Infinite Redirect when file not specified

Help
1

1. The problem I’m having:

I have a PHP application that also needs to serve static files from a nested directory. When visiting the website without specifying a file, caddy runs into an infinite loop of appending to the URL.

Example:

https://staging.containment.listech.on.ca/MOBILE/uploadImages

caddy redirects to this, where MOBILE keeps gettings added to the url

https://staging.containment.listech.on.ca/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/MOBILE/mobile.php

I am in a unique situation where I am using a caddy reverse proxy (lucaslorentz/caddy-docker-proxy) to serve up the caddy server which serves the website

2. Error messages and/or full log output:

Running in a docker container do not know how to get the logs

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

3. Caddy version:

2.6.4

4. How I installed and ran Caddy:

a. System environment:

Docker: caddy:2.6.4-alpine

b. Command:

c. Service/unit/compose file:

app:
    image: caddy:2.6.4-alpine
    restart: unless-stopped
    labels:
      caddy: staging.containment.listech.on.ca
      caddy.tls: /certs/containment.pem /certs/cert-key.pem
      caddy.tls.ca_root: /certs/ca.pem
      caddy.reverse_proxy: "{{upstreams 80}}"
      caddy.reverse_proxy.trusted_proxies: "172.17.63.3/24"
    volumes:
      - ./staging.Caddyfile:/etc/caddy/Caddyfile
      - ./src:/var/www/html
      - ./caddy_data:/data
    depends_on:
      - containment-php
    extra_hosts:
      - "host.docker.internal:host-gateway"
    networks:
      - default
      - routable

d. My complete Caddy config:

Here is the generated caddy file for the docker stack

staging.containment.listech.on.ca {
    reverse_proxy 172.17.63.3:80 {
    trusted_proxies 172.17.63.3/24
    }
    tls /certs/containment.pem /certs/cert-key.pem {
        ca_root /certs/ca.pem
    }
}

Here is the Caddyfile for the caddy server hosting the website

{
    servers {
        trusted_proxies static 172.17.63.0/24
    }
}

:80 {
    root * /var/www/html
    php_fastcgi containment-php:9000
    file_server {
           root /var/www/html/MOBILE/uploadImages
           browse
           hide .* _*
    }
}


:443 {
     root * /var/www/html
     php_fastcgi containment-php:9000
     file_server {
         root /var/www/html/MOBILE/uploadImages
         browse
         hide .* _*
    }
    tls internal
}

5. Links to relevant resources:

2

What’s in your logs? Enable the debug global option as asked by the help topic template. Make a request with curl -v to show the behaviour.

3

OK here are the logs, though I think I know what is happening

app_1  | {"level":"info","ts":1692272444.1054397,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
app_1  | {"level":"warn","ts":1692272444.1065211,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
app_1  | {"level":"info","ts":1692272444.108969,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
app_1  | {"level":"info","ts":1692272444.1100163,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000197b20"}
app_1  | {"level":"info","ts":1692272444.1149726,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
app_1  | {"level":"info","ts":1692272444.1149926,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
app_1  | {"level":"warn","ts":1692272444.1150239,"logger":"http","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
app_1  | {"level":"warn","ts":1692272444.2316837,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
app_1  | {"level":"info","ts":1692272444.2319703,"msg":"warning: \"certutil\" is not available, install \"certutil\" with \"apt install libnss3-tools\" or \"yum install nss-tools\" and try again"}
app_1  | {"level":"info","ts":1692272444.23198,"msg":"define JAVA_HOME environment variable to use the Java trust"}
app_1  | {"level":"info","ts":1692272444.3079286,"msg":"certificate installed properly in linux trusts"}
app_1  | {"level":"info","ts":1692272444.3083768,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
app_1  | {"level":"info","ts":1692272444.308603,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
app_1  | {"level":"debug","ts":1692272444.308703,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
app_1  | {"level":"info","ts":1692272444.3087199,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
app_1  | {"level":"debug","ts":1692272444.3087854,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
app_1  | {"level":"info","ts":1692272444.3087962,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
app_1  | {"level":"info","ts":1692272444.3091023,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
app_1  | {"level":"info","ts":1692272444.3091352,"logger":"tls","msg":"finished cleaning storage units"}
app_1  | {"level":"info","ts":1692272444.3092785,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
app_1  | {"level":"info","ts":1692272444.3092942,"msg":"serving initial configuration"}
app_1  | {"level":"debug","ts":1692272536.149834,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_ip":"172.17.63.2","remote_port":"58162","proto":"HTTP/1.1","method":"GET","host":"staging.containment.listech.on.ca","uri":"/MOBILE/uploadImages","headers":{"Accept-Encoding":["gzip"],"User-Agent":["curl/7.83.1"],"Accept":["*/*"],"X-Forwarded-For":["10.2.31.250"],"X-Forwarded-Host":["staging.containment.listech.on.ca"],"X-Forwarded-Proto":["https"]}},"method":"GET","uri":"/index.php"}
app_1  | {"level":"debug","ts":1692272536.1498728,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"containment-php:9000","total_upstreams":1}
app_1  | {"level":"debug","ts":1692272536.1499753,"logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_ip":"172.17.63.2","remote_port":"58162","proto":"HTTP/1.1","method":"GET","host":"staging.containment.listech.on.ca","uri":"/index.php","headers":{"Accept-Encoding":["gzip"],"User-Agent":["curl/7.83.1"],"Accept":["*/*"],"X-Forwarded-For":["10.2.31.250, 172.17.63.2"],"X-Forwarded-Host":["staging.containment.listech.on.ca"],"X-Forwarded-Proto":["https"]}},"env":{"REMOTE_IDENT":"","CONTENT_TYPE":"","SERVER_PROTOCOL":"HTTP/1.1","DOCUMENT_ROOT":"/var/www/html","HTTP_X_FORWARDED_HOST":"staging.containment.listech.on.ca","REMOTE_HOST":"172.17.63.2","REQUEST_METHOD":"GET","REQUEST_SCHEME":"http","DOCUMENT_URI":"/index.php","REQUEST_URI":"/MOBILE/uploadImages","HTTP_USER_AGENT":"curl/7.83.1","PATH_INFO":"","HTTP_HOST":"staging.containment.listech.on.ca","SCRIPT_NAME":"/index.php","GATEWAY_INTERFACE":"CGI/1.1","SERVER_SOFTWARE":"Caddy/v2.6.4","HTTP_X_FORWARDED_FOR":"10.2.31.250, 172.17.63.2","AUTH_TYPE":"","QUERY_STRING":"","REMOTE_ADDR":"172.17.63.2","REMOTE_PORT":"58162","HTTP_ACCEPT_ENCODING":"gzip","HTTP_ACCEPT":"*/*","CONTENT_LENGTH":"","REMOTE_USER":"","SERVER_NAME":"staging.containment.listech.on.ca","SCRIPT_FILENAME":"/var/www/html/index.php","SERVER_PORT":"80","HTTP_X_FORWARDED_PROTO":"https"},"dial":"containment-php:9000","env":{"CONTENT_LENGTH":"","REMOTE_USER":"","SERVER_NAME":"staging.containment.listech.on.ca","SCRIPT_FILENAME":"/var/www/html/index.php","SERVER_PORT":"80","HTTP_X_FORWARDED_PROTO":"https","REMOTE_IDENT":"","CONTENT_TYPE":"","SERVER_PROTOCOL":"HTTP/1.1","DOCUMENT_ROOT":"/var/www/html","HTTP_X_FORWARDED_HOST":"staging.containment.listech.on.ca","HTTP_USER_AGENT":"curl/7.83.1","REMOTE_HOST":"172.17.63.2","REQUEST_METHOD":"GET","REQUEST_SCHEME":"http","DOCUMENT_URI":"/index.php","REQUEST_URI":"/MOBILE/uploadImages","PATH_INFO":"","HTTP_HOST":"staging.containment.listech.on.ca","SCRIPT_NAME":"/index.php","GATEWAY_INTERFACE":"CGI/1.1","SERVER_SOFTWARE":"Caddy/v2.6.4","HTTP_X_FORWARDED_FOR":"10.2.31.250, 172.17.63.2","HTTP_ACCEPT":"*/*","AUTH_TYPE":"","QUERY_STRING":"","REMOTE_ADDR":"172.17.63.2","REMOTE_PORT":"58162","HTTP_ACCEPT_ENCODING":"gzip"},"request":{"remote_ip":"172.17.63.2","remote_port":"58162","proto":"HTTP/1.1","method":"GET","host":"staging.containment.listech.on.ca","uri":"/index.php","headers":{"Accept-Encoding":["gzip"],"User-Agent":["curl/7.83.1"],"Accept":["*/*"],"X-Forwarded-For":["10.2.31.250, 172.17.63.2"],"X-Forwarded-Host":["staging.containment.listech.on.ca"],"X-Forwarded-Proto":["https"]}}}
app_1  | {"level":"debug","ts":1692272536.5228686,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"containment-php:9000","duration":0.372925711,"request":{"remote_ip":"172.17.63.2","remote_port":"58162","proto":"HTTP/1.1","method":"GET","host":"staging.containment.listech.on.ca","uri":"/index.php","headers":{"Accept-Encoding":["gzip"],"User-Agent":["curl/7.83.1"],"Accept":["*/*"],"X-Forwarded-For":["10.2.31.250, 172.17.63.2"],"X-Forwarded-Host":["staging.containment.listech.on.ca"],"X-Forwarded-Proto":["https"]}},"headers":{"Content-Type":["text/html; charset=UTF-8"],"X-Powered-By":["PHP/7.4.27"]},"status":200}

Here is the curl output (I needed to add the -k option as well to ignore ssl errors since the site is internal only and is secured with a self-signed certificate)

curl -lk https://staging.containment.listech.on.ca/MOBILE/uploadImages
<!DOCTYPE HTML>
<html lang="en-US">

<head>
  <meta charset="UTF-8">
  <meta http-equiv="refresh" content="1;url=./MOBILE/mobile.php">
  <script type="text/javascript">window.location.href = "./MOBILE/mobile.php"</script>
  <title>Page Redirection</title>
</head>
    
<body>
        If you are not redirected automatically, follow the <a href='./MOBILE/mobile.php'>link</a>
</body>

</html>

What seems to be happening is when navigating to a directory to browse, caddy is serving up the root index.php file which redirects to an other php file (I did not develop this application)

4

See php_fastcgi (Caddyfile directive) — Caddy Documentation to understand how php_fastcgi works.

I can’t really recommend a solution because I don’t understand what your application is trying to do. You’ll need to dig deeper unfortunately.

5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.