Handle and handle_path

HarterHorst · October 26, 2025, 11:40pm

1. The problem I’m having:

I have a working Caddy configuration where Caddy acts as a reverse proxy for my mediawiki site.
=> See working config below

Now I’d like to add more services and I’d like Caddy to route the traffic based on path information in the URI. The above mentions service should run under /wiki. So when I enter cs.domain.net/wiki I excepted the same behaviour as with the running configuration without the /wiki.
=> See not working config below

Now I just see a white page. I expected handle_path to remove the /wiki and work as the first configuration did.

2. Error messages and/or full log output:

White Screen in Browser

3. Caddy version:

Caddy version: v2.10.2

4. How I installed and ran Caddy:

Caddy runs in a docker container.

a. System environment:

Docker.

b. Service/unit/compose file:

networks:
  proxy:
    external: true

services:
  caddy:
    image: caddy:latest
    container_name: caddy
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    environment:
      - TZ=Europe/Berlin
    volumes:
      - ./conf:/etc/caddy
      - ./site:/srv
      - caddy_data:/data
      - caddy_config:/config
    networks:
      proxy:
        ipv4_address: 172.28.0.2
      
volumes:
  caddy_data:
    external: true
  caddy_config:
    external: true

d. My complete Caddy config:

// Working with https://cs.domain.net

cs.domain.net {
    route {
        basic_auth {
            admin <…>
        }
        reverse_proxy mediawiki:80
    }
}
:80 {
    redir https://{host}{uri}
}

// Not working with https://cs.domain.net/wiki

cs.horstland.net {
	route {
		basic_auth {
			admin <...>
		}
		handle_path /wiki/* {
		    reverse_proxy mediawiki:80
		}
	}
}

:80 {
	redir https://{host}{uri}
}

timelordx · October 27, 2025, 12:58am

Can you post curl -v command response?

Edit: also this

HarterHorst · October 28, 2025, 9:46am

Thanks for the fast reply. Here is the curl output. I changed the domain name to domain.net and the IP addresses as well. As far as I can see, the prefix /wiki has not been removed as expected from handle_path command, right?

 curl -v https://cs.domain.net/wiki

* Host cs.domain.net:443 was resolved.
* IPv6: (none)
* IPv4: 355.355.240.83
*   Trying 355.355.240.83:443...
* Connected to cs.domain.net (355.355.240.83) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=cs.domain.net
*  start date: Oct 24 21:01:19 2025 GMT
*  expire date: Jan 22 21:01:18 2026 GMT
*  subjectAltName: host "cs.domain.net" matched cert's "cs.domain.net"
*  issuer: C=US; O=Let's Encrypt; CN=E7
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://cs.domain.net/wiki
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: cs.domain.net]
* [HTTP/2] [1] [:path: /wiki]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> GET /wiki HTTP/2
> Host: cs.domain.net
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/2 401 
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< www-authenticate: Basic realm="restricted"
< content-length: 0
< date: Mon, 27 Oct 2025 10:06:59 GMT
< 
* Connection #0 to host cs.domain.net left intact

Working Config without handle_path.

curl -v https://cs.horstland.net     

<... same ...>

*  issuer: C=US; O=Let's Encrypt; CN=E7
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://cs.domain.net/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: cs.domain.net]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: cs.domain.net
> User-Agent: curl/8.7.1
> Accept: */*
> 
* Request completely sent off
< HTTP/2 401 
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< www-authenticate: Basic realm="restricted"
< content-length: 0
< date: Mon, 27 Oct 2025 10:14:02 GMT
< 
* Connection #0 to host cs.domain.net left intact

I tried handle with uri strip_prefix and I still get /wiki HTTP/2 in curl.

cs.domain.net {
        route {
                basic_auth {
                        admin <...>
                }
                handle /wiki/* {
                        uri strip_prefix /wiki
                        reverse_proxy mediawiki:80
                }
        }
}

timelordx · October 28, 2025, 8:31pm

Thanks, but these are all returning 401 errors - curl isn’t sending credentials. Could you update it to include them so the site actually responds? Feel free to redact the credentials from the output.