Infinite Redirect when file not specified

1. The problem I’m having:

I have a PHP application that also needs to serve static files from a nested directory. When visiting the website without specifying a file, caddy runs into an infinite loop of appending to the URL.

Example:

https://staging.containment.listech.on.ca/MOBILE/uploadImages

caddy redirects to this, where MOBILE keeps gettings added to the url

https://staging.containment.listech.on.ca/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/mobile.php

I am in a unique situation where I am using a caddy reverse proxy (lucaslorentz/caddy-docker-proxy) to serve up the caddy server which serves the website

2. Error messages and/or full log output:

Running in a docker container do not know how to get the logs

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version:

2.6.4

4. How I installed and ran Caddy:

a. System environment:

Docker: caddy:2.6.4-alpine

b. Command:


c. Service/unit/compose file:

app:
    image: caddy:2.6.4-alpine
    restart: unless-stopped
    labels:
      caddy: staging.containment.listech.on.ca
      caddy.tls: /certs/containment.pem /certs/cert-key.pem
      caddy.tls.ca_root: /certs/ca.pem
      caddy.reverse_proxy: "{{upstreams 80}}"
      caddy.reverse_proxy.trusted_proxies: "172.17.63.3/24"
    volumes:
      - ./staging.Caddyfile:/etc/caddy/Caddyfile
      - ./src:/var/www/html
      - ./caddy_data:/data
    depends_on:
      - containment-php
    extra_hosts:
      - "host.docker.internal:host-gateway"
    networks:
      - default
      - routable

d. My complete Caddy config:

Here is the generated caddy file for the docker stack

staging.containment.listech.on.ca {
    reverse_proxy 172.17.63.3:80 {
    trusted_proxies 172.17.63.3/24
    }
    tls /certs/containment.pem /certs/cert-key.pem {
        ca_root /certs/ca.pem
    }
}

Here is the Caddyfile for the caddy server hosting the website

{
    servers {
        trusted_proxies static 172.17.63.0/24
    }
}

:80 {
    root * /var/www/html
    php_fastcgi containment-php:9000
    file_server {
           root /var/www/html/MOBILE/uploadImages
           browse
           hide .* _*
    }
}


:443 {
     root * /var/www/html
     php_fastcgi containment-php:9000
     file_server {
         root /var/www/html/MOBILE/uploadImages
         browse
         hide .* _*
    }
    tls internal
}

5. Links to relevant resources:

What’s in your logs? Enable the debug global option as asked by the help topic template. Make a request with curl -v to show the behaviour.

OK here are the logs, though I think I know what is happening

app_1  | {"level":"info","ts":1692272444.1054397,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
app_1  | {"level":"warn","ts":1692272444.1065211,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
app_1  | {"level":"info","ts":1692272444.108969,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
app_1  | {"level":"info","ts":1692272444.1100163,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000197b20"}
app_1  | {"level":"info","ts":1692272444.1149726,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
app_1  | {"level":"info","ts":1692272444.1149926,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
app_1  | {"level":"warn","ts":1692272444.1150239,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
app_1  | {"level":"warn","ts":1692272444.2316837,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
app_1  | {"level":"info","ts":1692272444.2319703,"msg":"warning: \"certutil\" is not available, install \"certutil\" with \"apt install libnss3-tools\" or \"yum install nss-tools\" and try again"}
app_1  | {"level":"info","ts":1692272444.23198,"msg":"define JAVA_HOME environment variable to use the Java trust"}
app_1  | {"level":"info","ts":1692272444.3079286,"msg":"certificate installed properly in linux trusts"}
app_1  | {"level":"info","ts":1692272444.3083768,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
app_1  | {"level":"info","ts":1692272444.308603,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
app_1  | {"level":"debug","ts":1692272444.308703,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
app_1  | {"level":"info","ts":1692272444.3087199,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
app_1  | {"level":"debug","ts":1692272444.3087854,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
app_1  | {"level":"info","ts":1692272444.3087962,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
app_1  | {"level":"info","ts":1692272444.3091023,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
app_1  | {"level":"info","ts":1692272444.3091352,"logger":"tls","msg":"finished cleaning storage units"}
app_1  | {"level":"info","ts":1692272444.3092785,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
app_1  | {"level":"info","ts":1692272444.3092942,"msg":"serving initial configuration"}
app_1  | {"level":"debug","ts":1692272536.149834,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_ip":"172.17.63.2","remote_port":"58162","proto":"HTTP/1.1","method":"GET","host":"staging.containment.listech.on.ca","uri":"/MOBILE/uploadImages","headers":{"Accept-Encoding":["gzip"],"User-Agent":["curl/7.83.1"],"Accept":["*/*"],"X-Forwarded-For":["10.2.31.250"],"X-Forwarded-Host":["staging.containment.listech.on.ca"],"X-Forwarded-Proto":["https"]}},"method":"GET","uri":"/index.php"}
app_1  | {"level":"debug","ts":1692272536.1498728,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"containment-php:9000","total_upstreams":1}
app_1  | {"level":"debug","ts":1692272536.1499753,"logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_ip":"172.17.63.2","remote_port":"58162","proto":"HTTP/1.1","method":"GET","host":"staging.containment.listech.on.ca","uri":"/index.php","headers":{"Accept-Encoding":["gzip"],"User-Agent":["curl/7.83.1"],"Accept":["*/*"],"X-Forwarded-For":["10.2.31.250, 172.17.63.2"],"X-Forwarded-Host":["staging.containment.listech.on.ca"],"X-Forwarded-Proto":["https"]}},"env":{"REMOTE_IDENT":"","CONTENT_TYPE":"","SERVER_PROTOCOL":"HTTP/1.1","DOCUMENT_ROOT":"/var/www/html","HTTP_X_FORWARDED_HOST":"staging.containment.listech.on.ca","REMOTE_HOST":"172.17.63.2","REQUEST_METHOD":"GET","REQUEST_SCHEME":"http","DOCUMENT_URI":"/index.php","REQUEST_URI":"/MOBILE/uploadImages","HTTP_USER_AGENT":"curl/7.83.1","PATH_INFO":"","HTTP_HOST":"staging.containment.listech.on.ca","SCRIPT_NAME":"/index.php","GATEWAY_INTERFACE":"CGI/1.1","SERVER_SOFTWARE":"Caddy/v2.6.4","HTTP_X_FORWARDED_FOR":"10.2.31.250, 172.17.63.2","AUTH_TYPE":"","QUERY_STRING":"","REMOTE_ADDR":"172.17.63.2","REMOTE_PORT":"58162","HTTP_ACCEPT_ENCODING":"gzip","HTTP_ACCEPT":"*/*","CONTENT_LENGTH":"","REMOTE_USER":"","SERVER_NAME":"staging.containment.listech.on.ca","SCRIPT_FILENAME":"/var/www/html/index.php","SERVER_PORT":"80","HTTP_X_FORWARDED_PROTO":"https"},"dial":"containment-php:9000","env":{"CONTENT_LENGTH":"","REMOTE_USER":"","SERVER_NAME":"staging.containment.listech.on.ca","SCRIPT_FILENAME":"/var/www/html/index.php","SERVER_PORT":"80","HTTP_X_FORWARDED_PROTO":"https","REMOTE_IDENT":"","CONTENT_TYPE":"","SERVER_PROTOCOL":"HTTP/1.1","DOCUMENT_ROOT":"/var/www/html","HTTP_X_FORWARDED_HOST":"staging.containment.listech.on.ca","HTTP_USER_AGENT":"curl/7.83.1","REMOTE_HOST":"172.17.63.2","REQUEST_METHOD":"GET","REQUEST_SCHEME":"http","DOCUMENT_URI":"/index.php","REQUEST_URI":"/MOBILE/uploadImages","PATH_INFO":"","HTTP_HOST":"staging.containment.listech.on.ca","SCRIPT_NAME":"/index.php","GATEWAY_INTERFACE":"CGI/1.1","SERVER_SOFTWARE":"Caddy/v2.6.4","HTTP_X_FORWARDED_FOR":"10.2.31.250, 172.17.63.2","HTTP_ACCEPT":"*/*","AUTH_TYPE":"","QUERY_STRING":"","REMOTE_ADDR":"172.17.63.2","REMOTE_PORT":"58162","HTTP_ACCEPT_ENCODING":"gzip"},"request":{"remote_ip":"172.17.63.2","remote_port":"58162","proto":"HTTP/1.1","method":"GET","host":"staging.containment.listech.on.ca","uri":"/index.php","headers":{"Accept-Encoding":["gzip"],"User-Agent":["curl/7.83.1"],"Accept":["*/*"],"X-Forwarded-For":["10.2.31.250, 172.17.63.2"],"X-Forwarded-Host":["staging.containment.listech.on.ca"],"X-Forwarded-Proto":["https"]}}}
app_1  | {"level":"debug","ts":1692272536.5228686,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"containment-php:9000","duration":0.372925711,"request":{"remote_ip":"172.17.63.2","remote_port":"58162","proto":"HTTP/1.1","method":"GET","host":"staging.containment.listech.on.ca","uri":"/index.php","headers":{"Accept-Encoding":["gzip"],"User-Agent":["curl/7.83.1"],"Accept":["*/*"],"X-Forwarded-For":["10.2.31.250, 172.17.63.2"],"X-Forwarded-Host":["staging.containment.listech.on.ca"],"X-Forwarded-Proto":["https"]}},"headers":{"Content-Type":["text/html; charset=UTF-8"],"X-Powered-By":["PHP/7.4.27"]},"status":200}

Here is the curl output (I needed to add the -k option as well to ignore ssl errors since the site is internal only and is secured with a self-signed certificate)

curl -lk https://staging.containment.listech.on.ca/MOBILE/uploadImages
<!DOCTYPE HTML>
<html lang="en-US">

<head>
  <meta charset="UTF-8">
  <meta http-equiv="refresh" content="1;url=./MOBILE/mobile.php">
  <script type="text/javascript">window.location.href = "./MOBILE/mobile.php"</script>
  <title>Page Redirection</title>
</head>
    
<body>
        If you are not redirected automatically, follow the <a href='./MOBILE/mobile.php'>link</a>
</body>

</html>

What seems to be happening is when navigating to a directory to browse, caddy is serving up the root index.php file which redirects to an other php file (I did not develop this application)

See php_fastcgi (Caddyfile directive) — Caddy Documentation to understand how php_fastcgi works.

I can’t really recommend a solution because I don’t understand what your application is trying to do. You’ll need to dig deeper unfortunately.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.