I have a properly-registered domain (for the sake of argument, let’s say my.example.com) pointing to an Internal IP on my network, so it’s not resolvable by public, but it is resolvable to all my computers (using Tailscale).
b. Command:
I restart my Caddy server using the following command, so it picks up my config:
> caddy reload --config /etc/caddy/Caddyfile
2020/05/25 17:00:58.290 INFO using provided configuration {"config_file": "/etc/caddy/Caddyfile", "config_adapter": ""}
Note: The real domain in my /etc/caddy/Caddifile is here changed to “my.example.com” for security.
3. The problem I’m having:
The first syntax (http://) does not work, I get 404. Documentation implies that the first syntax should work, so that seems like a bug?
The second syntax (:80 in the end) does work if you access the URL with curl from command line, but it fails in any major GUI browser. I suspect due to dangling HSTS somewhere that curl ignores but real browsers don’t?
0.0.0.0 isn’t a real IP address. It just means “any IP”. I think curl accepts it as a loopback though.
Is this a service running on the same machine? If so, use localhost or 127.0.0.1 for the reverse_proxy address.
Also you might have issues with hairpinning if you use the domain on the same machine, unless you have domain in your hosts file mapped to 127.0.0.1 or something like that. Depends on the router.
Edit: Scratch that part, I missed your note regarding the domain in 2a of your post.
I updated the report. Something extra bad was happening with Caddy (I think the process was in some kind of corrupt state), that became less bad after a server reboot.
Bottomline:
“domain.com:80” syntax “works” (but not in any major browser, just in curl), http://domain.com syntax doesn’t work at all.
Thank you, Matt. I was able to find an operator error with the “respond” trick.
I believe both “http://domain.com” and “domain.com:80” syntax work. But as I mentioned - only in curl, Postman or such client, not in any GUI Browser. I even tried to delete HSTS records manually and install fresh browsers, but none of that seems to help.
Any suggestions?
Many thanks.
P.S. @francislavoie “journalctl” command was great to see startup messages, I still cannot see access log messages anywhere, though? Thank you!
domain.com:80 and http://domain.com are the same thing from Caddy’s perspective. If you’re getting a 404, that’s coming from your upstream service, not Caddy! If Caddy failed to match a request, you’d see an empty 200 response instead.
I’m not certain why your access logs wouldn’t be writing to disk, but wherever it is should be writable by the caddy user.
For the time being, you can just set log on each of your sites (no options block) which will make access logs output to stdout, which you’ll find via journalctl.
HSTS should have no effect here, all that would do is force the browser to load the site via HTTPS.
and I can see the access logs from both when I run journalctl -u caddy -f. Thank you!
As for HSTS - I think that’s what is going on, indeed. It is forcing browser to load HTTPS, but there is no HTTPS router, so the requests fail. Makes sense?
Did you put your site on the HSTS preload? Based on clearing browser caches and using fresh installs and still getting this issue, I’d assume this is at least a possibility? (You’d know if you did; you have to set a specific header and then go to a website to request being preloaded.)
If you ARE on the list, you’re a bit out of luck unless you can get public facing, validated HTTPS up and running again and start sending HSTS headers withoutpreload: HSTS Preload List Removal
Thank you, @Whitestrake. No, I haven’t done anything conscious with HSTS and these hosts. The only thing - I was using them over HTTPS with Caddy, and I am trying to to switch them to HTTP now.
In that case, fully clearing caches - or using a freshly installed (i.e. completely wiped or never previously installed) browser - should resolve this issue with the browsers inappropriately assuming HTTPS.
