1. Output of caddy version
:
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I run Caddy:
systemd
a. System environment:
Operating System: Debian GNU/Linux 11 (bullseye)
Kernel: Linux 5.10.0-19-amd64
Architecture: x86-64
b. Command:
systemctl start/stop/restart caddy
c. Service/unit/compose file:
default systemd service file
d. My complete Caddy config:
electrs.x.x:50002 {
reverse_proxy x.x.x.x:50001
}
I have also tried
electrs.x.x:50002 {
reverse_proxy {
to h2c://x.x.x.x:50001
transport http {
versions h2c
}
}
3. The problem I’m having:
Reverse proxy does not work for Electrum server (JSONRP)
4. Error messages and/or full log output:
Curl requrest:
curl -v https://electrs.x.x:50002
* Trying x.x.x.x:50002...
* Connected to electrs.x.x (x.x.x.x) port 50002 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=electrs.x.x
* start date: Nov 16 00:20:09 2022 GMT
* expire date: Feb 14 00:20:08 2023 GMT
* subjectAltName: host "electrs.x.x" matched cert's "electrs.x.x"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5597aeec92c0)
> GET / HTTP/2
> Host: electrs.x.x:50002
> user-agent: curl/7.74.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
Electrum server response for curl:
[2022-11-16T13:48:58.220Z WARN electrs::electrum] invalid JSON ("PRI * HTTP/2.0"): expected value at line 1 column 1
[2022-11-16T13:48:58.221Z WARN electrs::electrum] invalid JSON (""): EOF while parsing a value at line 1 column 0
[2022-11-16T13:48:58.221Z WARN electrs::electrum] invalid JSON ("SM"): expected value at line 1 column 1
[2022-11-16T13:48:58.221Z WARN electrs::electrum] invalid JSON (""): EOF while parsing a value at line 1 column 0
Caddy log for curl request:
Nov 16 08:56:39 caddy[820351]: {"level":"debug","ts":1668606999.174187,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"electrs.x.x","subjects":["electrs.x.x"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"bdd9fe946413c6c373b12286ec83ac4e84f6c87ce0a1f5ac5465d719dddddd"}
Nov 16 08:56:39 caddy[820351]: {"level":"debug","ts":1668606999.1741931,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"1.2.3.4","remote_port":"33436","subjects":["lnme.hodl.pm"],"managed":true,"expiration":1676334009,"hash":"bdd9fe946413c6c373b12286ec83ac4e84f6c87ce0a1f5ac5465d71ddddddddd"}
Nov 16 08:56:42 caddy[820351]: {"level":"debug","ts":1668607002.0753322,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"x.x.x.x:50001","duration":463.910657213,"request":{"remote_ip":"1.2.3.4","remote_port":"34358","proto":"HTTP/2.0","method":"GET","host":"electrs.x.x:50002","uri":"/","headers":{"User-Agent":["curl/7.74.0"],"Accept":["*/*"],"X-Forwarded-For":["1.2.3.4"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["electrs.x.x:50002"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"electrs.x.x"}},"error":"context canceled"}
Caddy log for Electrum application request:
Nov 16 08:56:07 caddy[820351]: {"level":"debug","ts":1668606967.4761353,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"1.2.3.4","remote_port":"33427","subjects":["electrs.x.x"],"managed":true,"expiration":1676334009,"hash":"bdd9fe946413c6c373b12286ec83ac4e84f6c87ce0a1f5ac5dddddddd"}
Nov 16 08:56:18 caddy[820351]: {"level":"debug","ts":1668606978.3441508,"logger":"events","msg":"event","name":"tls_get_certificate","id":"158cc2f2-0dbb-4a59-b6f7-5472c61f401b","origin":"tls","data":{"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"electrs.x.x","SupportedCurves":[29,23,30,25,24],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,515,769,513,770,514,1026,1282,1538],"SupportedProtos":null,"SupportedVersions":[772,771,770,769],"Conn":{}}}}
Nov 16 08:56:18 caddy[820351]: {"level":"debug","ts":1668606978.3442042,"logger":"tls.handshake","msg":"choosing certificate","identifier":"electrs.x.x","num_choices":1}
Nov 16 08:56:18 caddy[820351]: {"level":"debug","ts":1668606978.3442223,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"electrs.x.x","subjects":["electrs.x.x"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"bdd9fe946413c6c373b12286ec83ac4e84f6c87ce0a1f5acddddddd"}
The working nginx.conf:
upstream electrs {
server x.x.x.x:50001;
}
server {
listen 50002 ssl;
proxy_pass electrs;
ssl_certificate abc.crt;
ssl_certificate_key abc.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 4h;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
}
5. What I already tried:
Try different directives and options