JSONRPC reverse proxy to electrum server not working

1. Output of caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

systemd

a. System environment:

Operating System: Debian GNU/Linux 11 (bullseye)
Kernel: Linux 5.10.0-19-amd64
Architecture: x86-64

b. Command:

systemctl start/stop/restart caddy

c. Service/unit/compose file:

default systemd service file

d. My complete Caddy config:

electrs.x.x:50002 {
      reverse_proxy x.x.x.x:50001
}

I have also tried

electrs.x.x:50002 {
    reverse_proxy {
to h2c://x.x.x.x:50001
transport http {
    versions h2c
}
    }

3. The problem I’m having:

Reverse proxy does not work for Electrum server (JSONRP)

4. Error messages and/or full log output:

Curl requrest:

curl -v https://electrs.x.x:50002
*   Trying x.x.x.x:50002...
* Connected to electrs.x.x (x.x.x.x) port 50002 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=electrs.x.x
*  start date: Nov 16 00:20:09 2022 GMT
*  expire date: Feb 14 00:20:08 2023 GMT
*  subjectAltName: host "electrs.x.x" matched cert's "electrs.x.x"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5597aeec92c0)
> GET / HTTP/2
> Host: electrs.x.x:50002
> user-agent: curl/7.74.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!

Electrum server response for curl:

[2022-11-16T13:48:58.220Z WARN  electrs::electrum] invalid JSON ("PRI * HTTP/2.0"): expected value at line 1 column 1
[2022-11-16T13:48:58.221Z WARN  electrs::electrum] invalid JSON (""): EOF while parsing a value at line 1 column 0
[2022-11-16T13:48:58.221Z WARN  electrs::electrum] invalid JSON ("SM"): expected value at line 1 column 1
[2022-11-16T13:48:58.221Z WARN  electrs::electrum] invalid JSON (""): EOF while parsing a value at line 1 column 0

Caddy log for curl request:

Nov 16 08:56:39 caddy[820351]: {"level":"debug","ts":1668606999.174187,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"electrs.x.x","subjects":["electrs.x.x"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"bdd9fe946413c6c373b12286ec83ac4e84f6c87ce0a1f5ac5465d719dddddd"}
Nov 16 08:56:39 caddy[820351]: {"level":"debug","ts":1668606999.1741931,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"1.2.3.4","remote_port":"33436","subjects":["lnme.hodl.pm"],"managed":true,"expiration":1676334009,"hash":"bdd9fe946413c6c373b12286ec83ac4e84f6c87ce0a1f5ac5465d71ddddddddd"}
Nov 16 08:56:42 caddy[820351]: {"level":"debug","ts":1668607002.0753322,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"x.x.x.x:50001","duration":463.910657213,"request":{"remote_ip":"1.2.3.4","remote_port":"34358","proto":"HTTP/2.0","method":"GET","host":"electrs.x.x:50002","uri":"/","headers":{"User-Agent":["curl/7.74.0"],"Accept":["*/*"],"X-Forwarded-For":["1.2.3.4"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["electrs.x.x:50002"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"electrs.x.x"}},"error":"context canceled"}

Caddy log for Electrum application request:

Nov 16 08:56:07 caddy[820351]: {"level":"debug","ts":1668606967.4761353,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"1.2.3.4","remote_port":"33427","subjects":["electrs.x.x"],"managed":true,"expiration":1676334009,"hash":"bdd9fe946413c6c373b12286ec83ac4e84f6c87ce0a1f5ac5dddddddd"}
Nov 16 08:56:18 caddy[820351]: {"level":"debug","ts":1668606978.3441508,"logger":"events","msg":"event","name":"tls_get_certificate","id":"158cc2f2-0dbb-4a59-b6f7-5472c61f401b","origin":"tls","data":{"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"electrs.x.x","SupportedCurves":[29,23,30,25,24],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,515,769,513,770,514,1026,1282,1538],"SupportedProtos":null,"SupportedVersions":[772,771,770,769],"Conn":{}}}}
Nov 16 08:56:18 caddy[820351]: {"level":"debug","ts":1668606978.3442042,"logger":"tls.handshake","msg":"choosing certificate","identifier":"electrs.x.x","num_choices":1}
Nov 16 08:56:18 caddy[820351]: {"level":"debug","ts":1668606978.3442223,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"electrs.x.x","subjects":["electrs.x.x"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"bdd9fe946413c6c373b12286ec83ac4e84f6c87ce0a1f5acddddddd"}

The working nginx.conf:

upstream electrs {
server x.x.x.x:50001;
}

server {
listen 50002 ssl;
proxy_pass electrs;

ssl_certificate abc.crt;
ssl_certificate_key abc.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 4h;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
}

5. What I already tried:

Try different directives and options

6. Links to relevant resources:

1 Like

Please fill out the help topic template, as per the forum rules. We need to see your Caddy logs. Turn on the debug global option to see more details from the reverse_proxy logs.

Thanks. I have updated the post.

Is that all? I’m not seeing logs from the proxy, only the TLS handshake stuff.

I’m not seeing any issue with Caddy from this so far. You might want to reach out to the electrs people to get them to try it with Caddy. They can probably debug their software better than you or I to figure out what’s going on.

Unfortunately yes, i retried it with running caddy directly caddy reverse-proxy --from electrs.x.x:50002 --to x.x.x.x:50001 --debug and still go the same message.

I was wondering because nginx is just working fine.

I’m having the very same issue of @littlehodler.

Please open a new topic @nicheosala, and fill out the help topic template.

A reply like this is not productive for anyone. We need as much detail as possible about your specific setup to help you.