1. Caddy version (caddy version):
2.4.3
2. How I run Caddy:
a. System environment:
Ubuntu 20.04, systemd ran service
b. Command:
Systemd managed
c. Service/unit/compose file:
Distribution provided
d. My complete Caddyfile or JSON config:
{
acme_dns cloudflare ---
http_port 80
}
(aio) {
header {
X-XSS-Protection "1; mode=block"
-Server
-Feature-Policy
-X-Powered-By
-X-Redirect-By
X-Content-Type-Options nosniff
Referrer-Policy no-referrer-when-downgrade
Cross-Origin-Opener-Policy same-origin-allow-popups
Content-Security-Policy "default-src 'self' data: https: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; upgrade-insecure-requests; report-uri ---"
Permissions-Policy "interest-cohort=(*),geolocation=(),midi=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),autoplay=(),sync-xhr=(*)"
?Cache-Control "public, max-age=604800"
Access-Control-Allow-Origin "*"
X-Copyright "Androidacy"
Report-To '\{"endpoints":[\{"url":"---"\}],"group":"androidacy","max_age":604800\}'
NEL '\{"report_to":"androidacy","max_age":604800\}'
}
header /wp-admin/* {
Cache-Control private, no-cache
}
header /wp-login.php* {
Cache-Control private, no-cache
}
handle_errors {
rewrite * /{http.error.status_code}
reverse_proxy https://http.cat {
header_up Host http.cat
}
}
push
# rewrite /dashboard/ /wp-admin/index.php
# respond /wp-admin/* 404
}
(rocket) {
@cache {
not header_regexp Cookie "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in"
not path_regexp "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(index)?.xml|[a-z0-9-]+-sitemap([0-9]+)?.xml)"
not method POST
not expression {query} != ''
}
route @cache {
try_files /wp-content/cache/wp-rocket/{host}{uri}/index-https.html /wp-content/cache/wp-rocket/{host}{uri}/index.html {path} {path}/index.php?{query}
header X-Rocket-Cacheable true
}
}
git.androidacy.com {
import aio
root * /var/www/git
encode gzip zstd
reverse_proxy * 172.20.0.2:3000
}
androidacy.com {
redir https://www.androidacy.com{uri}
}
www.androidacy.com {
import aio
encode gzip zstd
root * /var/www/www
php_fastcgi * unix//run/php/php8.0-fpm.sock
file_server
respond /wp-content/mu-plugins/* 403
}
dl.androidacy.com {
import aio
encode gzip zstd
root * /var/www/dl2
php_fastcgi * unix//run/php/php8.0-fpm.sock
file_server
}
bw.androidacy.com {
encode gzip zstd
import aio
reverse_proxy /notifications/hub 172.18.0.2:3012
reverse_proxy 172.18.0.2:80 {
header_up X-Real-IP {header.Cf-Connecting-Ip}
}
}
dev-a-team.androidacy.com {
import aio
encode gzip zstd
redir https://a-team.androidacy.com
root * /var/www/a-team
php_fastcgi * unix//run/php/php8.0-fpm.sock
file_server
push
}
yyt1ij.androidacy.com {
encode gzip zstd
import aio
root * /var/www/m
php_fastcgi * unix//run/php/php8.0-fpm.sock
file_server
respond /config/* 403
respond /tmp/* 403
respond /lang/* 403
}
api.androidacy.com {
encode gzip zstd
import aio
header * {
Access-Control-Allow-Origin "*"
}
root * /var/www/api
reverse_proxy * 127.0.0.1:8000
}
test-api.androidacy.com http://127.0.0.1:8082 {
encode gzip zstd
import aio
root * /var/www/beta-api/public
php_fastcgi * unix//run/php/php8.0-fpm.sock
header * {
Access-Control-Allow-Origin "*"
}
}
8o1f03jk.androidacy.com
encode gzip
import aio
reverse_proxy * localhost:9000
header * {
Access-Control-Allow-Origin "*"
}
}
*.androidacy.com {
redir https://www.androidacy.com/ permanent
}
3. The problem I’m having:
NEL and Report-To both use JSON in the header. However, in the Caddyfil, {} is intepreted as a variable, and no amount of escaping changes that.
4. Error messages and/or full log output:
Just examine the headers. Notice NEL is empty and Report-To is half empty
5. What I already tried:
What’s in the posted Caddyfil. Escaped, not escaped, etc
