1. The problem I’m having:
I currently have Caddy installed as a reverse proxy towards a bunch of services. Some are hosted on a webserver (on another host which is reacheable behind the proxy), some are docker based (on yet another host).
From time to time I’m getting 502 errors in the log and timeouts, and I’m trying to figure out what or why.
At the moment of the 502 errors in Caddy the backend service is actually operation and reacheable from the proxy host, yet caddy throws an error.
I’ve reduced my config to the bare minimum but still am hitting these errors.
2. Error messages and/or full log output:
{
"level": "error",
"ts": 1755544865.387159,
"logger": "http.log.error.log9",
"msg": "dial tcp: lookup webhost.hvergelmir.internal: i/o timeout",
"request": {
"remote_ip": "8.29.198.26",
"remote_port": "62168",
"client_ip": "8.29.198.26",
"proto": "HTTP/1.1",
"method": "GET",
"host": "kcore.org",
"uri": "/feed.xml",
"headers": {
"Connection": [
"close"
],
"Cache-Control": [
"no-cache"
],
"Pragma": [
"no-cache"
],
"Accept": [
"*/*"
],
"From": [
"feeds@feedly.com"
],
"User-Agent": [
"Feedly/1.0 (+https://feedly.com/poller.html; 3 subscribers; )"
],
"Accept-Encoding": [
"gzip, compress, deflate"
]
},
"tls": {
"resumed": false,
"version": 772,
"cipher_suite": 4865,
"proto": "",
"server_name": "kcore.org"
}
},
"duration": 3.001237416,
"status": 502,
"err_id": "b2542u2vm",
"err_trace": "reverseproxy.statusError (reverseproxy.go:1390)"
}
3. Caddy version:
v2.10.0 h1:fonubSaQKF1YANl8TXqGcn4IbIRUDdfAkpcsfI/vX5U=
4. How I installed and ran Caddy:
I was originally using Caddy from the official Debian repository and it had the issue. this caddy version is recompiled with the crowdsec plugin added.
It is run from systemd.
a. System environment:
Linux proxy 6.8.12-9-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.12-9 (2025-03-16T19:18Z) x86_64 GNU/Linux
b. Command:
Via systemd:
/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddy config:
log {
level DEBUG
output file /var/log/caddy/caddy.log
}
crowdsec {
api_key "API_KEY"
}
kcore.org www.kcore.org {
header {
Permissions-Policy interest-cohort=()
Srict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
}
log {
output file /var/log/caddy/kcore.org.log
}
route {
crowdsec
reverse_proxy https://webhost.hvergelmir.internal {
transport http {
tls_insecure_skip_verify
}
header_up Host {host}
}
}
}
