IredMail server returning too many redirects on FQDN through caddy v2.0

1. Caddy version (v2.0.0):

v2.0.0 h1:pQSaIJGFluFvu8KDGDODV8u4/QRED/OPyIR+MWYYse8=

2. How I run Caddy:

systemctl service

a. System environment:

systemd, ubuntu server 20.04

b. Command:

systemctl start caddy.service

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

(staging) {
    acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

(transparent) {
        header_up Host {http.request.host}
        header_up X-Real-IP {http.request.remote.host}
        header_up X-Forwarded-For {http.request.remote.host}
        header_up X-Forwarded-Port {http.request.port}
        header_up X-Forwarded-Proto {http.request.scheme}
}

emby.emeryx.co.uk {
        import staging
        reverse_proxy 10.0.0.14:8096 {
                import transparent
        }
}

dl.emeryx.co.uk {
        import staging
        encode zstd gzip
        rewrite * /data{uri}
        reverse_proxy 10.0.0.14:80 {
                import transparent
                transport http
       }
        file_server
}

mail.emeryx.co.uk {
        import staging
        rewrite * /mail(uri)
        reverse_proxy 10.0.0.9:80 {
                import transparent
                transport http
        }
}

3. The problem I’m having:

I have an iredmail server set up in a different VM to my caddy server.
The mail server is on 10.0.0.9 and it’s web server is on port 80.
Everything seems to be working up to actually connecting to that web server through the FQDN.
In that scenario I get stuck in a redirect loop and end up with the error “ERR_TOO_MANY_REDIRECTS”.

I am able to reach the webserver perfectly fine internally, I.e. http://10.0.0.9 in my browser.

4. Error messages and/or full log output:

Jun 18 19:55:44 emy-rp-01 caddy[52999]: {"level":"info","ts":1592510144.9296973,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Jun 18 19:55:44 emy-rp-01 caddy[18934]: {"level":"info","ts":1592510144.935969,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:60502","headers":{"Accept-Encodi>
Jun 18 19:55:44 emy-rp-01 caddy[18934]: {"level":"info","ts":1592510144.9375355,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:20>
Jun 18 19:55:44 emy-rp-01 caddy[18934]: {"level":"info","ts":1592510144.9378102,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_>
Jun 18 19:55:44 emy-rp-01 caddy[18934]: {"level":"info","ts":1592510144.9379947,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Jun 18 19:55:44 emy-rp-01 caddy[18934]: {"level":"info","ts":1592510144.9386034,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["emby.emeryx.co.uk","mail.emeryx.co.uk","dl.emeryx.co.uk"]}
Jun 18 19:55:44 emy-rp-01 caddy[18934]: 2020/06/18 19:55:44 [INFO][cache:0xc0000f2870] Stopped certificate maintenance routine
Jun 18 19:55:44 emy-rp-01 caddy[18934]: {"level":"info","ts":1592510144.940046,"msg":"autosaved config","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Jun 18 19:55:44 emy-rp-01 caddy[18934]: {"level":"info","ts":1592510144.9401355,"logger":"admin.api","msg":"load complete"}
Jun 18 19:55:44 emy-rp-01 caddy[18934]: {"level":"info","ts":1592510144.9414198,"logger":"admin","msg":"stopped previous server"}
Jun 18 19:55:44 emy-rp-01 systemd[1]: Reloaded Caddy.
Jun 18 19:55:44 emy-rp-01 caddy[18934]: 2020/06/18 19:55:44 [INFO][cache:0xc0000f27d0] Started certificate maintenance routine
Jun 18 19:55:47 emy-rp-01 caddy[18934]: 2020/06/18 19:55:47 http: TLS handshake error from 10.0.0.1:17914: remote error: tls: unknown certificate

I cannot see any errors that relate to my issue but maybe I’m missing something?
Here’s what any browser I’ve tried shows:

5. What I already tried:

My main attempt of fixing has been upgrading from v1 to v2, which needed to be done anyway.
Since that upgrade I’ve tried adding lines such as transport http and rewrite * /mail(uri)

6. Links to relevant resources:

You used () parentheses instead of {} braces here.

FYI, you don’t to forward the X-Forwarded-For and X-Forwarded-Proto headers, Caddy does it for you automatically already. You probably don’t need the other 3 either, unless your app specifically needs them.

It’s unnecessary to specify transport http as that’s the default.

Ah, must have missed this, thanks!

Interestingly, without all of these specified, my emby server treats the incoming traffic as having a LAN origin. Removing any of these has caused that same thing to happen so not too sure what’s going on there? Especially the ones that are default.

Wasn’t aware of this, thanks!
Dispite all of this however, I am still getting the same message every time in different browsers.
Any other ideas of where I could have gone wrong?

Unfortunately the logs you posted are truncated (see the > at the end of every line), so we can’t see the problem in the logs.

You can add the following at the top of your Caddyfile to reveal some additional information in the logs:

{
	debug
}

Got the debugging enabled but I need to enable logging to file so that I can actually show you the entire thing.

log {
   output file /etc/caddy/caddy.log
}

The above isn’t working and doesn’t return any errors when I put it inside of mail.emeryx.co.uk.
Putting it in the global area along with debug causes an error when reloading.

Any ideas as to how I can turn it on globally would be much appreciated!

The log directive won’t return errors because it’s an access logger.

Enables and configures HTTP request logging (also known as access logs).
log (Caddyfile directive) — Caddy Documentation

Just the debug global option is fine, those logs will go to stdout.

That, and posting the non-truncated logs (journalctl will truncate them for paging by default).

1 Like
Jun 20 15:10:23 emy-rp-01 caddy[18934]: {"level":"debug","ts":1592665823.0457776,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.0.0.9:80","request":{"method":"GET","uri":"/mail%29","proto":"HTTP/2.0","remote_addr":"10.0.0.1:3241","host":"mail.emeryx.co.uk","headers":{"Te":["trailers"],"X-Forwarded-For":["10.0.0.1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"X-Forwarded-Port":[""],"X-Real-Ip":["10.0.0.1"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-Proto":["https"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"headers":{"Referrer-Policy":["strict-origin"],"Content-Type":["text/html"],"Location":["https://mail.emeryx.co.uk/mail%29"],"X-Xss-Protection":["1; mode=block"],"X-Download-Options":["noopen"],"X-Frame-Options":["sameorigin"],"X-Content-Type-Options":["nosniff"],"X-Permitted-Cross-Domain-Policies":["none"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Server":["nginx"],"Date":["Sat, 20 Jun 2020 15:10:23 GMT"],"Content-Length":["162"],"Connection":["keep-alive"]},"duration":0.001201681,"status":301}
Jun 20 15:10:23 emy-rp-01 caddy[18934]: {"level":"info","ts":1592665823.0462182,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail%29","proto":"HTTP/2.0","remote_addr":"10.0.0.1:3241","host":"mail.emeryx.co.uk","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:15:10:23 +0000] \"GET /mail%29 HTTP/2.0\" 301 162","duration":0.001695682,"size":162,"status":301,"resp_headers":{"Referrer-Policy":["strict-origin"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Content-Length":["162"],"X-Frame-Options":["sameorigin"],"X-Permitted-Cross-Domain-Policies":["none"],"Server":["Caddy","nginx"],"Location":["https://mail.emeryx.co.uk/mail%29"],"X-Xss-Protection":["1; mode=block"],"X-Download-Options":["noopen"],"Date":["Sat, 20 Jun 2020 15:10:23 GMT"],"X-Content-Type-Options":["nosniff"],"Content-Type":["text/html"]}}
Jun 20 15:10:23 emy-rp-01 caddy[18934]: 2020-06-20 15:10:23.046342791 +0000 UTC m=+233796.235846017 write error: can't open new logfile: open /etc/caddy/caddy.log: read-only file system

This message is recurring every time my browser gets redirected.

Any thoughts?

Looks like your system is not allowing the Caddy process to write to the log output folder.

I did notice that and have set it to another folder with 775 perms now.

That log file outputs this:

{"level":"info","ts":1592672342.5671444,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:02 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.001180097,"size":162,"status":301,"resp_headers":{"X-Frame-Options":["sameorigin"],"Referrer-Policy":["strict-origin"],"Date":["Sat, 20 Jun 2020 16:59:02 GMT"],"Content-Type":["text/html"],"Server":["Caddy","nginx"],"X-Download-Options":["noopen"],"Content-Length":["162"],"Location":["https://mail.emeryx.co.uk/mail"],"X-Content-Type-Options":["nosniff"],"X-Xss-Protection":["1; mode=block"],"X-Permitted-Cross-Domain-Policies":["none"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"]}}
{"level":"info","ts":1592672342.6195166,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:02 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000621738,"size":162,"status":301,"resp_headers":{"X-Content-Type-Options":["nosniff"],"X-Frame-Options":["sameorigin"],"Content-Type":["text/html"],"X-Xss-Protection":["1; mode=block"],"X-Permitted-Cross-Domain-Policies":["none"],"Location":["https://mail.emeryx.co.uk/mail"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Server":["Caddy","nginx"],"Referrer-Policy":["strict-origin"],"Date":["Sat, 20 Jun 2020 16:59:02 GMT"],"Content-Length":["162"],"X-Download-Options":["noopen"]}}
{"level":"info","ts":1592672342.6749675,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:02 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000591358,"size":162,"status":301,"resp_headers":{"X-Xss-Protection":["1; mode=block"],"Server":["Caddy","nginx"],"X-Download-Options":["noopen"],"Referrer-Policy":["strict-origin"],"Location":["https://mail.emeryx.co.uk/mail"],"Content-Length":["162"],"X-Frame-Options":["sameorigin"],"X-Content-Type-Options":["nosniff"],"X-Permitted-Cross-Domain-Policies":["none"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Date":["Sat, 20 Jun 2020 16:59:02 GMT"],"Content-Type":["text/html"]}}
{"level":"info","ts":1592672342.7256186,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:02 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000762792,"size":162,"status":301,"resp_headers":{"Server":["Caddy","nginx"],"X-Xss-Protection":["1; mode=block"],"X-Download-Options":["noopen"],"Location":["https://mail.emeryx.co.uk/mail"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Referrer-Policy":["strict-origin"],"X-Content-Type-Options":["nosniff"],"Content-Type":["text/html"],"Content-Length":["162"],"X-Frame-Options":["sameorigin"],"Date":["Sat, 20 Jun 2020 16:59:02 GMT"],"X-Permitted-Cross-Domain-Policies":["none"]}}
{"level":"info","ts":1592672342.7790549,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:02 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000621358,"size":162,"status":301,"resp_headers":{"Referrer-Policy":["strict-origin"],"Date":["Sat, 20 Jun 2020 16:59:02 GMT"],"Location":["https://mail.emeryx.co.uk/mail"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Server":["Caddy","nginx"],"X-Permitted-Cross-Domain-Policies":["none"],"Content-Length":["162"],"X-Content-Type-Options":["nosniff"],"X-Xss-Protection":["1; mode=block"],"Content-Type":["text/html"],"X-Frame-Options":["sameorigin"],"X-Download-Options":["noopen"]}}
{"level":"info","ts":1592672342.8291502,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:02 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000648057,"size":162,"status":301,"resp_headers":{"X-Download-Options":["noopen"],"X-Permitted-Cross-Domain-Policies":["none"],"Referrer-Policy":["strict-origin"],"Content-Type":["text/html"],"X-Frame-Options":["sameorigin"],"X-Content-Type-Options":["nosniff"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Server":["Caddy","nginx"],"Content-Length":["162"],"Location":["https://mail.emeryx.co.uk/mail"],"X-Xss-Protection":["1; mode=block"],"Date":["Sat, 20 Jun 2020 16:59:02 GMT"]}}
{"level":"info","ts":1592672342.8831651,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:02 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000609097,"size":162,"status":301,"resp_headers":{"Server":["Caddy","nginx"],"Location":["https://mail.emeryx.co.uk/mail"],"X-Xss-Protection":["1; mode=block"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"X-Permitted-Cross-Domain-Policies":["none"],"Content-Type":["text/html"],"Content-Length":["162"],"X-Content-Type-Options":["nosniff"],"Referrer-Policy":["strict-origin"],"Date":["Sat, 20 Jun 2020 16:59:02 GMT"],"X-Frame-Options":["sameorigin"],"X-Download-Options":["noopen"]}}
{"level":"info","ts":1592672342.933237,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:02 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000667058,"size":162,"status":301,"resp_headers":{"X-Xss-Protection":["1; mode=block"],"Referrer-Policy":["strict-origin"],"Location":["https://mail.emeryx.co.uk/mail"],"X-Content-Type-Options":["nosniff"],"Server":["Caddy","nginx"],"X-Download-Options":["noopen"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Content-Type":["text/html"],"X-Permitted-Cross-Domain-Policies":["none"],"Date":["Sat, 20 Jun 2020 16:59:02 GMT"],"Content-Length":["162"],"X-Frame-Options":["sameorigin"]}}
{"level":"info","ts":1592672342.9873562,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:02 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000586268,"size":162,"status":301,"resp_headers":{"Content-Type":["text/html"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Date":["Sat, 20 Jun 2020 16:59:02 GMT"],"Content-Length":["162"],"Location":["https://mail.emeryx.co.uk/mail"],"X-Frame-Options":["sameorigin"],"X-Xss-Protection":["1; mode=block"],"Server":["Caddy","nginx"],"X-Permitted-Cross-Domain-Policies":["none"],"X-Download-Options":["noopen"],"Referrer-Policy":["strict-origin"],"X-Content-Type-Options":["nosniff"]}}
{"level":"info","ts":1592672343.038695,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:03 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000791368,"size":162,"status":301,"resp_headers":{"Content-Type":["text/html"],"Content-Length":["162"],"X-Permitted-Cross-Domain-Policies":["none"],"Server":["Caddy","nginx"],"X-Content-Type-Options":["nosniff"],"X-Download-Options":["noopen"],"Location":["https://mail.emeryx.co.uk/mail"],"X-Frame-Options":["sameorigin"],"X-Xss-Protection":["1; mode=block"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Referrer-Policy":["strict-origin"],"Date":["Sat, 20 Jun 2020 16:59:03 GMT"]}}
{"level":"info","ts":1592672343.0916972,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:03 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000763898,"size":162,"status":301,"resp_headers":{"X-Xss-Protection":["1; mode=block"],"X-Permitted-Cross-Domain-Policies":["none"],"Server":["Caddy","nginx"],"Location":["https://mail.emeryx.co.uk/mail"],"Referrer-Policy":["strict-origin"],"X-Content-Type-Options":["nosniff"],"X-Frame-Options":["sameorigin"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Content-Length":["162"],"X-Download-Options":["noopen"],"Date":["Sat, 20 Jun 2020 16:59:03 GMT"],"Content-Type":["text/html"]}}
{"level":"info","ts":1592672343.1416342,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:03 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000530779,"size":162,"status":301,"resp_headers":{"Date":["Sat, 20 Jun 2020 16:59:03 GMT"],"Content-Length":["162"],"X-Xss-Protection":["1; mode=block"],"Referrer-Policy":["strict-origin"],"Content-Type":["text/html"],"Location":["https://mail.emeryx.co.uk/mail"],"Server":["Caddy","nginx"],"X-Download-Options":["noopen"],"X-Content-Type-Options":["nosniff"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"X-Frame-Options":["sameorigin"],"X-Permitted-Cross-Domain-Policies":["none"]}}
{"level":"info","ts":1592672343.1956773,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:03 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000590068,"size":162,"status":301,"resp_headers":{"Server":["Caddy","nginx"],"Content-Length":["162"],"X-Permitted-Cross-Domain-Policies":["none"],"Content-Type":["text/html"],"X-Download-Options":["noopen"],"Referrer-Policy":["strict-origin"],"Location":["https://mail.emeryx.co.uk/mail"],"X-Frame-Options":["sameorigin"],"X-Content-Type-Options":["nosniff"],"X-Xss-Protection":["1; mode=block"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Date":["Sat, 20 Jun 2020 16:59:03 GMT"]}}
{"level":"info","ts":1592672343.2511878,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:03 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000590748,"size":162,"status":301,"resp_headers":{"Date":["Sat, 20 Jun 2020 16:59:03 GMT"],"X-Xss-Protection":["1; mode=block"],"X-Download-Options":["noopen"],"X-Permitted-Cross-Domain-Policies":["none"],"Referrer-Policy":["strict-origin"],"Location":["https://mail.emeryx.co.uk/mail"],"X-Content-Type-Options":["nosniff"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Content-Type":["text/html"],"X-Frame-Options":["sameorigin"],"Server":["Caddy","nginx"],"Content-Length":["162"]}}
{"level":"info","ts":1592672343.299698,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:03 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000576078,"size":162,"status":301,"resp_headers":{"Referrer-Policy":["strict-origin"],"Date":["Sat, 20 Jun 2020 16:59:03 GMT"],"Content-Length":["162"],"Server":["Caddy","nginx"],"Content-Type":["text/html"],"X-Download-Options":["noopen"],"X-Permitted-Cross-Domain-Policies":["none"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"X-Frame-Options":["sameorigin"],"Location":["https://mail.emeryx.co.uk/mail"],"X-Content-Type-Options":["nosniff"],"X-Xss-Protection":["1; mode=block"]}}
{"level":"info","ts":1592672343.3504918,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:03 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000665878,"size":162,"status":301,"resp_headers":{"Date":["Sat, 20 Jun 2020 16:59:03 GMT"],"X-Frame-Options":["sameorigin"],"X-Xss-Protection":["1; mode=block"],"Server":["Caddy","nginx"],"Content-Type":["text/html"],"Content-Length":["162"],"X-Download-Options":["noopen"],"Location":["https://mail.emeryx.co.uk/mail"],"X-Content-Type-Options":["nosniff"],"X-Permitted-Cross-Domain-Policies":["none"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Referrer-Policy":["strict-origin"]}}
{"level":"info","ts":1592672343.4042337,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:03 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000770777,"size":162,"status":301,"resp_headers":{"Date":["Sat, 20 Jun 2020 16:59:03 GMT"],"X-Permitted-Cross-Domain-Policies":["none"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Content-Type":["text/html"],"Content-Length":["162"],"X-Content-Type-Options":["nosniff"],"Server":["Caddy","nginx"],"Location":["https://mail.emeryx.co.uk/mail"],"X-Frame-Options":["sameorigin"],"X-Xss-Protection":["1; mode=block"],"X-Download-Options":["noopen"],"Referrer-Policy":["strict-origin"]}}
{"level":"info","ts":1592672343.4552734,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:03 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000793907,"size":162,"status":301,"resp_headers":{"X-Content-Type-Options":["nosniff"],"Date":["Sat, 20 Jun 2020 16:59:03 GMT"],"Location":["https://mail.emeryx.co.uk/mail"],"X-Frame-Options":["sameorigin"],"X-Download-Options":["noopen"],"X-Permitted-Cross-Domain-Policies":["none"],"Content-Length":["162"],"Server":["Caddy","nginx"],"X-Xss-Protection":["1; mode=block"],"Referrer-Policy":["strict-origin"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Content-Type":["text/html"]}}
{"level":"info","ts":1592672343.508009,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:03 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000600898,"size":162,"status":301,"resp_headers":{"X-Xss-Protection":["1; mode=block"],"Content-Type":["text/html"],"X-Download-Options":["noopen"],"X-Permitted-Cross-Domain-Policies":["none"],"Referrer-Policy":["strict-origin"],"X-Content-Type-Options":["nosniff"],"Content-Length":["162"],"Location":["https://mail.emeryx.co.uk/mail"],"Server":["Caddy","nginx"],"Date":["Sat, 20 Jun 2020 16:59:03 GMT"],"X-Frame-Options":["sameorigin"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"]}}
{"level":"info","ts":1592672343.557768,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:03 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000726638,"size":162,"status":301,"resp_headers":{"Server":["Caddy","nginx"],"Date":["Sat, 20 Jun 2020 16:59:03 GMT"],"Content-Length":["162"],"X-Content-Type-Options":["nosniff"],"X-Frame-Options":["sameorigin"],"X-Xss-Protection":["1; mode=block"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Referrer-Policy":["strict-origin"],"Content-Type":["text/html"],"X-Download-Options":["noopen"],"X-Permitted-Cross-Domain-Policies":["none"],"Location":["https://mail.emeryx.co.uk/mail"]}}
{"level":"info","ts":1592672343.6065702,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/mail","proto":"HTTP/2.0","remote_addr":"10.0.0.1:2461","host":"mail.emeryx.co.uk","headers":{"Accept-Language":["en-GB,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Cookie":["__cfduid=da968eaf158b71467a3995ba9ff8d15711590944927"],"Upgrade-Insecure-Requests":["1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [20/Jun/2020:16:59:03 +0000] \"GET /mail HTTP/2.0\" 301 162","duration":0.000877397,"size":162,"status":301,"resp_headers":{"Date":["Sat, 20 Jun 2020 16:59:03 GMT"],"Content-Type":["text/html"],"X-Xss-Protection":["1; mode=block"],"Content-Length":["162"],"X-Content-Type-Options":["nosniff"],"X-Frame-Options":["sameorigin"],"X-Permitted-Cross-Domain-Policies":["none"],"Server":["Caddy","nginx"],"X-Download-Options":["noopen"],"Content-Security-Policy":["default-src https: data: 'unsafe-inline' 'unsafe-eval'"],"Referrer-Policy":["strict-origin"],"Location":["https://mail.emeryx.co.uk/mail"]}}

Hmm. I think the upstream server might not be getting the right Host and is triggering a redirect to try and correct the domain name.

Any way to resolve that?

After changing the reverse proxy’s destination port to 443 instead of 80, I get the following in the logs, is this relevant?

Jun 21 13:34:48 emy-rp-01 caddy[866]: {"level":"error","ts":1592746488.6881454,"logger":"http.log.error.log0","msg":"x509: cannot validate certificate for 10.0.0.9 because it doesn't contain any IP SANs","request":{"method":"GET","uri":"/","proto":"HTTP/2.0","remote_addr":"10.0.0.1:43237","host":"mail.emeryx.co.uk","headers":{"Cookie":["__cfduid=df8ad8b041d92772c010940771abc74561592466183"],"Pragma":["no-cache"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36 Edg/83.0.478.54"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-GB,en;q=0.9,en-US;q=0.8"],"Cache-Control":["no-cache"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"duration":0.006470415,"status":502,"err_id":"vd4qfeees","err_trace":"reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:380)"}
Jun 21 13:34:48 emy-rp-01 caddy[866]: {"level":"error","ts":1592746488.6882334,"logger":"http.log.access.log0","msg":"handled request","request":{"method":"GET","uri":"/","proto":"HTTP/2.0","remote_addr":"10.0.0.1:43237","host":"mail.emeryx.co.uk","headers":{"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-GB,en;q=0.9,en-US;q=0.8"],"Cache-Control":["no-cache"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-User":["?1"],"Cookie":["__cfduid=df8ad8b041d92772c010940771abc74561592466183"],"Pragma":["no-cache"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36 Edg/83.0.478.54"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"]},"tls":{"resumed":false,"version":772,"ciphersuite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.emeryx.co.uk"}},"common_log":"10.0.0.1 - - [21/Jun/2020:13:34:48 +0000] \"GET / HTTP/2.0\" 502 0","duration":0.006470415,"size":0,"status":502,"resp_headers":{"Server":["Caddy"]}}

Focusing on here.

cannot validate certificate for 10.0.0.9 because it doesn't contain any IP SANs

Got it working as expected but I’m having to use tls_insecure_skip_verify in the transport directive which is not recommended. Does this mean I need to have the ssl certificate on the server itself?

Yes, ideally the proper way to trust CAs is to add their root certificate to the client’s validation logic. You can tell Caddy’s reverse proxy to trust a certain CA using the tls_trusted_ca_certs subdirective of the http transport block. Do a find-in-page here:

The other way is to add the CA certificate to the system trust store, but this causes all software on the system to trust the CA, which might not be what you want.

Edit: (Sorry, am mobile today, didn’t see the thread.) Your backend still needs to provide a valid certificate, of course. So its subject name(s) need to be something that the client will accept. In your case, an IP address since you’re proxying to an IP.

This topic was automatically closed after 30 days. New replies are no longer allowed.