Yes, wildcards are sorted less specific so they go at the end.
Similarly to log, you can only have one tls per site. And you can’t have tls in a handle, it needs to be at the top-level of your site.
So does that mean that Caddy will automatically work out whether it needs to use a wildcard or individual certificate, or, that I can’t really treat a domain and its subdomains under a single Caddy block? No real issue if it’s the latter. I’ll just keep the single certificate domain+www and wildcard certificate subdomain blocks separate. I’m really just trying to see how far I can push the redesign of the Caddyfile.
I strongly recommend you run caddy adapt --pretty on your config after every change you make to see how it transforms the JSON.
Essentially, yes. It’ll use the most specific certificate that applies first, if there’s more than one that apply.
1 Like
I’m beginning to appreciate why this is an important step.
So, here’s the redesign on paper. I’ll report back tomorrow on how well the implementation went. Thanks, @francislavoie and @matt for your guidance tonight.
*.udance.com.au, udance.com.au {
map {labels.3} {upstream} {
rslsync 10.1.1.22:8888 # Resilio Sync
cloud 10.1.1.29:80 # Nextcloud
heimdall 10.1.1.23:80 # Heimdall
blog 10.1.1.54:80 # blog.udance.com.au
test 10.1.1.50:80 # test.udance.com.au
basil 10.1.1.56:80 # basil.udance.com.au
sachika 10.1.1.57:80 # sachika.udance.com.au
www 10.1.1.55:80 # www.udance.com.au
default 10.1.1.55:80 # udance.com.au
}
encode gzip
import tlsdns
import authproxy /phpmyadmin*
import logging udance
@udance host udance.com.au, www.udance.com.au
handle @udance {
... # subdir treatment
}
reverse_proxy {upstream}
}
2 Likes
So, I thought I’d approach the implementation in a piecemeal fashion as well. I ignored the domain+www block and concentrated on the wildcard subdomain block. This is what I added to the bottom of my Caddyfile. I also commented out the corresponding lines in the original extract.
*.udance.com.au {
map {labels.3} {upstream} {
rslsync 10.1.1.22:8888 # Resilio Sync
cloud 10.1.1.29:80 # Nextcloud
heimdall 10.1.1.23:80 # Heimdall
blog 10.1.1.54:80 # blog.udance.com.au
test 10.1.1.50:80 # test.udance.com.au
basil 10.1.1.56:80 # basil.udance.com.au
sachika 10.1.1.57:80 # sachika.udance.com.au
# www 10.1.1.55:80 # www.udance.com.au
# default 10.1.1.55:80 # udance.com.au
}
encode gzip
import tlsdns
import authproxy /phpmyadmin*
import logging udance
reverse_proxy {upstream}
}
Validating the Caddyfile revealed no errors.
root@caddy:/usr/local/www # service caddy validate
2021/03/03 04:59:58.034 INFO using provided configuration {"config_file": "/usr/local/www/Caddyfile", "config_adapter": "caddyfile"}
2021/03/03 04:59:58.041 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0002ce000"}
2021/03/03 04:59:58.041 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2021/03/03 04:59:58.041 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2021/03/03 05:00:09.707 INFO tls.cache.maintenance stopped background certificate maintenance {"cache": "0xc0002ce000"}
Valid configuration
root@caddy:/usr/local/www #
However, after a service caddy reload, when attempting to access one of the subdomains, say cloud.udance.com.au, I get a 502 error.
I check that the wildcard certificate was generated and that seems okay.
root@caddy:/ # ls -l /.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/wild*
total 20
-rw------- 1 root wheel 3157 Mar 3 12:20 wildcard_.udance.com.au.crt
-rw------- 1 root wheel 154 Mar 3 12:20 wildcard_.udance.com.au.json
-rw------- 1 root wheel 227 Mar 3 12:20 wildcard_.udance.com.au.key
However, when I check the Caddy log, I see something interesting…
root@caddy:/var/log # cat /var/log/caddy.log
{"level":"info","ts":1614748952.7792225,"msg":"using provided configuration","config_file":"/usr/local/www/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1614748952.7864382,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["127.0.0.1:2019","localhost:2019","[::1]:2019"]}
{"level":"info","ts":1614748952.7875009,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000376000"}
{"level":"info","ts":1614748952.7877486,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1614748952.787799,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1614748964.174874,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["tc123.udance.com.au","truecommand.udance.com.au","nc-apache.udance.com.au","caffigoalkeeping.com","www.caffigoalkeeping.com.au","portainer.udance.com.au","wordpress.udance.com.au","www.xenografix.com.au","nc-fpm.udance.com.au","www.udance.com.au","caffigoalkeeping.com.au","collabora.udance.com.au","udance.com.au","www.readymcgetty.com.au","readymcgetty.com.au","office.udance.com.au","*.udance.com.au","xenografix.com.au","www.caffigoalkeeping.com"]}
{"level":"info","ts":1614748964.1869757,"logger":"tls","msg":"cleaned up storage units"}
{"level":"info","ts":1614748964.192141,"msg":"autosaved config","file":"/.config/caddy/autosave.json"}
{"level":"info","ts":1614748964.1921597,"msg":"serving initial configuration"}
Successfully started Caddy (pid=60618) - Caddy is running in the background
{"level":"error","ts":1614748992.9612057,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.29:80:: address 10.1.1.29:80:: too many colons in address","request":{"remote_addr":"10.1.1.113:39484","proto":"HTTP/2.0","method":"PROPFIND","host":"cloud.udance.com.au","uri":"/remote.php/dav/calendars/basil/personal/","headers":{"Content-Length":["265"],"User-Agent":["DAVx5/3.3.9-ose (2021/02/28; dav4jvm; okhttp/4.9.1) Android/11"],"Accept-Language":["en-AU, en;q=0.7, *;q=0.5"],"Authorization":["Basic YmFzaWxpY2EgaXgKOmN2aWc="],"Depth":["0"],"Accept-Encoding":["br,gzip"],"Content-Type":["application/xml; charset=utf-8"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"cloud.udance.com.au"}},"duration":0.000133454,"status":502,"err_id":"kxkbpin1f","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749065.5240397,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.29:80:: address 10.1.1.29:80:: too many colons in address","request":{"remote_addr":"162.158.2.50:54858","proto":"HTTP/1.1","method":"GET","host":"cloud.udance.com.au","uri":"/apps/dashboard/","headers":{"Cf-Connecting-Ip":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"Connection":["Keep-Alive"],"Cf-Ipcountry":["AU"],"Cf-Ray":["62a0703ab886df95-MEL"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"],"Cookie":["tk_lr=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_or=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_r3d=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; nc_session_id=56jtq4atqqdj1bdavoasr38h35; nc_token=d%2BM%2BAjhBxoSh3p%2BDZk7kTpMkhaCkqx1J; nc_username=barry; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; __cfduid=d7e82a25af9097f3ed614a4db802bf4691614399683"],"Cf-Request-Id":["08982478b70000df9555ab3000000001"],"Accept-Language":["en-au"],"Cdn-Loop":["cloudflare"],"X-Forwarded-For":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"cloud.udance.com.au"}},"duration":0.000065856,"status":502,"err_id":"09h4jmn7d","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749066.525788,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.29:80:: address 10.1.1.29:80:: too many colons in address","request":{"remote_addr":"162.158.2.50:55610","proto":"HTTP/1.1","method":"GET","host":"cloud.udance.com.au","uri":"/core/preview?fileId=331091&x=32&y=32","headers":{"Cookie":["cf_use_ob=0; cf_ob_info=502:62a0703ab886df95:MEL; tk_lr=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_or=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_r3d=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; nc_session_id=56jtq4atqqdj1bdavoasr38h35; nc_token=d%2BM%2BAjhBxoSh3p%2BDZk7kTpMkhaCkqx1J; nc_username=barry; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; __cfduid=d7e82a25af9097f3ed614a4db802bf4691614399683"],"Cdn-Loop":["cloudflare"],"Connection":["Keep-Alive"],"Accept-Encoding":["gzip"],"Cf-Ray":["62a070410fd0df95-MEL"],"Cf-Ipcountry":["AU"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"],"Cf-Connecting-Ip":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"X-Forwarded-For":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Request-Id":["0898247ca50000df95798cd000000001"],"X-Forwarded-Proto":["https"],"Accept":["image/png,image/svg+xml,image/*;q=0.8,video/*;q=0.8,*/*;q=0.5"],"Accept-Language":["en-au"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"cloud.udance.com.au"}},"duration":0.000060729,"status":502,"err_id":"3p1tmsbsk","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749066.5266666,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.29:80:: address 10.1.1.29:80:: too many colons in address","request":{"remote_addr":"162.158.2.50:55608","proto":"HTTP/1.1","method":"GET","host":"cloud.udance.com.au","uri":"/avatar/barry/32?v=2","headers":{"X-Forwarded-For":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"Cf-Ray":["62a070410fcadf95-MEL"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"],"Connection":["Keep-Alive"],"Accept-Encoding":["gzip"],"Cf-Request-Id":["0898247ca40000df9573849000000001"],"Accept-Language":["en-au"],"Cookie":["cf_use_ob=0; cf_ob_info=502:62a0703ab886df95:MEL; tk_lr=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_or=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_r3d=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; nc_session_id=56jtq4atqqdj1bdavoasr38h35; nc_token=d%2BM%2BAjhBxoSh3p%2BDZk7kTpMkhaCkqx1J; nc_username=barry; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; __cfduid=d7e82a25af9097f3ed614a4db802bf4691614399683"],"Cdn-Loop":["cloudflare"],"Cf-Ipcountry":["AU"],"Accept":["image/png,image/svg+xml,image/*;q=0.8,video/*;q=0.8,*/*;q=0.5"],"Cf-Connecting-Ip":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"cloud.udance.com.au"}},"duration":0.0000586,"status":502,"err_id":"vu12ie2vd","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749066.5291593,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.29:80:: address 10.1.1.29:80:: too many colons in address","request":{"remote_addr":"162.158.2.226:28138","proto":"HTTP/1.1","method":"GET","host":"cloud.udance.com.au","uri":"/apps/user_status/img/user-status-online.svg","headers":{"Cf-Ray":["62a070410fcedf95-MEL"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"],"Cdn-Loop":["cloudflare"],"Connection":["Keep-Alive"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept":["image/png,image/svg+xml,image/*;q=0.8,video/*;q=0.8,*/*;q=0.5"],"Cf-Ipcountry":["AU"],"Accept-Language":["en-au"],"Cf-Connecting-Ip":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"Cf-Request-Id":["0898247ca50000df95528ce000000001"],"Accept-Encoding":["gzip"],"X-Forwarded-For":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"X-Forwarded-Proto":["https"],"Cookie":["cf_use_ob=0; cf_ob_info=502:62a0703ab886df95:MEL; tk_lr=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_or=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_r3d=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; nc_session_id=56jtq4atqqdj1bdavoasr38h35; nc_token=d%2BM%2BAjhBxoSh3p%2BDZk7kTpMkhaCkqx1J; nc_username=barry; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; __cfduid=d7e82a25af9097f3ed614a4db802bf4691614399683"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"cloud.udance.com.au"}},"duration":0.000039093,"status":502,"err_id":"ks5wrgxjn","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749066.5303893,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.29:80:: address 10.1.1.29:80:: too many colons in address","request":{"remote_addr":"162.158.2.14:30270","proto":"HTTP/1.1","method":"GET","host":"cloud.udance.com.au","uri":"/apps/theming/img/core/filetypes/file.svg?v=0","headers":{"Accept-Encoding":["gzip"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cookie":["cf_use_ob=0; cf_ob_info=502:62a0703ab886df95:MEL; tk_lr=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_or=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_r3d=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; nc_session_id=56jtq4atqqdj1bdavoasr38h35; nc_token=d%2BM%2BAjhBxoSh3p%2BDZk7kTpMkhaCkqx1J; nc_username=barry; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; __cfduid=d7e82a25af9097f3ed614a4db802bf4691614399683"],"Cdn-Loop":["cloudflare"],"Cf-Ipcountry":["AU"],"X-Forwarded-For":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"],"Accept-Language":["en-au"],"Cf-Connecting-Ip":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"Connection":["Keep-Alive"],"Cf-Ray":["62a070410fccdf95-MEL"],"Accept":["image/png,image/svg+xml,image/*;q=0.8,video/*;q=0.8,*/*;q=0.5"],"Cf-Request-Id":["0898247ca70000df958c853000000001"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"cloud.udance.com.au"}},"duration":0.000032378,"status":502,"err_id":"ta1xhby4f","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749066.5310187,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.29:80:: address 10.1.1.29:80:: too many colons in address","request":{"remote_addr":"162.158.2.194:44098","proto":"HTTP/1.1","method":"GET","host":"cloud.udance.com.au","uri":"/apps/theming/img/core/filetypes/image.svg?v=0","headers":{"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"],"Cf-Request-Id":["0898247ca40000df95a10ad000000001"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"X-Forwarded-Proto":["https"],"Accept":["image/png,image/svg+xml,image/*;q=0.8,video/*;q=0.8,*/*;q=0.5"],"Accept-Encoding":["gzip"],"X-Forwarded-For":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"Accept-Language":["en-au"],"Cf-Ray":["62a070410fc8df95-MEL"],"Cookie":["cf_use_ob=0; cf_ob_info=502:62a0703ab886df95:MEL; tk_lr=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_or=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_r3d=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; nc_session_id=56jtq4atqqdj1bdavoasr38h35; nc_token=d%2BM%2BAjhBxoSh3p%2BDZk7kTpMkhaCkqx1J; nc_username=barry; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; __cfduid=d7e82a25af9097f3ed614a4db802bf4691614399683"],"Cf-Connecting-Ip":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"Cdn-Loop":["cloudflare"],"Connection":["Keep-Alive"],"Cf-Ipcountry":["AU"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"cloud.udance.com.au"}},"duration":0.000036073,"status":502,"err_id":"qc0fewg3a","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749066.5321314,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.29:80:: address 10.1.1.29:80:: too many colons in address","request":{"remote_addr":"162.158.2.198:51996","proto":"HTTP/1.1","method":"GET","host":"cloud.udance.com.au","uri":"/apps/dashboard/img/kamil-porembinski-clouds.jpg","headers":{"Cdn-Loop":["cloudflare"],"Connection":["Keep-Alive"],"X-Forwarded-For":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"],"Accept-Language":["en-au"],"Cookie":["cf_use_ob=0; cf_ob_info=502:62a0703ab886df95:MEL; tk_lr=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_or=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_r3d=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; nc_session_id=56jtq4atqqdj1bdavoasr38h35; nc_token=d%2BM%2BAjhBxoSh3p%2BDZk7kTpMkhaCkqx1J; nc_username=barry; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; __cfduid=d7e82a25af9097f3ed614a4db802bf4691614399683"],"Accept-Encoding":["gzip"],"X-Forwarded-Proto":["https"],"Cf-Request-Id":["0898247ca60000df955c399000000001"],"Cf-Ray":["62a070410fd3df95-MEL"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept":["image/png,image/svg+xml,image/*;q=0.8,video/*;q=0.8,*/*;q=0.5"],"Cf-Ipcountry":["AU"],"Cf-Connecting-Ip":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"cloud.udance.com.au"}},"duration":0.00003569,"status":502,"err_id":"ewuw7762e","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749066.5328748,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.29:80:: address 10.1.1.29:80:: too many colons in address","request":{"remote_addr":"162.158.2.224:43012","proto":"HTTP/1.1","method":"GET","host":"cloud.udance.com.au","uri":"/apps/files_rightclick/css/app.css?v=46c85d58-0","headers":{"Accept":["text/css,*/*;q=0.1"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"],"Accept-Encoding":["gzip"],"X-Forwarded-For":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"Cf-Request-Id":["0898247ca70000df95b314f000000001"],"X-Forwarded-Proto":["https"],"Cookie":["cf_use_ob=0; cf_ob_info=502:62a0703ab886df95:MEL; tk_lr=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_or=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_r3d=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; nc_session_id=56jtq4atqqdj1bdavoasr38h35; nc_token=d%2BM%2BAjhBxoSh3p%2BDZk7kTpMkhaCkqx1J; nc_username=barry; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; __cfduid=d7e82a25af9097f3ed614a4db802bf4691614399683"],"Cdn-Loop":["cloudflare"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Ray":["62a070410fc6df95-MEL"],"Accept-Language":["en-au"],"Cf-Connecting-Ip":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"Connection":["Keep-Alive"],"Cf-Ipcountry":["AU"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"cloud.udance.com.au"}},"duration":0.000031287,"status":502,"err_id":"8vjsma683","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749066.7449393,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.29:80:: address 10.1.1.29:80:: too many colons in address","request":{"remote_addr":"162.158.2.224:43186","proto":"HTTP/1.1","method":"GET","host":"cloud.udance.com.au","uri":"/apple-touch-icon-precomposed.png","headers":{"Connection":["Keep-Alive"],"Cookie":["__cfduid=daa7c891a8e0ed5fd846e78f270fd6ae41614596871"],"Cf-Connecting-Ip":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"Cf-Ray":["62a070426bdb3778-MEL"],"Accept":["*/*"],"Accept-Language":["en-au"],"Accept-Encoding":["gzip"],"Cf-Ipcountry":["AU"],"User-Agent":["Safari/15610.4.3.1.6 CFNetwork/1128.0.2 Darwin/19.6.0 (x86_64)"],"X-Forwarded-For":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cdn-Loop":["cloudflare"],"Cf-Request-Id":["0898247d8100003778d4a36000000001"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"cloud.udance.com.au"}},"duration":0.000037372,"status":502,"err_id":"naczega7u","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749099.467625,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.29:80:: address 10.1.1.29:80:: too many colons in address","request":{"remote_addr":"162.158.2.50:24742","proto":"HTTP/1.1","method":"GET","host":"cloud.udance.com.au","uri":"/apps/dashboard/","headers":{"X-Forwarded-For":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-au"],"Cf-Connecting-Ip":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"Accept-Encoding":["gzip"],"Cf-Ipcountry":["AU"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"],"Cf-Request-Id":["089824fd4e0000df9552861000000001"],"Connection":["Keep-Alive"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cookie":["cf_use_ob=0; tk_lr=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_or=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_r3d=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; nc_session_id=56jtq4atqqdj1bdavoasr38h35; nc_token=d%2BM%2BAjhBxoSh3p%2BDZk7kTpMkhaCkqx1J; nc_username=barry; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; __cfduid=d7e82a25af9097f3ed614a4db802bf4691614399683"],"Cdn-Loop":["cloudflare"],"Cf-Ray":["62a0710eec03df95-MEL"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"cloud.udance.com.au"}},"duration":0.000077323,"status":502,"err_id":"bv65gg1x2","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749119.89252,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.29:80:: address 10.1.1.29:80:: too many colons in address","request":{"remote_addr":"162.158.2.50:39814","proto":"HTTP/1.1","method":"GET","host":"cloud.udance.com.au","uri":"/apps/dashboard/","headers":{"Cf-Ray":["62a0718e9c08df95-MEL"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"User-Agent":["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15"],"Accept-Language":["en-au"],"Cf-Connecting-Ip":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"],"Cdn-Loop":["cloudflare"],"Accept-Encoding":["gzip"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],"Connection":["Keep-Alive"],"X-Forwarded-Proto":["https"],"Cookie":["cf_use_ob=0; cf_ob_info=502:62a0710eec03df95:MEL; tk_lr=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_or=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; tk_r3d=%22https%3A%2F%2Fwww.caffigoalkeeping.com.au%22; nc_session_id=56jtq4atqqdj1bdavoasr38h35; nc_token=d%2BM%2BAjhBxoSh3p%2BDZk7kTpMkhaCkqx1J; nc_username=barry; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; __cfduid=d7e82a25af9097f3ed614a4db802bf4691614399683"],"Cf-Request-Id":["0898254d1d0000df9570035000000001"],"Cf-Ipcountry":["AU"],"X-Forwarded-For":["2001:44b8:6135:5200:a477:b3d7:5432:63b6"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"cloud.udance.com.au"}},"duration":0.000077582,"status":502,"err_id":"qx0jj0tu2","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749163.5411074,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.29:80:: address 10.1.1.29:80:: too many colons in address","request":{"remote_addr":"10.1.1.113:39514","proto":"HTTP/2.0","method":"PROPFIND","host":"cloud.udance.com.au","uri":"/remote.php/dav/calendars/basil/personal/","headers":{"Accept-Language":["en-AU, en;q=0.7, *;q=0.5"],"Authorization":["Basic YmFzaWxpY2EgaXgKOmN2aWc="],"Depth":["0"],"Accept-Encoding":["br,gzip"],"Content-Type":["application/xml; charset=utf-8"],"Content-Length":["265"],"User-Agent":["DAVx5/3.3.9-ose (2021/02/28; dav4jvm; okhttp/4.9.1) Android/11"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"cloud.udance.com.au"}},"duration":0.000102101,"status":502,"err_id":"nmfugrdts","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749215.7444136,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.54:80:: address 10.1.1.54:80:: too many colons in address","request":{"remote_addr":"108.162.219.44:27732","proto":"HTTP/1.1","method":"HEAD","host":"blog.udance.com.au","uri":"/","headers":{"User-Agent":["jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"],"Cf-Connecting-Ip":["192.0.101.226"],"Cdn-Loop":["cloudflare"],"Cf-Request-Id":["089826c140000091aa6a372000000001"],"Connection":["Keep-Alive"],"Cf-Ipcountry":["US"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept-Encoding":["gzip"],"X-Forwarded-For":["192.0.101.226"],"Cf-Ray":["62a073e1fedc91aa-EWR"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"blog.udance.com.au"}},"duration":0.000065883,"status":502,"err_id":"d8czi0aac","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
{"level":"error","ts":1614749330.6632104,"logger":"http.log.error.log10","msg":"making dial info: upstream {upstream}:: invalid dial address 10.1.1.50:80:: address 10.1.1.50:80:: too many colons in address","request":{"remote_addr":"108.162.212.145:21372","proto":"HTTP/1.1","method":"HEAD","host":"test.udance.com.au","uri":"/","headers":{"Cf-Ray":["62a076b05b1c12ab-MIA"],"X-Forwarded-Proto":["https"],"User-Agent":["jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"],"Cdn-Loop":["cloudflare"],"Cf-Request-Id":["0898288233000012abf6a84000000001"],"Accept-Encoding":["gzip"],"Cf-Ipcountry":["US"],"X-Forwarded-For":["192.0.91.177"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Connecting-Ip":["192.0.91.177"],"Connection":["Keep-Alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"test.udance.com.au"}},"duration":0.000084075,"status":502,"err_id":"kq4mavq3a","err_trace":"reverseproxy.statusError (reverseproxy.go:783)"}
root@caddy:/var/log #
There are messages about ‘too many colons in address’. Help!
For the moment, I’ve rolled back to the original Caddyfile.
Here’s another thread with a somewhat similar issue Dial error when using placeholder as proxy target
Which version of Caddy are you using? I believe that’s been fixed on the master branch. Also, what does your caddy adapt output look like? Are the extra :: in the JSON config?
2.3.0. Does rebuilding Caddy with the master update me to the 2.4.0 beta?
Not that I can see.
{
"input": "cloud",
"outputs": [
"10.1.1.29:80"
]
},
The v2.4.0-beta.1 tag is older than master but you can try either one. Run xcaddy build master --with ... or run xcaddy build v2.4.0-beta.1 --with ...
That’s for the map handler. What about the reverse_proxy handler? Do you see {upstream}:: there?
Not sure. There’s a single colon after {upstream}.
{
"match": [
{
"host": [
"*.udance.com.au"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"Defaults": null,
"destinations": [
"{upstream}"
],
"handler": "map",
"mappings": [
{
"input": "rslsync",
"outputs": [
"10.1.1.22:8888"
]
},
{
"input": "cloud",
"outputs": [
"10.1.1.29:80"
]
},
{
"input": "heimdall",
"outputs": [
"10.1.1.23:80"
]
},
{
"input": "blog",
"outputs": [
"10.1.1.54:80"
]
},
{
"input": "test",
"outputs": [
"10.1.1.50:80"
]
},
{
"input": "basil",
"outputs": [
"10.1.1.56:80"
]
},
{
"input": "sachika",
"outputs": [
"10.1.1.57:80"
]
}
],
"source": "{http.request.host.labels.3}"
}
]
},
{
"handle": [
{
"handler": "authentication",
"providers": {
"http_basic": {
"accounts": [
{
"password": "REDACTED",
"username": "admin"
}
],
"hash": {
"algorithm": "bcrypt"
},
"hash_cache": {}
}
}
}
],
"match": [
{
"path": [
"/phpmyadmin*"
]
}
]
},
{
"handle": [
{
"encodings": {
"gzip": {}
},
"handler": "encode"
},
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "{upstream}:"
}
]
}
]
}
]
}
],
"terminal": true
}
],
I’m going to roll back and try again later when I have a block of free time.
Yeah there’s the bug. So it’s a problem with the Caddyfile adapter.
So, a newer build should allow me to move forward? Should I wait till 2.4.0 is officially released? I am working with some client systems (other domains) as well and I’m just a little concerned about using a Caddy beta with those systems, or am I unnecessarily worried?
I just tried to replicate the issue on latest master and it’s still broken unfortunately. I’ll see if I can write a quick fix, but we’ve had a lot of churn with this part of the code so we’ll see.
Don’t stress. I’ll roll back for the moment. At least the issue has been flagged.
@francislavoie Thanks for the rapid follow-up. I’ve been thinking it may be possible for me to keep the 2.3.0 version of Caddy I’m currently using and set up a new instance of the master that I can rapidly switch between for testing. This should minimise any disruption to other production systems, though, I won’t have a rig set up until at least later tonight (seven hours from now) or tomorrow.
I’m pleased to say that the patch at post #25 has fixed the issue identified at post #16. Also, all other production domains seem to be working well under the 2.4.0 beta. The udance subdomains are now using a wildcard certificate. The working subdomain Caddy block is reproduced below.
*.udance.com.au {
map {labels.3} {upstream} {
rslsync 10.1.1.22:8888 # Resilio Sync
cloud 10.1.1.29:80 # Nextcloud
heimdall 10.1.1.23:80 # Heimdall
blog 10.1.1.54:80 # blog.udance.com.au
test 10.1.1.50:80 # test.udance.com.au
basil 10.1.1.56:80 # basil.udance.com.au
sachika 10.1.1.57:80 # sachika.udance.com.au
# www 10.1.1.55:80 # www.udance.com.au
# default 10.1.1.55:80 # udance.com.au
}
encode gzip
import tlsdns
import authproxy /phpmyadmin*
import logging udance
reverse_proxy {upstream}
}
The final step of the design calls for the udance domain Caddy block and its subdomains Caddy block to be merged into a single Caddy block.
1 Like
This is the Caddyfile with the domain+www and subdomain blocks merged.
*.udance.com.au, udance.com.au {
map {labels.3} {upstream} {
rslsync 10.1.1.22:8888 # Resilio Sync
cloud 10.1.1.29:80 # Nextcloud
heimdall 10.1.1.23:80 # Heimdall
blog 10.1.1.54:80 # blog.udance.com.au
test 10.1.1.50:80 # test.udance.com.au
basil 10.1.1.56:80 # basil.udance.com.au
sachika 10.1.1.57:80 # sachika.udance.com.au
www 10.1.1.55:80 # www.udance.com.au
default 10.1.1.55:80 # udance.com.au
}
encode gzip
import tlsdns
import authproxy /phpmyadmin*
import logging udance
@udance host udance.com.au, www.udance.com.au
handle @udance {
reverse_proxy /tautulli* 10.1.1.26:8181
reverse_proxy /transmission* 10.1.1.28:9091
}
reverse_proxy {upstream}
}
The udance domain and www subdomain are working, however, the subdirectories are not. Entering udance.com.au/tautulli or udance.com.au/transmission in the address bar returns a ‘Page not found error’ from the udance WordPress site. This suggests that there’s a problem around the handle block. I’ve not used a handle block before, so it’s probably a logical error on my part somewhere. I’ve included an extract from caddy adapt, which might reveal some clues (I’m still learning to find my way around this).
{
"match": [
{
"host": [
"*.udance.com.au",
"udance.com.au"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"defaults": [
"10.1.1.55:80"
],
"destinations": [
"{upstream}"
],
"handler": "map",
"mappings": [
{
"input": "rslsync",
"outputs": [
"10.1.1.22:8888"
]
},
{
"input": "cloud",
"outputs": [
"10.1.1.29:80"
]
},
{
"input": "heimdall",
"outputs": [
"10.1.1.23:80"
]
},
{
"input": "blog",
"outputs": [
"10.1.1.54:80"
]
},
{
"input": "test",
"outputs": [
"10.1.1.50:80"
]
},
{
"input": "basil",
"outputs": [
"10.1.1.56:80"
]
},
{
"input": "sachika",
"outputs": [
"10.1.1.57:80"
]
},
{
"input": "www",
"outputs": [
"10.1.1.55:80"
]
}
],
"source": "{http.request.host.labels.3}"
}
]
},
{
"handle": [
{
"handler": "authentication",
"providers": {
"http_basic": {
"accounts": [
{
"password": [REDACTED],
"username": "admin"
}
],
"hash": {
"algorithm": "bcrypt"
},
"hash_cache": {}
}
}
}
],
"match": [
{
"path": [
"/phpmyadmin*"
]
}
]
},
{
"handle": [
{
"encodings": {
"gzip": {}
},
"handler": "encode"
}
]
},
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "10.1.1.28:9091"
}
]
}
],
"match": [
{
"path": [
"/transmission*"
]
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "10.1.1.26:8181"
}
]
}
],
"match": [
{
"host": [
"udance.com.au,",
"www.udance.com.au"
]
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "{upstream}"
}
]
}
]
}
]
}
],
"terminal": true
}
],
Turn on the debug global option, then make a request. What do you see in your logs? Run journalctl -u caddy --no-pager | less to see.
Apologies for the delay. journalctl doesn’t appear to be a command available under FreeBSD. I’ve asked for an equivalent command in the FreeNAS forum. The lines are really long in the logs and I’m not sure how to present them at this stage. Still checking.