1. Caddy version :
v2.1.1 h1:X9k1+ehZPYYrSqBvf/ocUgdLSRIuiNiMo7CvyGUQKeA=
2. How I run Caddy:
a. System environment:
Linux 4.18.0-147.5.1.el8_1.x86_64
b. Command:
./caddy run -config caddy.json
c. Service/unit/compose file:
None
d. My complete Caddyfile or JSON config:
{
"admin": {
"disabled": true
},
"logging": {
"logs": {
"default": {
"writer": {
"output": "file",
"filename": "caddy.log",
"roll": true,
"roll_size_mb": 5,
"roll_gzip": true,
"roll_local_time": true,
"roll_keep": 50,
"roll_keep_days": 90
},
"encoder": {
"format": "console"
},
"level": "DEBUG"
}
}
},
"storage": {
"module": "file_system",
"root": "data"
},
"apps": {
"http": {
"http_port": 9442,
"https_port": 9443,
"servers": {
"my-server": {
"listen": [
"0.0.0.0:443"
],
"automatic_https": {
"disable": true
},
"strict_sni_host": false,
"routes": [{
"match": [{
"path": ["/server/*"]
}],
"handle": [{
"handler": "rewrite",
"strip_path_prefix": "/server"
},
{
"handler": "reverse_proxy",
"buffer_requests": false,
"transport": {
"protocol": "http",
"tls": {
"insecure_skip_verify": true
}
},
"upstreams": [{
"dial": "127.0.0.1:8443"
}]
}],
"terminal": true
}, {
"match": [{"path":["/api/*"]}],
"handle": [{
"handler": "reverse_proxy",
"buffer_requests": false,
"transport": {
"protocol": "http",
"tls": {
"insecure_skip_verify": true
}
},
"upstreams": [{
"dial": "127.0.0.1:8444"
}]
}],
"terminal": true
}, {
"match": [{
"path": ["*"]
}],
"handle": [{
"handler": "file_server",
"root": "dist",
"index_names": ["index.html", "index.htm", "test.html"]
}]
}],
"tls_connection_policies": [{
"match": {
"sni": ["", "localhost"]
},
"certificate_selection": {
"any_tag": ["only"]
}
}],
"logs": {}
}
}
},
"tls": {
"certificates": {
"load_files": [
{
"certificate": "domain.crt",
"key": "domain.key",
"format": "pem",
"tags": ["only"]
}
]
}
}
}
}
3. The problem I’m having:
the 8443 upstream is a https server with self-signed certificate, it works with no problem.
the 8444 upstream is a http server(no tls), and it responses with 502-bad-gate-way .
4. Error messages and/or full log output:
1.6042869409409404e+09 debug http.handlers.reverse_proxy upstream roundtrip {"upstream": "127.0.0.1:8444", "request": {"method": "POST", "uri": "/api/user", "proto": "HTTP/1.1", "remote_addr": "146.32.26.253:58771", "host": "31.28.53.72:443", "headers": {"Content-Length": ["272"], "Content-Type": ["application/json"], "User-Agent": ["PostmanRuntime/7.26.5"], "Accept": ["*/*"], "X-Forwarded-For": ["146.32.26.253"], "Accept-Encoding": ["gzip, deflate, br"], "X-Forwarded-Proto": ["https"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "", "proto_mutual": true, "server_name": ""}}, "duration": 0.000534244, "error": "tls: first record does not look like a TLS handshake"}
1.604286940941026e+09 error http.log.error tls: first record does not look like a TLS handshake {"request": {"method": "POST", "uri": "/api/user", "proto": "HTTP/1.1", "remote_addr": "146.32.26.253:58771", "host": "31.28.53.72:443", "headers": {"Accept-Encoding": ["gzip, deflate, br"], "Connection": ["keep-alive"], "Content-Length": ["272"], "Content-Type": ["application/json"], "User-Agent": ["PostmanRuntime/7.26.5"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "", "proto_mutual": true, "server_name": ""}}, "duration": 0.000645926, "status": 502, "err_id": "d941441hg", "err_trace": "reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:411)"}
1.6042869409410634e+09 error http.log.access handled request {"request": {"method": "POST", "uri": "/api/user", "proto": "HTTP/1.1", "remote_addr": "146.32.26.253:58771", "host": "31.28.53.72:443", "headers": {"Accept": ["*/*"], "Accept-Encoding": ["gzip, deflate, br"], "Connection": ["keep-alive"], "Content-Length": ["272"], "Content-Type": ["application/json"], "User-Agent": ["PostmanRuntime/7.26.5"]}, "tls": {"resumed": false, "version": 772, "ciphersuite": 4865, "proto": "", "proto_mutual": true, "server_name": ""}}, "common_log": "146.32.26.253 - - [02/Nov/2020:11:15:40 +0800] \"POST /api/user HTTP/1.1\" 502 0", "duration": 0.000645926, "size": 0, "status": 502, "resp_headers": {"Server": ["Caddy"]}}
5. What I already tried:
I tried to set upstream like
"upstreams": [{"dial": "http://127.0.0.1:8444"}]
the log errors:
"error": "dial http:: unknown network http:"
6. Links to relevant resources:
This can be done in nginx:
proxy-https-requests-to-a-http-backend-with-nginx