1. Caddy version (caddy version):
v2.0.0-beta.14 h1:QX1hRMfTA5sel53o5SuON1ys50at6yuSAnPr56sLeK8=
and
v2.4.1 h1:kAJ0JB5Xk5gPdTH/27S5cyoMGqD5lBAe9yZ8zTjVJa0=
2. How I run Caddy:
a. System environment:
Debian vm running as a systemd service
Linux caddy 5.10.0-6-amd64 #1 SMP Debian 5.10.28-1 (2021-04-09) x86_64 GNU/Linux
b. Command:
systemctl start caddy
c. Service/unit/compose file:
[Unit]
Description=Caddy Web Server
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/local/bin/caddy run --config /etc/caddy/Caddyfile --adapter caddyfile --environ
ExecReload=/usr/local/bin/caddy reload --config /etc/caddy/Caddyfile --adapter caddyfile
TimeoutStopSec=5s
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
*.example.com {
tls /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem {
protocols tls1.2 tls1.3
ciphers TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
}
@www {
protocol https
host www.example.com
}
handle @www {
reverse_proxy nginx.local:443 {
transport http {
tls
}
}
}
@webmail {
protocol https
host webmail.example.com
}
handle @webmail {
reverse_proxy roundcube.local:80
}
}
https://example.com {
tls /etc/letsencrypt/live/example.com/fullchain.pem /etc/letsencrypt/live/example.com/privkey.pem
redir https://www.example.com{uri}
}
http://example.com http://www.example.com http://webmail.example.com {
redir https://{host}{uri}
}
http://mail.example.com {
reverse_proxy {
to mail.local:80 192.168.1.6:80
}
}
3. The problem I’m having:
mDNS resolution for the nginx.local address seems to fail with a 502 error on the later version of Caddy v2.4.1, but works as expected in the older Caddy v2.0.0 beta14
4. Error messages and/or full log output:
The log for v2.4.1 shows a DNS request going to the gateway and failing
Jun 09 00:39:08 caddy caddy[19199]: {"level":"error","ts":1623213548.9997115,"logger":"http.log.error","msg":"dial tcp: lookup nginx.local on 192.168.1.1:53: no such host","request":{"remote_addr":"1.2.3.4:49488","proto":"HTTP/2.0","method":"GET","host":"www.example.com","uri":"/","headers":{"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US,en;q=0.9"],"Sec-Gpc":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.864.41"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Dnt":["1"],"Sec-Ch-Ua":["\" Not;A Brand\";v=\"99\", \"Microsoft Edge\";v=\"91\", \"Chromium\";v=\"91\""],"Sec-Ch-Ua-Mobile":["?0"],"Upgrade-Insecure-Requests":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"www.example.com"}},"duration":0.009322533,"status":502,"err_id":"pfus6m109","err_trace":"reverseproxy.statusError (reverseproxy.go:861)"}
Nothing is emitted in the log when running the older version because the request is resolving correctly.
5. What I already tried:
Staying on the old version works for now
6. Links to relevant resources:
N/A