470777.8850877,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"authelia:9091","total_upstreams":1}
caddy | {"level":"debug","ts":1653470777.8860686,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"authelia:9091","duration":0.000827772,"request":{"remote_ip":"172.70.85.12","remote_port":"46836","proto":"HTTP/2.0","method":"GET","host":"auth.REDACTED","uri":"/locales/en-GB/portal.json","headers":{"Cookie":[],"Cdn-Loop":["cloudflare"],"Referer":["https://auth.REDACTED/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET,%20https://auth.REDACTED/?rd=https://sonarr.REDACTED/,GET"],"X-Forwarded-For":["172.70.85.12"],"Accept-Encoding":["gzip"],"X-Forwarded-Host":["auth.REDACTED"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15"],"Accept":["*/*"],"Cf-Ipcountry":["PT"],"Cf-Ray":["710d3a899c277779-LHR"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Connecting-Ip":["188.251.234.206"],"Accept-Language":["en-GB,en;q=0.9"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"auth.REDACTED"}},"headers":{"Date":["Wed, 25 May 2022 09:26:17 GMT"],"Content-Type":["application/json"],"Content-Length":["2"]},"status":200}
caddy | {"level":"debug","ts":1653470777.924567,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"auth.REDACTED"}
caddy | {"level":"debug","ts":1653470777.9246006,"logger":"tls.handshake","msg":"choosing certificate","identifier":"*.REDACTED","num_choices":1}
caddy | {"level":"debug","ts":1653470777.9246156,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"*.REDACTED","subjects":["*.REDACTED"],"managed":true,"issuer_key":"acme.zerossl.com-v2-DV90","hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470777.9246256,"logger":"tls.handshake","msg":"matched certificate in cache","subjects":["*.REDACTED"],"managed":true,"expiration":1661212799,"hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470777.9681606,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"authelia:9091","total_upstreams":1}
caddy | {"level":"debug","ts":1653470777.968669,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"authelia:9091","duration":0.000426621,"request":{"remote_ip":"172.70.85.12","remote_port":"46838","proto":"HTTP/2.0","method":"GET","host":"auth.REDACTED","uri":"/locales/en/portal.json","headers":{"Accept-Encoding":["gzip"],"X-Forwarded-Host":["auth.REDACTED"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15"],"Accept":["*/*"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Referer":["https://auth.REDACTED/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET,%20https://auth.REDACTED/?rd=https://sonarr.REDACTED/,GET"],"Cf-Connecting-Ip":["188.251.234.206"],"X-Forwarded-For":["172.70.85.12"],"Cdn-Loop":["cloudflare"],"Accept-Language":["en-GB,en;q=0.9"],"Cf-Ray":["710d3a89ac2b7779-LHR"],"Cookie":[],"Cf-Ipcountry":["PT"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"auth.REDACTED"}},"headers":{"Content-Type":["application/json"],"Content-Length":["4567"],"Date":["Wed, 25 May 2022 09:26:17 GMT"]},"status":200}
caddy | {"level":"debug","ts":1653470778.0662272,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"authelia:9091","total_upstreams":1}
caddy | {"level":"debug","ts":1653470778.0699468,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"authelia:9091","duration":0.003562055,"request":{"remote_ip":"172.70.85.12","remote_port":"46836","proto":"HTTP/2.0","method":"GET","host":"auth.REDACTED","uri":"/api/state","headers":{"Cf-Ipcountry":["PT"],"Cf-Ray":["710d3a8abe6d7779-LHR"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15"],"Cf-Connecting-Ip":["188.251.234.206"],"Accept-Encoding":["gzip"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cdn-Loop":["cloudflare"],"Accept-Language":["en-GB,en;q=0.9"],"Referer":["https://auth.REDACTED/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET,%20https://auth.REDACTED/?rd=https://sonarr.REDACTED/,GET"],"X-Forwarded-For":["172.70.85.12"],"Cookie":[],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["auth.REDACTED"],"Accept":["application/json, text/plain, */*"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"auth.REDACTED"}},"headers":{"Content-Type":["application/json"],"Referrer-Policy":["strict-origin-when-cross-origin"],"X-Xss-Protection":["1; mode=block"],"Cache-Control":["no-store"],"Content-Security-Policy":["default-src 'none';"],"Date":["Wed, 25 May 2022 09:26:17 GMT"],"Content-Length":["114"],"X-Content-Type-Options":["nosniff"],"Permissions-Policy":["interest-cohort=()"],"X-Frame-Options":["SAMEORIGIN"],"Pragma":["no-cache"]},"status":200}
caddy | {"level":"debug","ts":1653470779.5718422,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"sonarr.REDACTED"}
caddy | {"level":"debug","ts":1653470779.571907,"logger":"tls.handshake","msg":"choosing certificate","identifier":"*.REDACTED","num_choices":1}
caddy | {"level":"debug","ts":1653470779.5719378,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"*.REDACTED","subjects":["*.REDACTED"],"managed":true,"issuer_key":"acme.zerossl.com-v2-DV90","hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470779.5719588,"logger":"tls.handshake","msg":"matched certificate in cache","subjects":["*.REDACTED"],"managed":true,"expiration":1661212799,"hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470779.6152956,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"authelia:9091","total_upstreams":1}
caddy | {"level":"debug","ts":1653470779.6196089,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"authelia:9091","duration":0.004174684,"request":{"remote_ip":"172.70.162.3","remote_port":"20370","proto":"HTTP/2.0","method":"GET","host":"sonarr.REDACTED","uri":"/api/verify?rd=https://auth.REDACTED","headers":{"Cf-Connecting-Ip":["188.251.234.206"],"Accept-Encoding":["gzip"],"X-Forwarded-Uri":["/"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Ray":["710d3a93dc0074b5-LHR"],"Accept-Language":["en-GB,en;q=0.9"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"X-Forwarded-For":["172.70.162.3"],"X-Forwarded-Method":["GET"],"Cookie":[],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15"],"Cf-Ipcountry":["PT"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["sonarr.REDACTED"],"Cdn-Loop":["cloudflare"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"sonarr.REDACTED"}},"headers":{"Referrer-Policy":["strict-origin-when-cross-origin"],"Permissions-Policy":["interest-cohort=()"],"Pragma":["no-cache"],"Content-Security-Policy":["default-src 'none';"],"Content-Type":["text/html"],"Content-Length":["91"],"X-Content-Type-Options":["nosniff"],"Cache-Control":["no-store"],"Location":["https://auth.REDACTED/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET"],"Date":["Wed, 25 May 2022 09:26:19 GMT"],"X-Frame-Options":["SAMEORIGIN"],"X-Xss-Protection":["1; mode=block"]},"status":302}
caddy | {"level":"debug","ts":1653470779.619637,"logger":"http.handlers.reverse_proxy","msg":"handling response","handler":1}
caddy | {"level":"debug","ts":1653470779.7882504,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"auth.REDACTED"}
caddy | {"level":"debug","ts":1653470779.7883086,"logger":"tls.handshake","msg":"choosing certificate","identifier":"*.REDACTED","num_choices":1}
caddy | {"level":"debug","ts":1653470779.7883344,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"*.REDACTED","subjects":["*.REDACTED"],"managed":true,"issuer_key":"acme.zerossl.com-v2-DV90","hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470779.7883508,"logger":"tls.handshake","msg":"matched certificate in cache","subjects":["*.REDACTED"],"managed":true,"expiration":1661212799,"hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470779.835014,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"authelia:9091","total_upstreams":1}
caddy | {"level":"debug","ts":1653470779.8370538,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"authelia:9091","duration":0.000800133,"request":{"remote_ip":"172.70.91.69","remote_port":"37938","proto":"HTTP/2.0","method":"GET","host":"auth.REDACTED","uri":"/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET,%20https://auth.REDACTED/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET","headers":{"Accept-Language":["en-GB,en;q=0.9"],"Accept-Encoding":["gzip"],"Cf-Ipcountry":["PT"],"X-Forwarded-For":["172.70.91.69"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15"],"Cookie":[],"Cf-Connecting-Ip":["188.251.234.206"],"Cdn-Loop":["cloudflare"],"Cf-Ray":["710d3a95191672f1-LHR"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"X-Forwarded-Host":["auth.REDACTED"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"auth.REDACTED"}},"headers":{"Content-Type":["text/html; charset=utf-8"],"Content-Length":["984"],"X-Xss-Protection":["1; mode=block"],"X-Frame-Options":["SAMEORIGIN"],"Referrer-Policy":["strict-origin-when-cross-origin"],"Date":["Wed, 25 May 2022 09:26:19 GMT"],"X-Content-Type-Options":["nosniff"],"Content-Security-Policy":["default-src 'self'; object-src 'none'; style-src 'self' 'nonce-8oG3KlWfJvalCU1aF73d9L8LZ0xhp0js'"],"Permissions-Policy":["interest-cohort=()"]},"status":200}
caddy | {"level":"debug","ts":1653470780.1711898,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"authelia:9091","total_upstreams":1}
caddy | {"level":"debug","ts":1653470780.172191,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"authelia:9091","duration":0.00084447,"request":{"remote_ip":"172.70.91.69","remote_port":"37938","proto":"HTTP/2.0","method":"GET","host":"auth.REDACTED","uri":"/locales/en/portal.json","headers":{"X-Forwarded-Host":["auth.REDACTED"],"Accept":["*/*"],"Cookie":[],"Accept-Encoding":["gzip"],"Cf-Ipcountry":["PT"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept-Language":["en-GB,en;q=0.9"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15"],"X-Forwarded-For":["172.70.91.69"],"Cf-Ray":["710d3a97ecf972f1-LHR"],"Cf-Connecting-Ip":["188.251.234.206"],"Referer":["https://auth.REDACTED/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET,%20https://auth.REDACTED/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET"],"Cdn-Loop":["cloudflare"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"auth.REDACTED"}},"headers":{"Content-Type":["application/json"],"Date":["Wed, 25 May 2022 09:26:19 GMT"],"Content-Length":["4567"]},"status":200}
caddy | {"level":"debug","ts":1653470780.204234,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"auth.REDACTED"}
caddy | {"level":"debug","ts":1653470780.2042572,"logger":"tls.handshake","msg":"choosing certificate","identifier":"*.REDACTED","num_choices":1}
caddy | {"level":"debug","ts":1653470780.2042685,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"*.REDACTED","subjects":["*.REDACTED"],"managed":true,"issuer_key":"acme.zerossl.com-v2-DV90","hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470780.204275,"logger":"tls.handshake","msg":"matched certificate in cache","subjects":["*.REDACTED"],"managed":true,"expiration":1661212799,"hash":"f8bb1eea9a72c78193f920cd22bc39222bbef6baa7702d604f6626ddb53da666"}
caddy | {"level":"debug","ts":1653470780.2477152,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"authelia:9091","total_upstreams":1}
caddy | {"level":"debug","ts":1653470780.2484026,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"authelia:9091","duration":0.000587786,"request":{"remote_ip":"172.70.91.69","remote_port":"37940","proto":"HTTP/2.0","method":"GET","host":"auth.REDACTED","uri":"/locales/en-GB/portal.json","headers":{"Accept-Encoding":["gzip"],"Cf-Connecting-Ip":["188.251.234.206"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15"],"Cdn-Loop":["cloudflare"],"X-Forwarded-Host":["auth.REDACTED"],"X-Forwarded-For":["172.70.91.69"],"Accept-Language":["en-GB,en;q=0.9"],"Referer":["https://auth.REDACTED/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET,%20https://auth.REDACTED/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET"],"Cf-Ipcountry":["PT"],"Cf-Ray":["710d3a97ecee72f1-LHR"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept":["*/*"],"Cookie":[]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"auth.REDACTED"}},"headers":{"Date":["Wed, 25 May 2022 09:26:20 GMT"],"Content-Type":["application/json"],"Content-Length":["2"]},"status":200}
caddy | {"level":"debug","ts":1653470780.3435001,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"authelia:9091","total_upstreams":1}
caddy | {"level":"debug","ts":1653470780.3450894,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"authelia:9091","duration":0.001497116,"request":{"remote_ip":"172.70.91.69","remote_port":"37938","proto":"HTTP/2.0","method":"GET","host":"auth.REDACTED","uri":"/api/state","headers":{"Cf-Connecting-Ip":["188.251.234.206"],"Cdn-Loop":["cloudflare"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Referer":["https://auth.REDACTED/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET,%20https://auth.REDACTED/?rd=https%3A%2F%2Fsonarr.REDACTED%2F&rm=GET"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15"],"Accept":["application/json, text/plain, */*"],"Cf-Ray":["710d3a98fe9a72f1-LHR"],"Accept-Language":["en-GB,en;q=0.9"],"Accept-Encoding":["gzip"],"X-Forwarded-For":["172.70.91.69"],"X-Forwarded-Proto":["https"],"Cf-Ipcountry":["PT"],"Cookie":[],"X-Forwarded-Host":["auth.REDACTED"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"auth.REDACTED"}},"headers":{"X-Frame-Options":["SAMEORIGIN"],"X-Xss-Protection":["1; mode=block"],"Cache-Control":["no-store"],"Content-Security-Policy":["default-src 'none';"],"Content-Type":["application/json"],"Content-Length":["114"],"X-Content-Type-Options":["nosniff"],"Pragma":["no-cache"],"Date":["Wed, 25 May 2022 09:26:20 GMT"],"Referrer-Policy":["strict-origin-when-cross-origin"],"Permissions-Policy":["interest-cohort=()"]},"status":200}
5. What I already tried:
I can get it to work if I don’t use the *.{$DOMAINNAME} block. But that means each subdomain needs a cert.
Is there a workaround?
Am I using it wrong?
6. Links to relevant resources:
I don’t have any relevant links