1. Output of caddy version
:
v2.4.3 h1:Y1FaV2N4WO3rBqxSYA8UZsZTQdN+PwcoOcAiZTM8C0I=
2. How I run Caddy:
- I’m having the caddy executable in my machine at a folder /caddy.
- Open the terminal
- sudo nohup ./caddy_exe start
a. System environment:
Ubuntu 20.04.5 LTS
b. Command:
sudo nohup ./caddy_exe start
c. Service/unit/compose file:
NOT IN DOCKER
d. My complete Caddy config:
*.csez.zohocorpin.com:9006 {
log {
output file live_access.log
}
tls internal {
alpn http1.1
}
reverse_proxy /* https://zcem-u20-2.csez.zohocorpin.com:9000 {
header_up Host {host}
}
}
3. The problem I’m having:
I have my web application stack running in docker along with CADDY in the same container. The caddy in docker receives 9000 port and redirects it to 8444. I have exposed the docker port 9000. When I access the docker container from my host machine browser using the same 9000 port, its working properly and I am able to get access logs in the caddy (inside docker).
For some reason, I need to run a CADDY in my host machine for reverse proxy. I am trying to redirect PORT : 9006 → 9000 (DOCKER). But I am getting HTTP/1.1 502 Bad Gateway error
4. Error messages and/or full log output:
NO HUP OUT :
{"level":"error","ts":1668606946.9699006,"logger":"http.log.error.log0","msg":"x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"Caddy Local Authority - 2022 ECC Root\")","request":{"remote_addr":"10.59.2.126:51548","proto":"HTTP/1.1","method":"GET","host":"zcem-u20-2.csez.zohocorpin.com:9006","uri":"/userhome/zcemu2024/admindashboard","headers":{"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Site":["none"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"107\", \"Chromium\";v=\"107\", \"Not=A?Brand\";v=\"24\""],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"Cookie":["_cseziamadt=d348c35eb50c3515d7347508d55debbe0740bfb7f424e5e513538c261ae5dc5c8e83d41dfa52445749f90d88595e571917d4b05b0c3bf0b14f4a39497740dadd; _cseziambdt=0bb60b6af104963cd9ea861be87823c97fad54c67628a9e0f03ab0f40d9f78dd90ba66cd60f02dc97b53d6293249a1545037be4e4b4c115de54a9ab43ab52a26; wms.agent=true; wms-tkp-token=15915807-ac28dc37-3fbf509cd508a05d35ec5925e0bf8448; zccpn=f005668a6988ba0e2887ff5327f9376902df165b7fc3032b9d86d33f872784c2c0cff91ca22c482d3be459a281e9f6ae05fd1fb670df07a6ce3d3a45df751a3e; _zcsr_tmp=f005668a6988ba0e2887ff5327f9376902df165b7fc3032b9d86d33f872784c2c0cff91ca22c482d3be459a281e9f6ae05fd1fb670df07a6ce3d3a45df751a3e; _iampt=15915806.15915807.49473b11c011a0b3519385ce5492fb17824422fc19c90d715dc64871bae9764001058eb5e16c0186c549a491fb86ae2cb756f7586ad2d2348e3b5a3dabb7bcfd; JSESSIONID=E145A60A819F3E851D1F6C65DF0E4DD6"],"Connection":["keep-alive"],"Upgrade-Insecure-Requests":["1"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"],"Sec-Fetch-User":["?1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"zcem-u20-2.csez.zohocorpin.com"}},"duration":0.003403951,"status":502,"err_id":"n0xn39v9w","err_trace":"reverseproxy.statusError (reverseproxy.go:857)"}
ACCESS LOG :
{"level":"error","ts":1668606946.9700105,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"10.59.2.126:51548","proto":"HTTP/1.1","method":"GET","host":"zcem-u20-2.csez.zohocorpin.com:9006","uri":"/userhome/zcemu2024/admindashboard","headers":{"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36"],"Sec-Fetch-User":["?1"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Platform":["\"macOS\""],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Site":["none"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"107\", \"Chromium\";v=\"107\", \"Not=A?Brand\";v=\"24\""],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"Cookie":["_cseziamadt=d348c35eb50c3515d7347508d55debbe0740bfb7f424e5e513538c261ae5dc5c8e83d41dfa52445749f90d88595e571917d4b05b0c3bf0b14f4a39497740dadd; _cseziambdt=0bb60b6af104963cd9ea861be87823c97fad54c67628a9e0f03ab0f40d9f78dd90ba66cd60f02dc97b53d6293249a1545037be4e4b4c115de54a9ab43ab52a26; wms.agent=true; wms-tkp-token=15915807-ac28dc37-3fbf509cd508a05d35ec5925e0bf8448; zccpn=f005668a6988ba0e2887ff5327f9376902df165b7fc3032b9d86d33f872784c2c0cff91ca22c482d3be459a281e9f6ae05fd1fb670df07a6ce3d3a45df751a3e; _zcsr_tmp=f005668a6988ba0e2887ff5327f9376902df165b7fc3032b9d86d33f872784c2c0cff91ca22c482d3be459a281e9f6ae05fd1fb670df07a6ce3d3a45df751a3e; _iampt=15915806.15915807.49473b11c011a0b3519385ce5492fb17824422fc19c90d715dc64871bae9764001058eb5e16c0186c549a491fb86ae2cb756f7586ad2d2348e3b5a3dabb7bcfd; JSESSIONID=E145A60A819F3E851D1F6C65DF0E4DD6"],"Connection":["keep-alive"],"Upgrade-Insecure-Requests":["1"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"zcem-u20-2.csez.zohocorpin.com"}},"common_log":"10.59.2.126 - - [16/Nov/2022:19:25:46 +0530] \"GET /userhome/zcemu2024/admindashboard HTTP/1.1\" 502 0","duration":0.003403951,"size":0,"status":502,"resp_headers":{"Server":["Caddy"]}}
Caddy in host :
curl -v --insecure https://zcem-u20-2.csez.zohocorpin.com:9006/userhome/zcemu2024/admindashboard#/
* Trying 172.24.158.145:9006...
* Connected to zcem-u20-2.csez.zohocorpin.com (172.24.158.145) port 9006 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: [NONE]
* start date: Nov 16 05:47:19 2022 GMT
* expire date: Nov 16 17:47:19 2022 GMT
* issuer: CN=Caddy Local Authority - ECC Intermediate
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /userhome/zcemu2024/admindashboard HTTP/1.1
> Host: zcem-u20-2.csez.zohocorpin.com:9006
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 502 Bad Gateway
< Server: Caddy
< Date: Wed, 16 Nov 2022 12:45:38 GMT
< Content-Length: 0
<
* Connection #0 to host zcem-u20-2.csez.zohocorpin.com left intact
Logs while accessing the proxied docker port straightaway :
curl -v --insecure https://zcem-u20-2.csez.zohocorpin.com:9000/userhome/zcemu2024/admindashboard#/
* Trying 172.24.158.145:9000...
* Connected to zcem-u20-2.csez.zohocorpin.com (172.24.158.145) port 9000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: [NONE]
* start date: Nov 16 05:52:22 2022 GMT
* expire date: Nov 16 17:52:22 2022 GMT
* issuer: CN=Caddy Local Authority - ECC Intermediate
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /userhome/zcemu2024/admindashboard HTTP/1.1
> Host: zcem-u20-2.csez.zohocorpin.com:9000
> User-Agent: curl/7.79.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Cache-Control: private,no-cache,no-store,max-age=0,must-revalidate
< Content-Length: 0
< Date: Wed, 16 Nov 2022 12:45:32 GMT
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Location: /index.jsp?serviceurl=%2Fuserhome%2Fzcemu2024%2Fadmindashboard
< Pragma: no-cache
< Server: Caddy
< Set-Cookie: zccpn=671c8dc1-e3e7-4081-9c40-1bc5af2d97a1;path=/;SameSite=None;Secure;priority=high
< Set-Cookie: _zcsr_tmp=671c8dc1-e3e7-4081-9c40-1bc5af2d97a1;path=/;SameSite=Strict;Secure;priority=high
< X-Content-Type-Options: nosniff
< X-Xss-Protection: 1
<
* Connection #0 to host zcem-u20-2.csez.zohocorpin.com left intact
5. What I already tried:
I tried changing the reverse proxy in different combinations
https://127.0.0.1:9000
https://localhost:9000
https://hostIP:9000
https://zcem-u20-2.csez.domainname.com:9000
But I got no clue. Please help.