How to increase timeout for a request beyond 10 seconds

darkweak · November 22, 2023, 9:19am

You’re running the cache in debug mode (log_level debug directive).
About the hit TTL issue, I can’t explain that and I don’t know how to reproduce because on the CI tests I ensure the computed TTL is the right one.

francislavoie · November 22, 2023, 9:56am

Use the log directive with no block/options inside of your site, which makes the logger write to the default logger.

In your global options you configured the global logger (by not providing a name) which writes to an access.log file, which is named incorrectly because the default logger doesn’t write access logs (unless you use the log directive inside of a site – it configures runtime logs, i.e. everything else).

Look for http.log.access logs, which are access logs. They should be written for all requests, even ones which the cache module intercepts.

Big · November 22, 2023, 10:54pm

I bamboozled myself.
I did run caddy via caddy run --config /etc/caddy/Caddyfile and then pressed ctrl+c so I could faster test different configs but I did not notice that if caddy did not cleanly shutdown the next instance would happily start even though there was already one caddy instance running.
First I did expect that ctrl+c would actually kill it and second that it would instead of starting error out with port is already in use both is not the case.
That explains also why I got different ttls and requests would not end up in the log, they were answered by a instance with a much older config.
I’m very sorry and thank you everybody for your help.

Big · December 4, 2023, 8:35am

Since I did ask multiple questions and the thread title is not really suiting all this anymore I will post here my complete webserver configs I run currently if somebodys finds this via google.
Please be aware this is configured to my personal taste and may doesn’t make sense in a future (also I run this on a pretty slow OpenWRT device, so I’m not even sure if this would work on a Debian or CentOS), so it is more a start point for a personal config and less suited to use as copy and paste.

caddyfile

# Caddy binary download from https://caddyserver.com/download with cache-handler and brotli
{
	admin off
	cache
	order cache before rewrite
}

http:// {
	bind unix//tmp/caddy|600
	cache {
		#log_level debug
		ttl 168h
		stale 168h
		#mode bypass
		#default_cache_control public
		timeout {
			backend 1m
			cache 1m
		}
	}
	encode {
		br 11
	}
	#header -Cache-Control
	#header Cache-Control max-age=604800
	reverse_proxy {
		#	verbose_logs
		#	header_down -Cache-Control
		#	header_up -Cache-Control
		to 10.0.5.2:32400
	}
}

my nginx is build with headers more and quic
add to your nginx.conf

http {

	##
	# Keep alive setting
	#

    	map $http_upgrade $connection_upgrade {
        	default upgrade;
        ''      close;
	}
[...]

nginx vhost

upstream plex {
        server 10.0.5.2:32400;
        keepalive 120;
}

upstream caddy {
        server unix:/tmp/caddy;
        keepalive 120;
}

server {

	listen 443 ssl;
	listen 443 quic;
	listen [::]:443 ssl;
	listen [::]:443 quic;
	add_header Alt-Svc 'h3=":443"; ma=86400' always;
	server_name plex.lan;

	##cert
	#ECC
	ssl_certificate /var/acme/plex.lan_ecc/fullchain.cer;
	ssl_certificate_key /var/acme/plex.lan_ecc/plex.lan.key;
	#RSA
	ssl_certificate /var/acme/plex.lan/fullchain.cer;
	ssl_certificate_key /var/acme/plex.lan/plex.lan.key;

	##Header
	#HSTS
	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
    	# Security / XSS Mitigation Headers
    	add_header X-Frame-Options "SAMEORIGIN";
	add_header Referrer-Policy "same-origin";
    	add_header X-XSS-Protection "1; mode=block";
    	add_header X-Content-Type-Options "nosniff";
	#No Searchengine Index
	add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;

	##OCSP settings
        ssl_stapling on;

        location ~* \.(?:css|js|json)$ {
		proxy_set_header Host Plex;
		proxy_pass_request_headers      off;
		proxy_set_header Accept-Encoding $http_accept_encoding;
		proxy_set_header Pragma $http_pragma;
                proxy_pass http://caddy;
		proxy_request_buffering off;
    		proxy_http_version 1.1;
    		proxy_set_header Upgrade $http_upgrade;
    		proxy_set_header Connection $connection_upgrade;
		proxy_max_temp_file_size 0;
		proxy_redirect off;
    		proxy_buffering off;
        }

        location / {
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-Proto $scheme;
                #proxy_set_header X-Real-IP $remote_addr;
                #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://plex;
		proxy_request_buffering off;
		proxy_set_header Accept-Encoding "";
		proxy_set_header Connection "";
    		proxy_http_version 1.1;
    		proxy_set_header Upgrade $http_upgrade;
    		proxy_set_header Connection $connection_upgrade;
		proxy_max_temp_file_size 0;
    		proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions;
    		proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key;
    		proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version;
		proxy_redirect off;
    		proxy_buffering off;
        }
}

Thank you francislavoie and darkweak for all your help

francislavoie · December 4, 2023, 10:23pm

I’m not sure why you’re using nginx at all in this setup, you could do all that with just Caddy, with way less config, and with TLS automation built in.

system · January 3, 2024, 10:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.