Moving Hubzilla instance from Nginx to Caddy: ERR_TOO_MANY_REDIRECTS

Alado · December 3, 2021, 12:46pm

1. Caddy version (`caddy version`):

v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=

2. How I run Caddy:

a. System environment:

Debian 11

b. Command:

systemctl start caddy.service

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=www-data
Group=www-data
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

freehub.space {
    root * /home/storage/www/freehub.space

    file_server
    encode gzip

    php_fastcgi 127.0.0.1:9000 
    

    log {
        output file /var/log/caddy/freehub.space.log {
            roll_size 10MB
            roll_keep 5
            roll_keep_for 240h
        }
        format single_field common_log
    }
}

3. The problem I’m having:

I’m trying to move from Nginx to Caddy. All my sites run ok except Hubzilla hub (instance) FreeHub. No matter how I change Caddyfile, it doesn’t load showing error ERR_TOO_MANY_REDIRECTS.

Working Nginx config for freehub.space:

server {
    server_name freehub.space;
    set $base /home/storage/www/freehub.space;
    root $base;
    index index.php;
    
    access_log              /var/log/nginx/freehub.space.access.log;
    error_log               /var/log/nginx/freehub.space.error.log warn;

    client_max_body_size 100M;
    proxy_max_temp_file_size 100M;


    location / {
        if ($is_args != "") {
        rewrite ^/(.*) /index.php?q=$uri&$args last;
      }
    rewrite ^/(.*) /index.php?q=$uri last;
      }


    location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass 127.0.0.1:9000;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/freehub.space/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/freehub.space/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}server {
    if ($host = freehub.space) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name freehub.space;
    listen 80;
    return 404; # managed by Certbot


}

snippets/fastcgi-php.conf :

# regex to split $uri to $fastcgi_script_name and $fastcgi_path
fastcgi_split_path_info ^(.+?\.php)(/.*)$;

# Check that the PHP script exists before passing it
try_files $fastcgi_script_name =404;

# Bypass the fact that try_files resets $fastcgi_path_info
# see: http://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;

fastcgi_index index.php;
include fastcgi.conf;

4. Error messages and/or full log output:

5. What I already tried:

Tried to find an instant Caddyfile for Hubzilla - FAILED
Tried to askfor help at Hubzilla forum - FAILED (nobody runs Hubzilla with Caddy)
Tried to solve the problem myself - FAILED
Trying to ask help at Caddy forum <= Now I’m here
~~Tried to drink~~

6. Links to relevant resources:

francislavoie · December 3, 2021, 9:47pm

Please make a request with curl -v, to see what response you get (with headers).

Hmm, this looks different than what Caddy’s default does. Caddy doesn’t put the original URI in a ?q= query.

You could try something like this instead:

	php_fastcgi localhost:9000 {
		try_files {path} {path}/index.php /index.php?q={path}&{query}
	}

Alado · December 4, 2021, 7:51pm

Hi Francis!

I tried what you suggested but unfortunately got error 404.

Sending you the requested information (hope I got you right).
Here is the Nginx curl -v https://freehub.space output:

== Info:   Trying 93.100.163.217...
== Info: TCP_NODELAY set
== Info: Expire in 200 ms for 4 (transfer 0x55da62b05e20)
== Info: Connected to freehub.space (93.100.163.217) port 443 (#0)
== Info: ALPN, offering h2
== Info: ALPN, offering http/1.1
== Info: successfully set certificate verify locations:
== Info:   CAfile: none
  CApath: /etc/ssl/certs
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: ........4...`...SA.=IzB..AX<H..<N9.2.Y ..!...-.c.^i..*..&wj.n.H.
0040: .=.vo(?.>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=.
0080: <.5./.....u.........freehub.space........................3t.....
00c0: ....h2.http/1.1.........1.....*.(...............................
0100: ..........+........-.....3.&.$... ;7.1......y*.[....eQpe..O.x...
0140: ................................................................
0180: ................................................................
01c0: ................................................................
<= Recv SSL data, 5 bytes (0x5)
0000: ....j
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
<= Recv SSL data, 106 bytes (0x6a)
0000: ...f...%.<....^\0.;.X......u.N.P`..|b. ..[..SE.He.-s....K...e[nP
0040: ..h1og..............................h2....
<= Recv SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.2 (IN), TLS handshake, Certificate (11):
<= Recv SSL data, 4018 bytes (0xfb2)
0000: .........$0.. 0.....................-....20...*.H........021.0.
0040: ..U....US1.0...U....Let's Encrypt1.0...U....R30...211028202805Z.
0080: .220126202804Z0.1.0...U....freehub.space0.."0...*.H.............
00c0: 0..........4..s6..*..k.k.Ll.1.V....*y..7.*h....<.)+l.|M...j..8.
0100: G^.P'9..Y.z^~l.t?H...g...b=H.|..7qj0.!lc.[.6...J......+u...M..!.
0140: .y.KlW"..y.B......Dl...|?....=.{'s.VO.H.%..Vs.X.0r..... -....=M.
0180: M....g.......1..S...a.\.j.......N"{6sO7..u"~..p.1..x..B..*.4X...
01c0: .....,..[........H0..D0...U...........0...U.%..0...+.........+..
0200: .....0...U.......0.0...U.........3...Ql#..!e.[0.lh0...U.#..0....
0240: ....XV..P.@........0U..+........I0G0!..+.....0...http://r3.o.len
0280: cr.org0"..+.....0...http://r3.i.lencr.org/0...U....0...freehub.s
02c0: pace0L..U. .E0C0...g.....07..+..........0(0&..+.........http://c
0300: ps.letsencrypt.org0.....+.....y............v...^.h.O.l..._N>Z...
0340: ..j^.;.. D\*s...|.........G0E. d..^S}.,\.N....'....6g....4.P.9..
0380: !..R....R..".....M...[_...P\.L.....v.)y...99!.Vs.c.w..W}.`...M]&
03c0: \%].....|.........G0E. ...U..*...$.IxuR..v*..3B.*tk.....!..#../.
0400: ..A...3P..s....G.....6.~xs0...*.H.............\.L..8x.$"..{...I.
0440: ...T.......k......B]K.p.ss....!.Z.F..l...^(^Ew...\....\.l._.l@).
0480: .....T.V.-....1..H..bQ.{..$1.DQ.`...x.....t.F(p=z=7v..Y.y;^..L..
04c0: ..J..1.b...#.F.Q.t"... `'P[.n....gi.k=...,..T.r.).K|.q@|..C...W.
0500: ..h...?$.uA....:Y..0{..j.@+..[.%...8...Ok`."^...0...0..........
0540: ..+.J....S...%._Z0...*.H........0O1.0...U....US1)0'..U... Intern
0580: et Security Research Group1.0...U....ISRG Root X10...20090400000
05c0: 0Z..250915160000Z021.0...U....US1.0...U....Let's Encrypt1.0...U.
0600: ...R30.."0...*.H.............0...........(.........U.......zB..]
0640: &..+..L...k.u....G..U5W....9...<B.Nn.;......\.Y8...i.Z.....$%..7
0680: q..........;ERE...S.4.R......`p..T..m...@4k+..f.f4|.k..W)..0.].r
06c0: o......X=......+.....q].F...%...`guf.....\.S.:..G.......w?.S....
0700: ..p...c.......S...H...i.%u...R...Q.............0...0...U........
0740: ...0...U.%..0...+.........+.......0...U.......0.......0...U.....
0780: ......XV..P.@........0...U.#..0...y.Y.{....s.....X...n02..+.....
07c0: ...&0$0"..+.....0...http://x1.i.lencr.org/0'..U... 0.0.......htt
0800: p://x1.c.lencr.org/0"..U. ..0.0...g.....0...+..........0...*.H..
0840: .............NG>...D...gx..c.uM..=3erT-...... ._..p..n;.^... ...
0880: .......<....9..|%.G.en?F.....+.T....'K.../...q.J....#{.-...W>...
08c0: 3.G!x..'.*....\.d...y.O.mD.^.........D).Y .c.!..&..W..e..."...C.
0900: ...~...7.Z..0..n+*.!N.......^....j...;3..K........?.UC6.h.6.j...
0940: ..@.4...c959un..v.....Kl..........h..e..=wS..y...1.u*C.U.r.)...]
0980: N..F.0..._..y..^p.........aq%*...%PRh........}..l.!1.........=.L
09c0: .8...+.......= .~Y...X.[.H..\O.)..U#......|.../....GF?.....(Mh2.
0a00: g^.i....../..RC.o2WeM2..8S.]~]f)........V.B..N.%8DPm...U...Id.N.
0a40: ...[.s...G...d0..`0..H.......@.w!7..B..v.<d..0...*.H........0?1$
0a80: 0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30..
0ac0: .210120191403Z..240930181403Z0O1.0...U....US1)0'..U... Internet 
0b00: Security Research Group1.0...U....ISRG Root X10.."0...*.H.......
0b40: ......0..........$s..7...+W(......8..n<.W.x.u....jn..O(..h.lD...
0b80: c...k....1.!~.3<.H..y......!.K...qiJffl.~<p..)"........K...~....
0bc0: G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O...K~.....w...{J.L
0c00: .%.p..)..S$........J.?..aQ......cq...o[....\4ylv.;.by..../&.....
0c40: ................6....7..6u...r......I......*.A...v.........5/(.l
0c80: .....dwnG7...Y^h.r....A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx..
0cc0: ..../..>{J.Ks......P.|C.t..t......0.[q6....00\H..;..}`...)......
0d00: ....A.........|.;F.H*..v.v..j.=...8.d..+
0d2a: (.....B.".'].y...p..N...:..'Qn..d.3CO........F0..B0...U.......0.
0d6a: ...0...U...........0K..+........?0=0;..+.....0../http://apps.ide
0daa: ntrust.com/roots/dstrootcax3.p7c0...U.#..0.......{,q...K.u...`..
0dea: .0T..U. .M0K0...g.....0?..+..........000...+........"http://cps.
0e2a: root-x1.letsencrypt.org0<..U...50301./.-.+http://crl.identrust.c
0e6a: om/DSTROOTCAX3CRL.crl0...U......y.Y.{....s.....X...n0...*.H.....
0eaa: .........s.l.n..R.....Z../........P..lB.o...O.D..u.....bnx..'.9\
0eea: ...nV.p.S.......+..... 53..a6.q......E....#(....g...C,........i]
0f2a: ..[.X".MU.pgm.W.F9A..X.Xm..W.6...#......\..I...5...N........;l)#
0f6a: .`.E.L..;.....D.X....EE..]f....o...B...........8..}...I....+.kO.
0faa: .8w....9
<= Recv SSL data, 5 bytes (0x5)
0000: ....,
== Info: TLSv1.2 (IN), TLS handshake, Server key exchange (12):
<= Recv SSL data, 300 bytes (0x12c)
0000: ...(... .+..>.x....s.K_......B........'=....Z.....z.'......i.J.8
0040: [.HM...N.G.YO].....$..9....E.$...^..n*j.W.|7..xK.E..o..!$f...sa.
0080: .$....V.....&z..,:...I..........vqSU;\.... ........5.........HW
00c0: P.zOi...G]...f.!..9.R...5..j..r.?.U1...._......T...<(..6.C..f.d.
0100: F..M.ToS..K..k.r.....dn*.H>.c..Oo..#.`......
<= Recv SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.2 (IN), TLS handshake, Server finished (14):
<= Recv SSL data, 4 bytes (0x4)
0000: ....
=> Send SSL data, 5 bytes (0x5)
0000: ....%
== Info: TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
=> Send SSL data, 37 bytes (0x25)
0000: ...! ....'.&.5.9z.PZ...6YF.9P..=...Aa
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: .... 
== Info: TLSv1.2 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 16 bytes (0x10)
0000: .......kE.....e.
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .... 
== Info: TLSv1.2 (IN), TLS handshake, Finished (20):
<= Recv SSL data, 16 bytes (0x10)
0000: ....?...L.;."+.X
== Info: SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
== Info: ALPN, server accepted to use h2
== Info: Server certificate:
== Info:  subject: CN=freehub.space
== Info:  start date: Oct 28 20:28:05 2021 GMT
== Info:  expire date: Jan 26 20:28:04 2022 GMT
== Info:  subjectAltName: host "freehub.space" matched cert's "freehub.space"
== Info:  issuer: C=US; O=Let's Encrypt; CN=R3
== Info:  SSL certificate verify ok.
== Info: Using HTTP2, server supports multi-use
== Info: Connection state changed (HTTP/2 confirmed)
== Info: Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
=> Send SSL data, 5 bytes (0x5)
0000: ....(
=> Send SSL data, 5 bytes (0x5)
0000: ....+
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: Using Stream ID: 1 (easy handle 0x55da62b05e20)
=> Send SSL data, 5 bytes (0x5)
0000: ....6
=> Send header, 75 bytes (0x4b)
0000: GET / HTTP/2
000e: Host: freehub.space
0023: User-Agent: curl/7.64.0
003c: Accept: */*
0049: 
<= Recv SSL data, 5 bytes (0x5)
0000: ....8
== Info: Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
=> Send SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv header, 13 bytes (0xd)
0000: HTTP/2 302 
<= Recv header, 15 bytes (0xf)
0000: server: nginx
<= Recv header, 37 bytes (0x25)
0000: date: Fri, 03 Dec 2021 22:15:27 GMT
<= Recv header, 40 bytes (0x28)
0000: content-type: text/html; charset=UTF-8
<= Recv header, 52 bytes (0x34)
0000: location: https://freehub.space/page/alado/main_ru
<= Recv header, 76 bytes (0x4c)
0000: set-cookie: PHPSESSID=hfgbkjdb6ff3i93ge25ignd7g1; path=/; secure
0040: ; HttpOnly
<= Recv header, 40 bytes (0x28)
0000: expires: Thu, 19 Nov 1981 08:52:00 GMT
<= Recv header, 52 bytes (0x34)
0000: cache-control: no-store, no-cache, must-revalidate
<= Recv header, 18 bytes (0x12)
0000: pragma: no-cache
<= Recv header, 2 bytes (0x2)
0000: 
<= Recv data, 0 bytes (0x0)
== Info: Connection #0 to host freehub.space left intact

And here is the same request output by Caddy after adding your code:

== Info:   Trying 93.100.163.217...
== Info: TCP_NODELAY set
== Info: Expire in 200 ms for 4 (transfer 0x5582ade6fe20)
== Info: Connected to freehub.space (93.100.163.217) port 443 (#0)
== Info: ALPN, offering h2
== Info: ALPN, offering http/1.1
== Info: successfully set certificate verify locations:
== Info:   CAfile: none
  CApath: /etc/ssl/certs
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: ........T..?}......R@..s.........v..Un .VI.p........._..-..e..)
0040: .VQTy...>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=.
0080: <.5./.....u.........freehub.space........................3t.....
00c0: ....h2.http/1.1.........1.....*.(...............................
0100: ..........+........-.....3.&.$... l.B]H...8.m.....1b...F3.......
0140: ^+..............................................................
0180: ................................................................
01c0: ................................................................
<= Recv SSL data, 5 bytes (0x5)
0000: ....z
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
<= Recv SSL data, 122 bytes (0x7a)
0000: ...v....T..._.....H.#.u/(.E..........= .VI.p........._..-..e..)
0040: .VQTy........+.....3.$... .K...)..Sm..-.E.i.%.....R..|..N;
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .... 
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
<= Recv SSL data, 15 bytes (0xf)
0000: .............h2
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Certificate (11):
<= Recv SSL data, 3821 bytes (0xeed)
0000: ..........X0..T0..<.........ZX!...@..Q...f.u0...*.H........021.0
0040: ...U....US1.0...U....Let's Encrypt1.0...U....R30...211029210134Z
0080: ..220127210133Z0.1.0...U....freehub.space0Y0...*.H.=....*.H.=...
00c0: .B..."...O.A.D.a....{f.e.V..r.%.Z..S$)P...=H.4...svl........&..
0100: A.1s...G0..C0...U...........0...U.%..0...+.........+.......0...U
0140: .......0.0...U......l{l.../..]......X.".0...U.#..0........XV..P.
0180: @........0U..+........I0G0!..+.....0...http://r3.o.lencr.org0"..
01c0: +.....0...http://r3.i.lencr.org/0...U....0...freehub.space0L..U.
0200:  .E0C0...g.....07..+..........0(0&..+.........http://cps.letsenc
0240: rypt.org0.....+.....y............v.)y...99!.Vs.c.w..W}.`...M]&\%
0280: ].....|.........G0E. G.H\d.s..........:.,..%.(!......!..6..h/.
02c0: A.E...l1.Mq..W..A.4....*.u.A...."FJ...:.B.^N1.....K.h..b......|.
0300: ........F0D. <..Z.D.+..Q...............&f.P8.. h.$.L.y..z5.V..n
0340: ........-.J)..^0...*.H.............Nq.=.S.z..w'...6...A4..o..-..
0380: ..."#. ....4.v.r..^........$@..,.........?n.B........".r{.c~A..
03c0: ..)7....7....Q...4..N..8....1....b...r.. .0d..|.]J.f/.l.W. b.#G]
0400: .JX..k0....v.2.\b.7.)}E....'W...E...!.9..rL."l+.t.....]MS?....nM
0440: ..`{e/q>...B.[#.Fy..!9...,W b'..$N1.....0...0............+.J....
0480: S...%._Z0...*.H........0O1.0...U....US1)0'..U... Internet Securi
04c0: ty Research Group1.0...U....ISRG Root X10...200904000000Z..25091
0500: 5160000Z021.0...U....US1.0...U....Let's Encrypt1.0...U....R30.."
0540: 0...*.H.............0...........(.........U.......zB..]&..+..L..
0580: .k.u....G..U5W....9...<B.Nn.;......\.Y8...i.Z.....$%..7q........
05c0: ..;ERE...S.4.R......`p..T..m...@4k+..f.f4|.k..W)..0.].ro......X=
0600: ......+.....q].F...%...`guf.....\.S.:..G.......w?.S......p...c..
0640: .....S...H...i.%u...R...Q.............0...0...U...........0...U.
0680: %..0...+.........+.......0...U.......0.......0...U...........XV.
06c0: .P.@........0...U.#..0...y.Y.{....s.....X...n02..+........&0$0".
0700: .+.....0...http://x1.i.lencr.org/0'..U... 0.0.......http://x1.c.
0740: lencr.org/0"..U. ..0.0...g.....0...+..........0...*.H...........
0780: ....NG>...D...gx..c.uM..=3erT-...... ._..p..n;.^... ..........<.
07c0: ...9..|%.G.en?F.....+.T....'K.../...q.J....#{.-...W>...3.G!x..'.
0800: *....\.d...y.O.mD.^.........D).Y .c.!..&..W..e..."...C....~...7.
0840: Z..0..n+*.!N.......^....j...;3..K........?.UC6.h.6.j.....@.4...c
0880: 959un..v.....Kl..........h..e..=wS..y...1.u*C.U.r.)...]N..F.0...
08c0: _..y..^p.........aq%*...%PRh........}..l.!1.........=.L.8...+...
0900: ....= .~Y...X.[.H..\O.)..U#......|.../....GF?.....(Mh2.g^.i.....
0940: ./..RC.o2WeM2..8S.]~]f)........V.B..N.%8DPm...U...Id.N....[.s...
0980: G.....d0..`0..H.......@.w!7..B..v.<d..0...*.H........0?1$0"..U..
09c0: ..Digital Signature Trust Co.1.0...U....DST Root CA X30...210120
0a00: 191403Z..240930181403Z0O1.0...U....US1)0'..U... Internet Securit
0a40: y Research Group1.0...U....ISRG Root X10.."0...*.H.............0
0a80: ..........$s..7...+W(......8..n<.W.x.u....jn..O(..h.lD...c...k..
0ac0: ..1.!~.3<.H..y......!.K...qiJffl.~<p..)"........K...~....G.|.H#S
0b00: .8.O.o...IW..t../.8.{.p!.u.0<.....c...O...K~.....w...{J.L.%.p..)
0b40: ..S$........J.?..aQ......cq...o[....\4ylv.;.by..../&............
0b80: .........6....7..6u...r......I......*.A...v.........5/(.l.....dw
0bc0: nG7...Y^h.r....A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..
0c00: >{J.Ks......P.|C.t..t......0.[q6....00\H..;..}`...)..........A..
0c40: .......|.;F.H*..v.v..j.=...8.d..+
0c63: (.....B.".'].y...p..N...:..'Qn..d.3CO........F0..B0...U.......0.
0ca3: ...0...U...........0K..+........?0=0;..+.....0../http://apps.ide
0ce3: ntrust.com/roots/dstrootcax3.p7c0...U.#..0.......{,q...K.u...`..
0d23: .0T..U. .M0K0...g.....0?..+..........000...+........"http://cps.
0d63: root-x1.letsencrypt.org0<..U...50301./.-.+http://crl.identrust.c
0da3: om/DSTROOTCAX3CRL.crl0...U......y.Y.{....s.....X...n0...*.H.....
0de3: .........s.l.n..R.....Z../........P..lB.o...O.D..u.....bnx..'.9\
0e23: ...nV.p.S.......+..... 53..a6.q......E....#(....g...C,........i]
0e63: ..[.X".MU.pgm.W.F9A..X.Xm..W.6...#......\..I...5...N........;l)#
0ea3: .`.E.L..;.....D.X....EE..]f....o...B...........8..}...I....+.kO.
0ee3: .8w....9..
<= Recv SSL data, 5 bytes (0x5)
0000: ....a
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, CERT verify (15):
<= Recv SSL data, 80 bytes (0x50)
0000: ...L...H0F.!..../M..<?...T....m2... .. ..`....!...hrUh...L..k.1C
0040: B...D.....1.....
<= Recv SSL data, 5 bytes (0x5)
0000: ....5
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Finished (20):
<= Recv SSL data, 36 bytes (0x24)
0000: ... p...E...^.!...GK.h..E.....u.Q...
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: ....5
=> Send SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 36 bytes (0x24)
0000: ... .....{.z)..q.B....i..6........ys
== Info: SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
== Info: ALPN, server accepted to use h2
== Info: Server certificate:
== Info:  subject: CN=freehub.space
== Info:  start date: Oct 29 21:01:34 2021 GMT
== Info:  expire date: Jan 27 21:01:33 2022 GMT
== Info:  subjectAltName: host "freehub.space" matched cert's "freehub.space"
== Info:  issuer: C=US; O=Let's Encrypt; CN=R3
== Info:  SSL certificate verify ok.
== Info: Using HTTP2, server supports multi-use
== Info: Connection state changed (HTTP/2 confirmed)
== Info: Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
=> Send SSL data, 5 bytes (0x5)
0000: ....)
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: ....,
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: .....
=> Send SSL data, 1 bytes (0x1)
0000: .
== Info: Using Stream ID: 1 (easy handle 0x5582ade6fe20)
=> Send SSL data, 5 bytes (0x5)
0000: ....7
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send header, 75 bytes (0x4b)
0000: GET / HTTP/2
000e: Host: freehub.space
0023: User-Agent: curl/7.64.0
003c: Accept: */*
0049: 
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
<= Recv SSL data, 130 bytes (0x82)
0000: ...~..:.......q.$.8...sS...#.h...u..w..[.KY..*..=r..~{....!7s.72
0040: .a.'..h.\.n...bS.).ZM'b...zi,.fLd.....Y9.[...Fuo....5.....{...`?
0080: ..
<= Recv SSL data, 5 bytes (0x5)
0000: ....2
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
=> Send SSL data, 5 bytes (0x5)
0000: .....
=> Send SSL data, 1 bytes (0x1)
0000: .
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv header, 13 bytes (0xd)
0000: HTTP/2 302 
<= Recv header, 57 bytes (0x39)
0000: alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<= Recv header, 52 bytes (0x34)
0000: cache-control: no-store, no-cache, must-revalidate
<= Recv header, 40 bytes (0x28)
0000: content-type: text/html; charset=UTF-8
<= Recv header, 40 bytes (0x28)
0000: expires: Thu, 19 Nov 1981 08:52:00 GMT
<= Recv header, 52 bytes (0x34)
0000: location: https://freehub.space/page/alado/main_ru
<= Recv header, 18 bytes (0x12)
0000: pragma: no-cache
<= Recv header, 15 bytes (0xf)
0000: server: Caddy
<= Recv header, 76 bytes (0x4c)
0000: set-cookie: PHPSESSID=a203jtihfega892cinvvjjhp72; path=/; secure
0040: ; HttpOnly
<= Recv header, 19 bytes (0x13)
0000: status: 302 Found
<= Recv header, 19 bytes (0x13)
0000: content-length: 0
<= Recv header, 37 bytes (0x25)
0000: date: Fri, 03 Dec 2021 22:13:49 GMT
<= Recv header, 2 bytes (0x2)
0000: 
<= Recv data, 0 bytes (0x0)
== Info: Connection #0 to host freehub.space left intact

francislavoie · December 4, 2021, 8:06pm

Okay, so both of those have that header, which tells the client to redirect to that page (make a new request to there). By default, curl doesn’t follow redirects, unless you use the -L flag (L for the Location header).

Try again with curl, but at that page (without -L). That should actually show the difference in the response.

Alado · December 4, 2021, 8:41pm

Here you are.

Nginx output for curl -v -L https://freehub.space. Had to cut some data (encrypted and page source code) due to post length limit.

== Info:   Trying 93.100.163.217...
== Info: TCP_NODELAY set
== Info: Expire in 200 ms for 4 (transfer 0x55c265100e20)
== Info: Connected to freehub.space (93.100.163.217) port 443 (#0)
== Info: ALPN, offering h2
== Info: ALPN, offering http/1.1
== Info: successfully set certificate verify locations:
== Info:   CAfile: none
  CApath: /etc/ssl/certs
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
...
<= Recv SSL data, 5 bytes (0x5)
0000: ....j
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
<= Recv SSL data, 106 bytes (0x6a)
0000: ...f.....o.]....;R...%g.{....[.....&.. .k_...........F..n.....".
0040: ...t&!..............................h2....
<= Recv SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.2 (IN), TLS handshake, Certificate (11):
<= Recv SSL data, 4018 bytes (0xfb2)
...
<= Recv SSL data, 5 bytes (0x5)
0000: ....,
== Info: TLSv1.2 (IN), TLS handshake, Server key exchange (12):
<= Recv SSL data, 300 bytes (0x12c)
...
<= Recv SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.2 (IN), TLS handshake, Server finished (14):
<= Recv SSL data, 4 bytes (0x4)
0000: ....
=> Send SSL data, 5 bytes (0x5)
0000: ....%
== Info: TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
=> Send SSL data, 37 bytes (0x25)
0000: ...! .VQ.*.q4...z+...B;.....K.....ys
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: .... 
== Info: TLSv1.2 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 16 bytes (0x10)
0000: ....d..WS..(....
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .... 
== Info: TLSv1.2 (IN), TLS handshake, Finished (20):
<= Recv SSL data, 16 bytes (0x10)
0000: ........#(....sR
== Info: SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
== Info: ALPN, server accepted to use h2
== Info: Server certificate:
== Info:  subject: CN=freehub.space
== Info:  start date: Oct 28 20:28:05 2021 GMT
== Info:  expire date: Jan 26 20:28:04 2022 GMT
== Info:  subjectAltName: host "freehub.space" matched cert's "freehub.space"
== Info:  issuer: C=US; O=Let's Encrypt; CN=R3
== Info:  SSL certificate verify ok.
== Info: Using HTTP2, server supports multi-use
== Info: Connection state changed (HTTP/2 confirmed)
== Info: Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
=> Send SSL data, 5 bytes (0x5)
0000: ....(
=> Send SSL data, 5 bytes (0x5)
0000: ....+
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: Using Stream ID: 1 (easy handle 0x55c265100e20)
=> Send SSL data, 5 bytes (0x5)
0000: ....6
=> Send header, 75 bytes (0x4b)
0000: GET / HTTP/2
000e: Host: freehub.space
0023: User-Agent: curl/7.64.0
003c: Accept: */*
0049: 
<= Recv SSL data, 5 bytes (0x5)
0000: ....8
== Info: Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
=> Send SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv header, 13 bytes (0xd)
0000: HTTP/2 302 
<= Recv header, 15 bytes (0xf)
0000: server: nginx
<= Recv header, 37 bytes (0x25)
0000: date: Sat, 04 Dec 2021 20:14:19 GMT
<= Recv header, 40 bytes (0x28)
0000: content-type: text/html; charset=UTF-8
<= Recv header, 52 bytes (0x34)
0000: location: https://freehub.space/page/alado/main_ru
<= Recv header, 76 bytes (0x4c)
0000: set-cookie: PHPSESSID=0ift9m204bj9lg0mf4s10akpt7; path=/; secure
0040: ; HttpOnly
<= Recv header, 40 bytes (0x28)
0000: expires: Thu, 19 Nov 1981 08:52:00 GMT
<= Recv header, 52 bytes (0x34)
0000: cache-control: no-store, no-cache, must-revalidate
<= Recv header, 18 bytes (0x12)
0000: pragma: no-cache
<= Recv header, 2 bytes (0x2)
0000: 
<= Recv data, 0 bytes (0x0)
== Info: Connection #0 to host freehub.space left intact
== Info: Issue another request to this URL: 'https://freehub.space/page/alado/main_ru'
== Info: Found bundle for host freehub.space: 0x55c2650ffe50 [can multiplex]
== Info: Re-using existing connection! (#0) with host freehub.space
== Info: Connected to freehub.space (93.100.163.217) port 443 (#0)
== Info: Using Stream ID: 3 (easy handle 0x55c265100e20)
=> Send SSL data, 5 bytes (0x5)
0000: .....
=> Send header, 93 bytes (0x5d)
0000: GET /page/alado/main_ru HTTP/2
0020: Host: freehub.space
0035: User-Agent: curl/7.64.0
004e: Accept: */*
005b: 
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv header, 13 bytes (0xd)
0000: HTTP/2 200 
<= Recv header, 15 bytes (0xf)
0000: server: nginx
<= Recv header, 37 bytes (0x25)
0000: date: Sat, 04 Dec 2021 20:14:20 GMT
<= Recv header, 40 bytes (0x28)
0000: content-type: text/html; charset=utf-8
<= Recv header, 76 bytes (0x4c)
0000: set-cookie: PHPSESSID=erdigtupek9qjd3obgm95ql0np; path=/; secure
0040: ; HttpOnly
<= Recv header, 40 bytes (0x28)
0000: expires: Thu, 19 Nov 1981 08:52:00 GMT
<= Recv header, 52 bytes (0x34)
0000: cache-control: no-store, no-cache, must-revalidate
<= Recv header, 18 bytes (0x12)
0000: pragma: no-cache
<= Recv header, 45 bytes (0x2d)
0000: strict-transport-security: max-age=31536000
<= Recv header, 127 bytes (0x7f)
0000: content-security-policy: script-src 'self' 'unsafe-inline' 'unsa
0040: fe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self';
<= Recv header, 40 bytes (0x28)
0000: permissions-policy: interest-cohort=()
<= Recv header, 2 bytes (0x2)
0000: 
<= Recv data, 7744 bytes (0x1e40)
...
<= Recv SSL data, 5 bytes (0x5)
0000: ... .
<= Recv data, 8184 bytes (0x1ff8)
0000: pt src="https://freehub.space/view/js/autocomplete.js?v=6.4.1" >
0040: </script>
004b: <script src="https://freehub.space/library/jquery.timeago.js?v=6
008b: .4.1" ></script>
009d: <script src="https://freehub.space/library/readmore.js/readmore.
00dd: js?v=6.4.1" ></script>
00f5: <script src="https://freehub.space/library/jgrowl/jquery.jgrowl.
0135: min.js?v=6.4.1" ></script>
0151: <script src="https://freehub.space/library/sjcl/sjcl.js?v=6.4.1"
0191:  ></script>
019e: <script src="https://freehub.space/view/js/acl.js?v=6.4.1" ></sc
01de: ript>
01e5: <script src="https://freehub.space/view/js/webtoolkit.base64.js?
0225: v=6.4.1" ></script>
023a: <script src="https://freehub.space/view/js/crypto.js?v=6.4.1" ><
027a: /script>
0284: <script src="https://freehub.space/library/jRange/jquery.range.j
02c4: s?v=6.4.1" ></script>
02db: <script src="https://freehub.space/library/colorbox/jquery.color
031b: box-min.js?v=6.4.1" ></script>
033b: <script src="https://freehub.space/library/jquery.AreYouSure/jqu
037b: ery.are-you-sure.js?v=6.4.1" ></script>
03a4: <script src="https://freehub.space/library/tableofcontents/jquer
03e4: y.toc.js?v=6.4.1" ></script>
0402: <script src="https://freehub.space/library/Sortable/Sortable.min
0442: .js?v=6.4.1" ></script>
045b: <script src="https://freehub.space/vendor/desandro/imagesloaded/
049b: imagesloaded.pkgd.min.js?v=6.4.1" ></script>
04c9: <script src="https://freehub.space/vendor/twbs/bootstrap/dist/js
0509: /bootstrap.bundle.min.js?v=6.4.1" ></script>
0537: <script src="https://freehub.space/library/bootbox/bootbox.min.j
0577: s?v=6.4.1" ></script>
058e: <script src="https://freehub.space/library/bootstrap-tagsinput/b
05ce: ootstrap-tagsinput.js?v=6.4.1" ></script>
05f9: <script src="https://freehub.space/library/datetimepicker/jquery
0639: .datetimepicker.js?v=6.4.1" ></script>
0661: <script src="https://freehub.space/library/bootstrap-colorpicker
06a1: /dist/js/bootstrap-colorpicker.js?v=6.4.1" ></script>
06d8: <script src="https://freehub.space/view/theme/redbasic/js/redbas
0718: ic.js?v=6.4.1" ></script>
0733: <script src="https://freehub.space/addon/gallery/lib/photoswipe/
0773: dist/photoswipe.js?v=6.4.1" ></script>
079b: <script src="https://freehub.space/addon/gallery/lib/photoswipe/
07db: dist/photoswipe-ui-default.js?v=6.4.1" ></script>
080e: <script src="https://freehub.space/addon/gallery/view/js/gallery
084e: .js?v=6.4.1" ></script>
0867: .<link rel="manifest" href="/manifest.json" />
0897: <link rel="shortcut icon" href="https://freehub.space/photo/prof
08d7: ile/m/2" />
08e4: ..<script>..var updateInterval = 80000;..var sse_enabled = 1;..v
0924: ar localUser = false;..var zid = null;..var justifiedGalleryActi
0964: ve = false;...var channelId = 2;.var preloadImages = 0;..var aut
09a4: o_save_draft = true;..var module = 'page';</script>....<meta nam
09e4: e="keywords" content="manjaro,kde,linux,python,cats,portugal,rus
0a24: sia,..........,....................,............" />
0a5a: <script>$(document).ready(function() { $("#nav-search-text").sea
0a9a: rch_autocomplete('https://freehub.space/acl');});</script><scrip
0ada: t src="https://freehub.space/view/js/main.js?v=6.4.1" ></script>
0b1c: </head>.<body  >...<header></header>..<nav class="navbar fixed-t
0b5c: op navbar-expand-lg navbar-dark bg-dark">..<div class="container
0b9c: -fluid flex-nowrap">.....<div class="d-lg-none pt-1 pb-1">......
0bdc: .<a class="btn btn-primary btn-sm text-white" href="#" title="..
0c1c: ........" id="login_nav_btn_collapse" data-bs-toggle="modal" dat
0c5c: a-bs-target="#nav-login">...................</a>..........<a cla
0c9c: ss="btn btn-warning btn-sm text-dark" href="register" title="...
0cdc: ........... .............." id="register_nav_btn" >.............
0d1c: ..................</a>......</div>........<div class="navbar-tog
0d5c: gler-right">.......<button id="expand-aside" type="button" class
0d9c: ="d-lg-none navbar-toggler border-0">.....<i class="fa fa-arrow-
0ddc: circle-right" id="expand-aside-icon"></i>....</button>.......<bu
0e1c: tton id="notifications-btn-1" type="button" class="navbar-toggle
0e5c: r border-0 notifications-btn">.....<i id="notifications-btn-icon
0e9c: -1" class="fa fa-exclamation-circle notifications-btn-icon"></i>
0edc: ....</button>.......<button id="menu-btn" class="navbar-toggler 
0f1c: border-0" type="button" data-bs-toggle="offcanvas" data-bs-targe
0f5c: t="#app-bin">.....<i class="fa fa-bars"></i>....</button>...</di
0f9c: v>...<div class="collapse navbar-collapse justify-content-betwee
0fdc: n" id="navbar-collapse-1">....<ul class="navbar-nav">.........<l
101c: i class="nav-item d-lg-flex">...........<a class="nav-link" href
105c: ="#" title=".........." id="login_nav_btn" data-bs-toggle="modal
109c: " data-bs-target="#nav-login">......................</a>........
10dc: ..</li>.............<li class="nav-item  d-lg-flex">......<a cla
111c: ss="nav-link" href="register" title=".............. ............
115c: .." id="register_nav_btn">......................</a>.....</li>..
119c: ..........</ul>.....<div id="banner" class="navbar-text"><a href
11dc: ="https://freehub.space"><img src="https://freehub.space/images/
121c: fh_logo_3.svg"></a></div>.....<ul id="nav-right" class="navbar-n
125c: av">.....<li class="nav-item collapse clearfix" id="nav-search">
129c: ......<form class="form-inline" method="get" action="search" rol
12dc: e="search">.......<input class="form-control form-control-sm mt-
131c: 1 me-2" id="nav-search-text" type="text" value="" placeholder="@
135c: ......, #......, ?................, ...................." name="
139c: search" title="............ .... .......... @......, !..........
13dc: , #......, ?................, ...................." onclick="thi
141c: s.submit();" onblur="closeMenu('nav-search'); openMenu('nav-sear
145c: ch-btn');"/>......</form>......<div id="nav-search-spinner" clas
149c: s="spinner-wrapper">.......<div class="spinner s"></div>......</
14dc: div>.....</li>.....<li class="nav-item" id="nav-search-btn">....
151c: ..<a class="nav-link" href="#nav-search" title="............ ...
155c: . .......... @......, !.........., #......, ?................, .
159c: ..................." onclick="openMenu('nav-search'); closeMenu(
15dc: 'nav-search-btn'); $('#nav-search-text').focus(); return false;"
161c: ><i class="fa fa-fw fa-search"></i></a>.....</li>.............<l
165c: i id="notifications-btn" class="nav-item d-xl-none">......<a cla
169c: ss="nav-link text-white notifications-btn" href="#"><i id="notif
16dc: ications-btn-icon" class="fa fa-exclamation-circle  notification
171c: s-btn-icon"></i></a>.....</li>.............<li class="nav-item d
175c: ropdown" id="app-menu">......<a class="nav-link" href="#" data-b
179c: s-toggle="offcanvas" data-bs-target="#app-bin" aria-controls="ap
17dc: p-bin"><i class="fa fa-fw fa-bars"></i></a>.....</li>....</ul>..
181c: .</div>....</div>.</nav>.<div class="offcanvas offcanvas-end" ta
185c: bindex="-1" id="app-bin" aria-labelledby="app-bin-label">..<div 
189c: class="offcanvas-header">...<div class="lh-1" id="app-bin-label"
18dc: >.......<img src="https://freehub.space/photo/profile/m/2" class
191c: ="menu-img-2">....<div class="float-start pe-2">.....<div class=
195c: "fw-bold">Alado</div>.....<div class="text-muted">alado&#x40;fre
199c: ehub.space</div>....</div>......</div>...<i id="app-bin-trash" c
19dc: lass="fa fa-2x fa-fw fa-trash-o d-none"></i>...<button type="but
1a1c: ton" class="btn-close text-reset" data-bs-dismiss="offcanvas" ar
1a5c: ia-label="Close"></button>..</div>..<div class="offcanvas-body p
1a9c: t-0">.....<div class="dropdown-header text-uppercase">..........
1adc: .............. ...............</div>.....<a class="dropdown-item
1b1c: " href="https://freehub.space/channel/alado" title="............
1b5c: .. .. ...................."><i class="fa fa-fw fa-home generic-i
1b9c: cons-nav"></i>..........</a>.<a class="dropdown-item" href="http
1bdc: s://freehub.space/profile/alado" title=".................... .. 
1c1c: .............."><i class="fa fa-fw fa-user generic-icons-nav"></
1c5c: i>.. ........</a>.<a class="dropdown-item" href="https://freehub
1c9c: .space/photos/alado" title="......................"><i class="fa
1cdc:  fa-fw fa-photo generic-icons-nav"></i>....................</a>.
1d1c: <a class="dropdown-item" href="https://freehub.space/cloud/alado
1d5c: " title=".......... .. .................."><i class="fa fa-fw fa
1d9c: -folder-open generic-icons-nav"></i>..........</a>.<a class="dro
1ddc: pdown-item" href="https://freehub.space/cal/alado" title="......
1e1c: ............"><i class="fa fa-fw fa-calendar generic-icons-nav">
1e5c: </i>..................</a>.<a class="dropdown-item" href="https:
1e9c: //freehub.space/articles/alado" title="................ ........
1edc: ...."><i class="fa fa-fw fa-file-text-o generic-icons-nav"></i>.
1f1c: ...........</a>.<a class="dropdown-item" href="https://freehub.s
1f5c: pace/wiki/alado" title="Wiki"><i class="fa fa-fw fa-pencil-squar
1f9c: e-o generic-icons-nav"></i>Wikis</a>.<a class="dropdown-item" hr
1fdc: ef="https://freehub.space/ga
<= Recv SSL data, 5 bytes (0x5)
0000: ... .
<= Recv data, 8184 bytes (0x1ff8)
...
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv data, 4088 bytes (0xff8)
0000: .......... ............ - ................. ........ ...... - ..
0040: ........ .............. .................... ......... .... ....
0080: ........ ................ .. ...... .................. .. ......
00c0: ........ <a href="https://freehub.space/page/alado/about_ru">.. 
0100: Fediverse, Hubzilla .. .... ........ ........</a>. .... ........
0140:  ........................ .................. ........-..........
0180: .... .. .............. ................ ......-...............</
01c0: p>.<h3><b>Q: </b>.............. .......... .....................
0200: ..... ........?</h3>.<p><b>A: </b>...... ............ ........ .
0240: ................. ................... .................... - ...
0280: ................. ........................ ...................</
02c0: p> .<h3><b>Q: </b>...... .......... .... .......................
0300: ... .... ........................ ........?</h3>.<p><b>A: </b>..
0340:  .. .... ....................... ...... ........................
0380: .. .... ...... ...................... ......... .. .............
03c0: ., ............ ................ ...... .... ...............</p>
0400: .<h3><b>Q: </b>........ .... .. ........................ ...... 
0440: ...... .................. ................ ...... ............ .
0480: .............?</h3>.<p>A: ............, .... .. ................
04c0: .... .........................., ...................... .. <a hr
0500: ef="https://freehub.space/page/alado/hub_rules_ru">.............
0540: ... (..... 2 .. 4b)</a>. </p></div>...</div>..</div>.</div>.<!--
0580:  Root element of PhotoSwipe. Must have class pswp. -->.<div clas
05c0: s="pswp" tabindex="-1" role="dialog" aria-hidden="true">...<!-- 
0600: Background of PhotoSwipe. ... It's a separate element as animati
0640: ng opacity is faster than rgba(). -->.    <div class="pswp__bg">
0680: </div>...<!-- Slides wrapper with overflow:hidden. -->.    <div 
06c0: class="pswp__scroll-wrap">....<!-- Container that holds slides. 
0700: ....PhotoSwipe keeps only 3 of them in the DOM to save memory...
0740: ..Don't modify these 3 pswp__item elements, data is added later 
0780: on. -->...<div class="pswp__container">....<div class="pswp__ite
07c0: m"></div>....<div class="pswp__item"></div>....<div class="pswp_
0800: _item"></div>...</div>....<!-- Default (PhotoSwipeUI_Default) in
0840: terface on top of sliding area. Can be changed. -->...<div class
0880: ="pswp__ui pswp__ui--hidden">.....<div class="pswp__top-bar">...
08c0: ...<!--  Controls are self-explanatory. Order can be changed. --
0900: >..........<div class="pswp__counter"></div>......<button class=
0940: "pswp__button pswp__button--close" title="Close (Esc)"></button>
0980: ......<button class="pswp__button pswp__button--share" title="Sh
09c0: are"></button>......<button class="pswp__button pswp__button--fs
0a00: " title="Toggle fullscreen"></button>......<button class="pswp__
0a40: button pswp__button--zoom" title="Zoom in/out"></button>......<!
0a80: -- Preloader demo http://codepen.io/dimsemenov/pen/yyBWoR -->...
0ac0: ..<!-- element will get class pswp__preloader--active when prelo
0b00: ader is running -->.....<div class="pswp__preloader">......<div 
0b40: class="pswp__preloader__icn">......  <div class="pswp__preloader
0b80: __cut">......    <div class="pswp__preloader__donut"></div>.....
0bc0: .  </div>......</div>.....</div>....</div>...        <div class=
0c00: "pswp__share-modal pswp__share-modal--hidden pswp__single-tap">.
0c40: ....<div class="pswp__share-tooltip"></div> ..        </div>....
0c80: .<button class="pswp__button pswp__button--arrow--left" title="P
0cc0: revious (arrow left)">....</button>........<button class="pswp__
0d00: button pswp__button--arrow--right" title="Next (arrow right)">..
0d40: ..</button>.....<div class="pswp__caption">.....<div class="pswp
0d80: __caption__center"></div>....</div>...    </div>...</div>..</div
0dc0: >..<script>.$(document).ready(function(){...// hide #back-top fi
0e00: rst..$("#back-top").hide();....// fade in #back-top..$(function 
0e40: () {...$(window).scroll(function () {....if ($(this).scrollTop()
0e80:  > 100) {.....$('#back-top').fadeIn();....} else {.....$('#back-
0ec0: top').fadeOut();....}...});....// scroll body to 0px on click...
0f00: $('#back-top a').click(function () {....$('body,html').animate({
0f40: .....scrollTop: 0....}, 150);....return false;...});..});..});.<
0f80: /script><p id="back-top"><a href="#top"><span></span></a></p><di
0fc0: v id="nav-login" class="modal" tabindex="-1" role="dialo
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv data, 2515 bytes (0x9d3)
0000: g">..<div class="modal-dialog" role="document">...<div class="mo
0040: dal-content">....<div class="modal-header">.....<h4 class="modal
0080: -title">..........</h4>.....<button type="button" class="btn-clo
00c0: se" data-bs-dismiss="modal" aria-label="Close"></button>....</di
0100: v>....<div class="modal-body">.....<div class="mb-3">......<form
0140:  action="https://freehub.space/page/alado/main_ru" id="main-logi
0180: n" method="post" >..<input type="hidden" name="auth-params" valu
01c0: e="login" />..<div id="login-main" class="d-grid gap-2">....<div
0200:  id="id_username_wrapper" class="mb-3">...<label for="id_usernam
0240: e" id="label_username">...................... .......... ...... 
0280: ..................</label>...<input class="form-control" name="u
02c0: sername" id="id_username" type="text" value="">...<small id="hel
0300: p_username" class="form-text text-muted"></small>..</div>....<di
0340: v class="mb-3">...<label for="id_password">............</label>.
0380: ..<input class="form-control" type="password" name="password" id
03c0: ="id_password" value="">..<small id="help_password" class="form-
0400: text text-muted"></small>..</div>....<div id="remember_me_contai
0440: ner" class="clearfix onoffswitch checkbox mb-3">...<label for="i
0480: d_remember_me">.................. ........</label>...<div class=
04c0: "float-end"><input type="checkbox" name='remember_me' id='id_rem
0500: ember_me' value="1"   /><label class="switchlabel" for='id_remem
0540: ber_me'> <span class="onoffswitch-inner" data-on='....' data-off
0580: ='......'></span><span class="onoffswitch-switch"></span></label
05c0: ></div>...<small class="form-text text-muted"></small>..</div>..
0600: .<button type="submit" name="submit" class="btn btn-primary">...
0640: .......</button>...<a href="https://freehub.space/register" titl
0680: e="................ .............. ...... .............. .. ....
06c0: .......... .. ......................" id="register-link" class="
0700: float-end">......................</a>..<a href="lostpass" title=
0740: "............ ............ ...... ..........?" id="lost-password
0780: -link" >................ ............</a><hr>...<a href="rmagic"
07c0:  class="btn btn-outline-success">.................. ............
0800: ................</a>..</div>....<input type="hidden" name="0" va
0840: lue="" />..</form>......</div>....</div>...</div>..</div>.</div>
0880: ......<div id="page-footer"></div>......<div id="pause"></div>..
08c0: ...</section>.....<aside id="region_3" class="d-none d-xl-block"
0900: ><div class="aside_spacer_top_right"></div><div class="aside_spa
0940: cer_right"><div id="right_aside_wrapper" class="aside_wrapper"><
0980: /div></div></aside>....</div>...</div>..</main>..<footer></foote
09c0: r>.</body>.</html>.
<= Recv SSL data, 5 bytes (0x5)
0000: .....
== Info: Connection #0 to host freehub.space left intact

and Caddy’s:

== Info:   Trying 93.100.163.217...
== Info: TCP_NODELAY set
== Info: Expire in 200 ms for 4 (transfer 0x55865d4b0e20)
== Info: Connected to freehub.space (93.100.163.217) port 443 (#0)
== Info: ALPN, offering h2
== Info: ALPN, offering http/1.1
== Info: successfully set certificate verify locations:
== Info:   CAfile: none
  CApath: /etc/ssl/certs
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
...
<= Recv SSL data, 5 bytes (0x5)
0000: ....z
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
<= Recv SSL data, 122 bytes (0x7a)
0000: ...v..~..d.P(&.[...j.Xo...j=...._prw.. e..).<.$.Nc7....-z......
0040: G...Q........+.....3.$... .{0..w....6..#..w:.S........k~.7
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .... 
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
<= Recv SSL data, 15 bytes (0xf)
0000: .............h2
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Certificate (11):
<= Recv SSL data, 3821 bytes (0xeed)
...
<= Recv SSL data, 5 bytes (0x5)
0000: ...._
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, CERT verify (15):
<= Recv SSL data, 78 bytes (0x4e)
0000: ...J...F0D. K'.)&Fw.....>I......>|h.~..,..... ..m..Y...I8v._4'.F
0040: v.JK.n."...+..
<= Recv SSL data, 5 bytes (0x5)
0000: ....5
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Finished (20):
<= Recv SSL data, 36 bytes (0x24)
0000: ... ..\w..9k..b.,...q..<.0...HKE....
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: ....5
=> Send SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 36 bytes (0x24)
0000: ... .....B"./.....VF#./Sg..9...jGj..
== Info: SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
== Info: ALPN, server accepted to use h2
== Info: Server certificate:
== Info:  subject: CN=freehub.space
== Info:  start date: Oct 29 21:01:34 2021 GMT
== Info:  expire date: Jan 27 21:01:33 2022 GMT
== Info:  subjectAltName: host "freehub.space" matched cert's "freehub.space"
== Info:  issuer: C=US; O=Let's Encrypt; CN=R3
== Info:  SSL certificate verify ok.
== Info: Using HTTP2, server supports multi-use
== Info: Connection state changed (HTTP/2 confirmed)
== Info: Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
=> Send SSL data, 5 bytes (0x5)
0000: ....)
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: ....,
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: .....
=> Send SSL data, 1 bytes (0x1)
0000: .
== Info: Using Stream ID: 1 (easy handle 0x55865d4b0e20)
=> Send SSL data, 5 bytes (0x5)
0000: ....7
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send header, 75 bytes (0x4b)
0000: GET / HTTP/2
000e: Host: freehub.space
0023: User-Agent: curl/7.64.0
003c: Accept: */*
0049: 
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
<= Recv SSL data, 130 bytes (0x82)
0000: ...~..:.......q......(;e...T..?....,..~T........u.......w..\,...
0040: .$....+..6.U..........)v.....c.{.2.7.........Ps-,6%..C....zB...u
0080: ..
<= Recv SSL data, 5 bytes (0x5)
0000: ....2
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
=> Send SSL data, 5 bytes (0x5)
0000: .....
=> Send SSL data, 1 bytes (0x1)
0000: .
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv header, 13 bytes (0xd)
0000: HTTP/2 302 
<= Recv header, 57 bytes (0x39)
0000: alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<= Recv header, 52 bytes (0x34)
0000: cache-control: no-store, no-cache, must-revalidate
<= Recv header, 40 bytes (0x28)
0000: content-type: text/html; charset=UTF-8
<= Recv header, 40 bytes (0x28)
0000: expires: Thu, 19 Nov 1981 08:52:00 GMT
<= Recv header, 52 bytes (0x34)
0000: location: https://freehub.space/page/alado/main_ru
<= Recv header, 18 bytes (0x12)
0000: pragma: no-cache
<= Recv header, 15 bytes (0xf)
0000: server: Caddy
<= Recv header, 76 bytes (0x4c)
0000: set-cookie: PHPSESSID=52n5r97okm2b4e5c7lppk9ip2a; path=/; secure
0040: ; HttpOnly
<= Recv header, 19 bytes (0x13)
0000: status: 302 Found
<= Recv header, 19 bytes (0x13)
0000: content-length: 0
<= Recv header, 37 bytes (0x25)
0000: date: Sat, 04 Dec 2021 20:15:43 GMT
<= Recv header, 2 bytes (0x2)
0000: 
<= Recv data, 0 bytes (0x0)
== Info: Connection #0 to host freehub.space left intact
== Info: Issue another request to this URL: 'https://freehub.space/page/alado/main_ru'
== Info: Found bundle for host freehub.space: 0x55865d4afe50 [can multiplex]
== Info: Re-using existing connection! (#0) with host freehub.space
== Info: Connected to freehub.space (93.100.163.217) port 443 (#0)
== Info: Using Stream ID: 3 (easy handle 0x55865d4b0e20)
=> Send SSL data, 5 bytes (0x5)
0000: ..../
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send header, 93 bytes (0x5d)
0000: GET /page/alado/main_ru HTTP/2
0020: Host: freehub.space
0035: User-Agent: curl/7.64.0
004e: Accept: */*
005b: 
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv header, 13 bytes (0xd)
0000: HTTP/2 404 
<= Recv header, 57 bytes (0x39)
0000: alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<= Recv header, 15 bytes (0xf)
0000: server: Caddy
<= Recv header, 19 bytes (0x13)
0000: content-length: 0
<= Recv header, 37 bytes (0x25)
0000: date: Sat, 04 Dec 2021 20:15:43 GMT
<= Recv header, 2 bytes (0x2)
0000: 
<= Recv data, 0 bytes (0x0)
== Info: Connection #0 to host freehub.space left intact

Alado · December 5, 2021, 12:51pm

Oh, I’m sorry. You asked for page/alado/main_ru without -L flag

Nginx output for curl -v https://freehub.space/page/alado/main_ru:

== Info:   Trying 93.100.163.217...
== Info: TCP_NODELAY set
== Info: Expire in 200 ms for 4 (transfer 0x5619ce30be20)
== Info: Connected to freehub.space (93.100.163.217) port 443 (#0)
== Info: ALPN, offering h2
== Info: ALPN, offering http/1.1
== Info: successfully set certificate verify locations:
== Info:   CAfile: none
  CApath: /etc/ssl/certs
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: ......y!1e................Z.&..r..(... T.X..*.......Pw5.EZi....)
0040: ...e.:2.>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=.
0080: <.5./.....u.........freehub.space........................3t.....
00c0: ....h2.http/1.1.........1.....*.(...............................
0100: ..........+........-.....3.&.$... O..x...Ix.~........j7i./..".D
0140: ................................................................
0180: ................................................................
01c0: ................................................................
<= Recv SSL data, 5 bytes (0x5)
0000: ....j
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
<= Recv SSL data, 106 bytes (0x6a)
0000: ...f..mK|x.......f.J]!.MQc&v.i.(...... ./.o.*...x..XZ....g.<E.(.
0040: !D`7[..............................h2....
<= Recv SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.2 (IN), TLS handshake, Certificate (11):
<= Recv SSL data, 4018 bytes (0xfb2)
0000: .........$0.. 0.....................-....20...*.H........021.0.
0040: ..U....US1.0...U....Let's Encrypt1.0...U....R30...211028202805Z.
0080: .220126202804Z0.1.0...U....freehub.space0.."0...*.H.............
00c0: 0..........4..s6..*..k.k.Ll.1.V....*y..7.*h....<.)+l.|M...j..8.
0100: G^.P'9..Y.z^~l.t?H...g...b=H.|..7qj0.!lc.[.6...J......+u...M..!.
0140: .y.KlW"..y.B......Dl...|?....=.{'s.VO.H.%..Vs.X.0r..... -....=M.
0180: M....g.......1..S...a.\.j.......N"{6sO7..u"~..p.1..x..B..*.4X...
01c0: .....,..[........H0..D0...U...........0...U.%..0...+.........+..
0200: .....0...U.......0.0...U.........3...Ql#..!e.[0.lh0...U.#..0....
0240: ....XV..P.@........0U..+........I0G0!..+.....0...http://r3.o.len
0280: cr.org0"..+.....0...http://r3.i.lencr.org/0...U....0...freehub.s
02c0: pace0L..U. .E0C0...g.....07..+..........0(0&..+.........http://c
0300: ps.letsencrypt.org0.....+.....y............v...^.h.O.l..._N>Z...
0340: ..j^.;.. D\*s...|.........G0E. d..^S}.,\.N....'....6g....4.P.9..
0380: !..R....R..".....M...[_...P\.L.....v.)y...99!.Vs.c.w..W}.`...M]&
03c0: \%].....|.........G0E. ...U..*...$.IxuR..v*..3B.*tk.....!..#../.
0400: ..A...3P..s....G.....6.~xs0...*.H.............\.L..8x.$"..{...I.
0440: ...T.......k......B]K.p.ss....!.Z.F..l...^(^Ew...\....\.l._.l@).
0480: .....T.V.-....1..H..bQ.{..$1.DQ.`...x.....t.F(p=z=7v..Y.y;^..L..
04c0: ..J..1.b...#.F.Q.t"... `'P[.n....gi.k=...,..T.r.).K|.q@|..C...W.
0500: ..h...?$.uA....:Y..0{..j.@+..[.%...8...Ok`."^...0...0..........
0540: ..+.J....S...%._Z0...*.H........0O1.0...U....US1)0'..U... Intern
0580: et Security Research Group1.0...U....ISRG Root X10...20090400000
05c0: 0Z..250915160000Z021.0...U....US1.0...U....Let's Encrypt1.0...U.
0600: ...R30.."0...*.H.............0...........(.........U.......zB..]
0640: &..+..L...k.u....G..U5W....9...<B.Nn.;......\.Y8...i.Z.....$%..7
0680: q..........;ERE...S.4.R......`p..T..m...@4k+..f.f4|.k..W)..0.].r
06c0: o......X=......+.....q].F...%...`guf.....\.S.:..G.......w?.S....
0700: ..p...c.......S...H...i.%u...R...Q.............0...0...U........
0740: ...0...U.%..0...+.........+.......0...U.......0.......0...U.....
0780: ......XV..P.@........0...U.#..0...y.Y.{....s.....X...n02..+.....
07c0: ...&0$0"..+.....0...http://x1.i.lencr.org/0'..U... 0.0.......htt
0800: p://x1.c.lencr.org/0"..U. ..0.0...g.....0...+..........0...*.H..
0840: .............NG>...D...gx..c.uM..=3erT-...... ._..p..n;.^... ...
0880: .......<....9..|%.G.en?F.....+.T....'K.../...q.J....#{.-...W>...
08c0: 3.G!x..'.*....\.d...y.O.mD.^.........D).Y .c.!..&..W..e..."...C.
0900: ...~...7.Z..0..n+*.!N.......^....j...;3..K........?.UC6.h.6.j...
0940: ..@.4...c959un..v.....Kl..........h..e..=wS..y...1.u*C.U.r.)...]
0980: N..F.0..._..y..^p.........aq%*...%PRh........}..l.!1.........=.L
09c0: .8...+.......= .~Y...X.[.H..\O.)..U#......|.../....GF?.....(Mh2.
0a00: g^.i....../..RC.o2WeM2..8S.]~]f)........V.B..N.%8DPm...U...Id.N.
0a40: ...[.s...G...d0..`0..H.......@.w!7..B..v.<d..0...*.H........0?1$
0a80: 0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30..
0ac0: .210120191403Z..240930181403Z0O1.0...U....US1)0'..U... Internet 
0b00: Security Research Group1.0...U....ISRG Root X10.."0...*.H.......
0b40: ......0..........$s..7...+W(......8..n<.W.x.u....jn..O(..h.lD...
0b80: c...k....1.!~.3<.H..y......!.K...qiJffl.~<p..)"........K...~....
0bc0: G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O...K~.....w...{J.L
0c00: .%.p..)..S$........J.?..aQ......cq...o[....\4ylv.;.by..../&.....
0c40: ................6....7..6u...r......I......*.A...v.........5/(.l
0c80: .....dwnG7...Y^h.r....A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx..
0cc0: ..../..>{J.Ks......P.|C.t..t......0.[q6....00\H..;..}`...)......
0d00: ....A.........|.;F.H*..v.v..j.=...8.d..+
0d2a: (.....B.".'].y...p..N...:..'Qn..d.3CO........F0..B0...U.......0.
0d6a: ...0...U...........0K..+........?0=0;..+.....0../http://apps.ide
0daa: ntrust.com/roots/dstrootcax3.p7c0...U.#..0.......{,q...K.u...`..
0dea: .0T..U. .M0K0...g.....0?..+..........000...+........"http://cps.
0e2a: root-x1.letsencrypt.org0<..U...50301./.-.+http://crl.identrust.c
0e6a: om/DSTROOTCAX3CRL.crl0...U......y.Y.{....s.....X...n0...*.H.....
0eaa: .........s.l.n..R.....Z../........P..lB.o...O.D..u.....bnx..'.9\
0eea: ...nV.p.S.......+..... 53..a6.q......E....#(....g...C,........i]
0f2a: ..[.X".MU.pgm.W.F9A..X.Xm..W.6...#......\..I...5...N........;l)#
0f6a: .`.E.L..;.....D.X....EE..]f....o...B...........8..}...I....+.kO.
0faa: .8w....9
<= Recv SSL data, 5 bytes (0x5)
0000: ....,
== Info: TLSv1.2 (IN), TLS handshake, Server key exchange (12):
<= Recv SSL data, 300 bytes (0x12c)
0000: ...(... ...;3.U......6.$..1#Z..W..}v.\,|......e.......s...].\..0
0040: `{..W..M..2H....K.X..]...W..CmX..bL..~H...\Z...._...H....U...&s
0080: ..%..e.../.t..:...."+.....~;;o...I...#..E..c..^..3@\Cn....|VY.
00c0: .}5.tml...3..L....P..z.[..Q.C^.e..N.$.......H.9.iU..5.e.......c.
0100: .b.*0...................U..s>^..SD...;A:..}
<= Recv SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.2 (IN), TLS handshake, Server finished (14):
<= Recv SSL data, 4 bytes (0x4)
0000: ....
=> Send SSL data, 5 bytes (0x5)
0000: ....%
== Info: TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
=> Send SSL data, 37 bytes (0x25)
0000: ...! ...^J.|E2.&..W..)..jd4..;.'..#.|
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: .... 
== Info: TLSv1.2 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 16 bytes (0x10)
0000: .......s...i"*we
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .... 
== Info: TLSv1.2 (IN), TLS handshake, Finished (20):
<= Recv SSL data, 16 bytes (0x10)
0000: ...... ....V...-
== Info: SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
== Info: ALPN, server accepted to use h2
== Info: Server certificate:
== Info:  subject: CN=freehub.space
== Info:  start date: Oct 28 20:28:05 2021 GMT
== Info:  expire date: Jan 26 20:28:04 2022 GMT
== Info:  subjectAltName: host "freehub.space" matched cert's "freehub.space"
== Info:  issuer: C=US; O=Let's Encrypt; CN=R3
== Info:  SSL certificate verify ok.
== Info: Using HTTP2, server supports multi-use
== Info: Connection state changed (HTTP/2 confirmed)
== Info: Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
=> Send SSL data, 5 bytes (0x5)
0000: ....(
=> Send SSL data, 5 bytes (0x5)
0000: ....+
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: Using Stream ID: 1 (easy handle 0x5619ce30be20)
=> Send SSL data, 5 bytes (0x5)
0000: ....E
=> Send header, 93 bytes (0x5d)
0000: GET /page/alado/main_ru HTTP/2
0020: Host: freehub.space
0035: User-Agent: curl/7.64.0
004e: Accept: */*
005b: 
<= Recv SSL data, 5 bytes (0x5)
0000: ....8
== Info: Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
=> Send SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv header, 13 bytes (0xd)
0000: HTTP/2 200 
<= Recv header, 15 bytes (0xf)
0000: server: nginx
<= Recv header, 37 bytes (0x25)
0000: date: Sun, 05 Dec 2021 12:41:17 GMT
<= Recv header, 40 bytes (0x28)
0000: content-type: text/html; charset=utf-8
<= Recv header, 76 bytes (0x4c)
0000: set-cookie: PHPSESSID=38fp93sctjtp9jmn21op324cut; path=/; secure
0040: ; HttpOnly
<= Recv header, 40 bytes (0x28)
0000: expires: Thu, 19 Nov 1981 08:52:00 GMT
<= Recv header, 52 bytes (0x34)
0000: cache-control: no-store, no-cache, must-revalidate
<= Recv header, 18 bytes (0x12)
0000: pragma: no-cache
<= Recv header, 45 bytes (0x2d)
0000: strict-transport-security: max-age=31536000
<= Recv header, 127 bytes (0x7f)
0000: content-security-policy: script-src 'self' 'unsafe-inline' 'unsa
0040: fe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self';
<= Recv header, 40 bytes (0x28)
0000: permissions-policy: interest-cohort=()
<= Recv header, 2 bytes (0x2)
0000: 
<= Recv data, 7744 bytes (0x1e40)
...
<= Recv SSL data, 5 bytes (0x5)
... .
<= Recv data, 8184 bytes (0x1ff8)
...
<= Recv SSL data, 5 bytes (0x5)
0000: .....
== Info: Connection #0 to host freehub.space left intact

Same output for Caddy:

== Info:   Trying 93.100.163.217...
== Info: TCP_NODELAY set
== Info: Expire in 200 ms for 4 (transfer 0x56155b6e7e20)
== Info: Connected to freehub.space (93.100.163.217) port 443 (#0)
== Info: ALPN, offering h2
== Info: ALPN, offering http/1.1
== Info: successfully set certificate verify locations:
== Info:   CAfile: none
  CApath: /etc/ssl/certs
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS handshake, Client hello (1):
=> Send SSL data, 512 bytes (0x200)
0000: .........L...Qt.S...>..t.m..In\.m.s.*.  .N1..nP|..E.o%....x(..9.
0040: .}......>.......,.0.........+./...$.(.k.#.'.g.....9.....3.....=.
0080: <.5./.....u.........freehub.space........................3t.....
00c0: ....h2.http/1.1.........1.....*.(...............................
0100: ..........+........-.....3.&.$... tV..(.+...@......3aVm.pK....9.
0140: ................................................................
0180: ................................................................
01c0: ................................................................
<= Recv SSL data, 5 bytes (0x5)
0000: ....z
== Info: TLSv1.3 (IN), TLS handshake, Server hello (2):
<= Recv SSL data, 122 bytes (0x7a)
0000: ...v......0.P*wZ...?...._.x.F.+.@.W...  .N1..nP|..E.o%....x(..9.
0040: .}...........+.....3.$... w.i..pU..S..mQ.!...G...>....y]a.
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 5 bytes (0x5)
0000: .... 
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
<= Recv SSL data, 15 bytes (0xf)
0000: .............h2
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Certificate (11):
<= Recv SSL data, 3821 bytes (0xeed)
...
<= Recv SSL data, 5 bytes (0x5)
0000: ....`
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, CERT verify (15):
<= Recv SSL data, 79 bytes (0x4f)
0000: ...K...G0E. 3.....m{~..Q..E9/.L...........\.!.......oW...*...dP
0040: m.U...."...f.9.
<= Recv SSL data, 5 bytes (0x5)
0000: ....5
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Finished (20):
<= Recv SSL data, 36 bytes (0x24)
0000: ... .8..L.1]..y..).\..K...^(%.c..Q.f
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: ....5
=> Send SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (OUT), TLS handshake, Finished (20):
=> Send SSL data, 36 bytes (0x24)
0000: ... ...........2....[...YC......4...
== Info: SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
== Info: ALPN, server accepted to use h2
== Info: Server certificate:
== Info:  subject: CN=freehub.space
== Info:  start date: Oct 29 21:01:34 2021 GMT
== Info:  expire date: Jan 27 21:01:33 2022 GMT
== Info:  subjectAltName: host "freehub.space" matched cert's "freehub.space"
== Info:  issuer: C=US; O=Let's Encrypt; CN=R3
== Info:  SSL certificate verify ok.
== Info: Using HTTP2, server supports multi-use
== Info: Connection state changed (HTTP/2 confirmed)
== Info: Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
=> Send SSL data, 5 bytes (0x5)
0000: ....)
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: ....,
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send SSL data, 5 bytes (0x5)
0000: .....
=> Send SSL data, 1 bytes (0x1)
0000: .
== Info: Using Stream ID: 1 (easy handle 0x56155b6e7e20)
=> Send SSL data, 5 bytes (0x5)
0000: ....F
=> Send SSL data, 1 bytes (0x1)
0000: .
=> Send header, 93 bytes (0x5d)
0000: GET /page/alado/main_ru HTTP/2
0020: Host: freehub.space
0035: User-Agent: curl/7.64.0
004e: Accept: */*
005b: 
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
<= Recv SSL data, 130 bytes (0x82)
0000: ...~..:.......q.._.,f.......Z..''^9..H....2.]...K..{..&.VWT....
0040: ..l...t.c.....IB......i.....8.-....../...a...=0.-...@../.,L...`.
0080: ..
<= Recv SSL data, 5 bytes (0x5)
0000: ....2
<= Recv SSL data, 1 bytes (0x1)
0000: .
== Info: Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
=> Send SSL data, 5 bytes (0x5)
0000: .....
=> Send SSL data, 1 bytes (0x1)
0000: .
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv SSL data, 5 bytes (0x5)
0000: .....
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv SSL data, 5 bytes (0x5)
0000: ....h
<= Recv SSL data, 1 bytes (0x1)
0000: .
<= Recv header, 13 bytes (0xd)
0000: HTTP/2 404 
<= Recv header, 57 bytes (0x39)
0000: alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
<= Recv header, 15 bytes (0xf)
0000: server: Caddy
<= Recv header, 19 bytes (0x13)
0000: content-length: 0
<= Recv header, 37 bytes (0x25)
0000: date: Sun, 05 Dec 2021 12:42:39 GMT
<= Recv header, 2 bytes (0x2)
0000: 
<= Recv data, 0 bytes (0x0)
== Info: Connection #0 to host freehub.space left intact

francislavoie · December 6, 2021, 4:30pm

Hmm, okay so there’s no redirect loop that I can tell anymore (good) but it looks like the PHP app doesn’t like how Caddy passes through the request.

Honestly it’s pretty hard to say what the problem is, you might need to ask the developers of hubzilla for help to debug. Their index.php entrypoint doesn’t work the same way as most other modern PHP frameworks (Laravel, Symfony, WordPress, etc).

Alado · December 6, 2021, 5:03pm

Hi Francis. Thanks for trying to help! I will communicate with the developers, although no one answered me on the official Hubzilla forum. I’ll try again.

Alado · December 6, 2021, 11:11pm

Solved it by myself blindly trying some most common patterns

php_fastcgi localhost:9000 
rewrite * /index.php?q={path}&{query}

francislavoie · December 7, 2021, 12:55am

Hmm, that would also rewrite .js and .css requests to /index.php. I feel like that’s not the right thing to do. But if it works, it works… I guess

I have a theory as to why it might not have worked, I’ll try some stuff when I have time (I think that try_files doesn’t properly handle having a ? query in it, and it would look for a file on disk with that name including the query, which isn’t right)

francislavoie · December 7, 2021, 2:33am

Alright, I confirmed that’s the problem – try_files doesn’t support query params, but rewrite does.

The try_files matcher flows into rewrite though. But due to how it’s implemented, try_files ends up looking for a file that literally includes the query string in it, which will never exist. That’s why you got a 404.

I’m trying to figure out if this is something that can be fixed, but it’s looking extra difficult.

I went looking at the Hubzilla source code, and hooo boy it’s terrible. Here’s one file, which is where the initial startup happens: boot.php · master · hubzilla / core · GitLab I have so many complaints. So many things are being done wrong.

I honestly cannot say that Caddy can safely be used with Hubzilla at this time. There’s plenty of potential security problems that would require careful configuration in Caddy to work around.

Biggest one is the fact that they have the index.php right in the top-level of the project. This means that you need to set your root to that location, which means anyone could make a request to any file in the project and get it back, including logs, vendor dependencies, configuration files, maybe even .git and other sensitive paths.

Badbadbadbadbadbad.

Modern best-practice is to put the webroot one level deeper, in a directory called public/ or something like that, so that the root doesn’t have to be at a level where someone could traverse all the files in the project. It is possible to configure Caddy to block all the sensitive paths, but that requires a pretty deep understanding of the project to do safely. Aint nobody got time for that.

Alado · December 7, 2021, 7:57am

Thank you for taking the time to analyse Hubzilla in depth. It’s a fairly old project, with mostly one person as the developer. Of course, the project is far from perfect. I understand your concerns and will try to convey your opinion to Mike (the main developer) .
I’ve now tried to access the internal directories on my site, but it hasn’t worked. Phew…

system · January 2, 2022, 12:47pm

This topic was automatically closed after 30 days. New replies are no longer allowed.