mTLS under FreeBSD

Help
63

I’ve updated how Caddy is integrated with FreeBSD by making it much more compliant with the FreeBSD rc.d framework. The approach now also honours XDG_CONFIG_HOME/XDG_DATA_HOME described in Caddy documentation under File locations. Caddy now creates subdirectories for each of those under a /var/db/caddy root.

This is evidenced by the following sample lines in the process logs:

Frontend

{"level":"debug","ts":"2021-05-24T17:13:19.558+0800","logger":"tls","msg":"loading managed certificate","domain":"readymcgetty.com.au","expiration":"2021-08-22T02:29:03.000Z","issuer_key":"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/db/caddy/data/caddy"}
{"level":"warn","ts":"2021-05-24T17:13:19.558+0800","logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [acme.lan]: no OCSP server specified in certificate"}
{"level":"info","ts":"2021-05-24T17:13:19.577+0800","logger":"pki.ca.local","msg":"root certificate is already trusted by system","path":"storage:pki/authorities/local/root.crt"}
{"level":"info","ts":"2021-05-24T17:13:19.577+0800","msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}

Backend

{"level":"info","ts":"2021-05-24T17:18:36.565+0800","logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/db/caddy/data/caddy"}
{"level":"debug","ts":"2021-05-24T17:18:36.565+0800","logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
{"level":"info","ts":"2021-05-24T17:18:36.565+0800","logger":"http","msg":"enabling automatic TLS certificate management","domains":["test.lan"]}
{"level":"info","ts":"2021-05-24T17:18:36.566+0800","logger":"tls","msg":"finished cleaning storage units"}
{"level":"warn","ts":"2021-05-24T17:18:36.588+0800","logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [test.lan]: no OCSP server specified in certificate"}
{"level":"info","ts":"2021-05-24T17:18:36.588+0800","msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}

I then repeated the tests in posts #59 and #60 to see if anything had changed. As evidenced below, the issues are still reproducible i.e. accessing the subdomain test.udance.com.au is a problem, but accessing its sub-paths is fine.

SUBDOMAIN TESTS

EXTERNAL

Accessing test.udance.com.au redirects to test.lan.

image
image311×640 31.6 KB

Frontend

{"level":"debug","ts":"2021-05-24T16:08:07.508+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{backend}","request":{"remote_addr":"10.1.1.50:34106","proto":"HTTP/1.1","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500","headers":{"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500"],"X-Forwarded-Proto":["https"],"Content-Length":["0"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"Accept":["*/*"],"Accept-Encoding":["deflate, gzip"],"Content-Type":["application/x-www-form-urlencoded"],"X-Forwarded-For":["10.1.1.50"],"X-Forwarded-Host":["test.udance.com.au"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"test.udance.com.au"}},"headers":{"Server":["Caddy"],"X-Powered-By":["PHP/7.4.16"],"Content-Length":["0"],"Date":["Mon, 24 May 2021 08:08:07 GMT"],"Cache-Control":["no-cache, must-revalidate, max-age=0"],"Content-Type":["text/html; charset=UTF-8"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"]},"status":200}
{"level":"debug","ts":"2021-05-24T16:08:07.537+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{backend}","request":{"remote_addr":"162.158.5.217:35172","proto":"HTTP/1.1","method":"GET","host":"test.lan:443","uri":"/","headers":{"Cdn-Loop":["cloudflare"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"],"X-Forwarded-Host":["test.udance.com.au"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Ray":["654508b93cafaec7-KIX"],"Cf-Ipcountry":["AU"],"Cf-Request-Id":["0a3f03c7c00000aec792aac000000001"],"Upgrade-Insecure-Requests":["1"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"X-Forwarded-For":["49.196.36.201, 162.158.5.217"],"Sec-Fetch-Site":["none"],"Cookie":["tk_or=%22%22; tk_lr=%22%22"],"Accept-Encoding":["gzip"],"Cf-Connecting-Ip":["49.196.36.201"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"test.udance.com.au"}},"headers":{"Content-Length":["0"],"Date":["Mon, 24 May 2021 08:08:07 GMT"],"Content-Type":["text/html; charset=UTF-8"],"Location":["https://test.lan/"],"Server":["Caddy"],"Status":["301 Moved Permanently"],"X-Powered-By":["PHP/7.4.16"],"X-Redirect-By":["WordPress"]},"status":301}

Backend

{"level":"debug","ts":"2021-05-24T16:08:05.704+0800","logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_addr":"10.1.1.4:41591","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/","headers":{"Accept-Encoding":["gzip"],"Cf-Request-Id":["0a3f03c7c00000aec792aac000000001"],"Cookie":["tk_or=%22%22; tk_lr=%22%22"],"X-Forwarded-For":["49.196.36.201, 162.158.5.217"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"],"Cf-Ipcountry":["AU"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"X-Forwarded-Host":["test.udance.com.au"],"Cf-Ray":["654508b93cafaec7-KIX"],"Sec-Fetch-Site":["none"],"Upgrade-Insecure-Requests":["1"],"Cf-Connecting-Ip":["49.196.36.201"],"Cdn-Loop":["cloudflare"],"Cf-Visitor":["{\"scheme\":\"https\"}"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"method":"GET","uri":"/index.php"}
{"level":"debug","ts":"2021-05-24T16:08:05.704+0800","logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"10.1.1.4:41591","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/index.php","headers":{"Cdn-Loop":["cloudflare"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Upgrade-Insecure-Requests":["1"],"Cf-Connecting-Ip":["49.196.36.201"],"Cf-Request-Id":["0a3f03c7c00000aec792aac000000001"],"Accept-Encoding":["gzip"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"],"Cf-Ipcountry":["AU"],"Cookie":["tk_or=%22%22; tk_lr=%22%22"],"X-Forwarded-For":["49.196.36.201, 162.158.5.217, 10.1.1.4"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"],"Cf-Ray":["654508b93cafaec7-KIX"],"Sec-Fetch-Site":["none"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"X-Forwarded-Host":["test.udance.com.au"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"dial":"127.0.0.1:9000","env":{"AUTH_TYPE":"","CONTENT_LENGTH":"","CONTENT_TYPE":"","DOCUMENT_ROOT":"/usr/local/www/wordpress","DOCUMENT_URI":"/index.php","GATEWAY_INTERFACE":"CGI/1.1","HTTPS":"on","HTTP_ACCEPT":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3","HTTP_ACCEPT_ENCODING":"gzip","HTTP_ACCEPT_LANGUAGE":"en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7","HTTP_CDN_LOOP":"cloudflare","HTTP_CF_CONNECTING_IP":"49.196.36.201","HTTP_CF_IPCOUNTRY":"AU","HTTP_CF_RAY":"654508b93cafaec7-KIX","HTTP_CF_REQUEST_ID":"0a3f03c7c00000aec792aac000000001","HTTP_CF_VISITOR":"{\"scheme\":\"https\"}","HTTP_COOKIE":"tk_or=%22%22; tk_lr=%22%22","HTTP_HOST":"test.lan:443","HTTP_SEC_FETCH_SITE":"none","HTTP_UPGRADE_INSECURE_REQUESTS":"1","HTTP_USER_AGENT":"Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155","HTTP_X_FORWARDED_FOR":"49.196.36.201, 162.158.5.217, 10.1.1.4","HTTP_X_FORWARDED_HOST":"test.udance.com.au","HTTP_X_FORWARDED_PROTO":"https","PATH_INFO":"","QUERY_STRING":"","REMOTE_ADDR":"10.1.1.4","REMOTE_HOST":"10.1.1.4","REMOTE_IDENT":"","REMOTE_PORT":"41591","REMOTE_USER":"","REQUEST_METHOD":"GET","REQUEST_SCHEME":"https","REQUEST_URI":"/","SCRIPT_FILENAME":"/usr/local/www/wordpress/index.php","SCRIPT_NAME":"/index.php","SERVER_NAME":"test.lan","SERVER_PORT":"80","SERVER_PROTOCOL":"HTTP/2.0","SERVER_SOFTWARE":"Caddy/v2.4.1","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","SSL_PROTOCOL":"TLSv1.3"}}
{"level":"debug","ts":"2021-05-24T16:08:07.393+0800","logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"10.1.1.4:41591","proto":"HTTP/2.0","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500","headers":{"Accept-Encoding":["deflate, gzip"],"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"X-Forwarded-For":["10.1.1.50, 10.1.1.4"],"Content-Length":["0"],"Accept":["*/*"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["test.udance.com.au"],"Content-Type":["application/x-www-form-urlencoded"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"dial":"127.0.0.1:9000","env":{"AUTH_TYPE":"","CONTENT_LENGTH":"0","CONTENT_TYPE":"application/x-www-form-urlencoded","DOCUMENT_ROOT":"/usr/local/www/wordpress","DOCUMENT_URI":"/wp-cron.php","GATEWAY_INTERFACE":"CGI/1.1","HTTPS":"on","HTTP_ACCEPT":"*/*","HTTP_ACCEPT_ENCODING":"deflate, gzip","HTTP_CONTENT_LENGTH":"0","HTTP_CONTENT_TYPE":"application/x-www-form-urlencoded","HTTP_HOST":"test.lan:443","HTTP_REFERER":"https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500","HTTP_USER_AGENT":"WordPress/5.7.2; https://test.udance.com.au","HTTP_X_FORWARDED_FOR":"10.1.1.50, 10.1.1.4","HTTP_X_FORWARDED_HOST":"test.udance.com.au","HTTP_X_FORWARDED_PROTO":"https","PATH_INFO":"","QUERY_STRING":"doing_wp_cron=1621843687.3493719100952148437500","REMOTE_ADDR":"10.1.1.4","REMOTE_HOST":"10.1.1.4","REMOTE_IDENT":"","REMOTE_PORT":"41591","REMOTE_USER":"","REQUEST_METHOD":"POST","REQUEST_SCHEME":"https","REQUEST_URI":"/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500","SCRIPT_FILENAME":"/usr/local/www/wordpress/wp-cron.php","SCRIPT_NAME":"/wp-cron.php","SERVER_NAME":"test.lan","SERVER_PORT":"80","SERVER_PROTOCOL":"HTTP/2.0","SERVER_SOFTWARE":"Caddy/v2.4.1","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","SSL_PROTOCOL":"TLSv1.3"}}
{"level":"debug","ts":"2021-05-24T16:08:07.509+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","request":{"remote_addr":"10.1.1.4:41591","proto":"HTTP/2.0","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500","headers":{"X-Forwarded-Host":["test.udance.com.au"],"Content-Type":["application/x-www-form-urlencoded"],"Accept":["*/*"],"X-Forwarded-Proto":["https"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"X-Forwarded-For":["10.1.1.50, 10.1.1.4"],"Content-Length":["0"],"Accept-Encoding":["deflate, gzip"],"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"headers":{"X-Powered-By":["PHP/7.4.16"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"],"Cache-Control":["no-cache, must-revalidate, max-age=0"],"Content-Type":["text/html; charset=UTF-8"]},"status":200}
{"level":"debug","ts":"2021-05-24T16:08:07.538+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","request":{"remote_addr":"10.1.1.4:41591","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/index.php","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"],"Cf-Ipcountry":["AU"],"Cookie":["tk_or=%22%22; tk_lr=%22%22"],"X-Forwarded-For":["49.196.36.201, 162.158.5.217, 10.1.1.4"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"],"Cf-Ray":["654508b93cafaec7-KIX"],"Sec-Fetch-Site":["none"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"X-Forwarded-Host":["test.udance.com.au"],"Cdn-Loop":["cloudflare"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Upgrade-Insecure-Requests":["1"],"Cf-Connecting-Ip":["49.196.36.201"],"Cf-Request-Id":["0a3f03c7c00000aec792aac000000001"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"headers":{"Status":["301 Moved Permanently"],"X-Powered-By":["PHP/7.4.16"],"Content-Type":["text/html; charset=UTF-8"],"X-Redirect-By":["WordPress"],"Location":["https://test.lan/"]},"status":301}

INTERNAL

Accessing test.udance.com.au redirects to test.lan .

mtls7

Frontend

{"level":"debug","ts":"2021-05-24T16:25:04.490+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{backend}","request":{"remote_addr":"10.1.1.50:35992","proto":"HTTP/1.1","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750","headers":{"Content-Length":["0"],"X-Forwarded-For":["10.1.1.50"],"Accept-Encoding":["deflate, gzip"],"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750"],"X-Forwarded-Proto":["https"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"Accept":["*/*"],"Content-Type":["application/x-www-form-urlencoded"],"X-Forwarded-Host":["test.udance.com.au"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"test.udance.com.au"}},"headers":{"X-Powered-By":["PHP/7.4.16"],"Content-Length":["0"],"Date":["Mon, 24 May 2021 08:25:04 GMT"],"Cache-Control":["no-cache, must-revalidate, max-age=0"],"Content-Type":["text/html; charset=UTF-8"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"],"Server":["Caddy"]},"status":200}
{"level":"debug","ts":"2021-05-24T16:25:04.519+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{backend}","request":{"remote_addr":"10.1.1.222:49694","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/","headers":{"X-Forwarded-For":["10.1.1.222"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-User":["?1"],"X-Forwarded-Host":["test.udance.com.au"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\""],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Site":["none"],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"test.udance.com.au"}},"headers":{"Location":["https://test.lan/"],"Server":["Caddy"],"Status":["301 Moved Permanently"],"X-Powered-By":["PHP/7.4.16"],"X-Redirect-By":["WordPress"],"Content-Length":["0"],"Date":["Mon, 24 May 2021 08:25:04 GMT"],"Content-Type":["text/html; charset=UTF-8"]},"status":301}
root@caddy:~ #

Backend

{"level":"debug","ts":"2021-05-24T16:25:02.700+0800","logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/","headers":{"X-Forwarded-Host":["test.udance.com.au"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-For":["10.1.1.222"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\""],"Sec-Fetch-User":["?1"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66"],"Sec-Fetch-Site":["none"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Language":["en-US,en;q=0.9"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"method":"GET","uri":"/index.php"}
{"level":"debug","ts":"2021-05-24T16:25:02.700+0800","logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/index.php","headers":{"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66"],"Sec-Fetch-Site":["none"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Language":["en-US,en;q=0.9"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"X-Forwarded-Host":["test.udance.com.au"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-For":["10.1.1.222, 10.1.1.4"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\""],"Sec-Fetch-User":["?1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"dial":"127.0.0.1:9000","env":{"AUTH_TYPE":"","CONTENT_LENGTH":"","CONTENT_TYPE":"","DOCUMENT_ROOT":"/usr/local/www/wordpress","DOCUMENT_URI":"/index.php","GATEWAY_INTERFACE":"CGI/1.1","HTTPS":"on","HTTP_ACCEPT":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","HTTP_ACCEPT_ENCODING":"gzip, deflate, br","HTTP_ACCEPT_LANGUAGE":"en-US,en;q=0.9","HTTP_HOST":"test.lan:443","HTTP_SEC_CH_UA":"\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\"","HTTP_SEC_CH_UA_MOBILE":"?0","HTTP_SEC_FETCH_DEST":"document","HTTP_SEC_FETCH_MODE":"navigate","HTTP_SEC_FETCH_SITE":"none","HTTP_SEC_FETCH_USER":"?1","HTTP_UPGRADE_INSECURE_REQUESTS":"1","HTTP_USER_AGENT":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66","HTTP_X_FORWARDED_FOR":"10.1.1.222, 10.1.1.4","HTTP_X_FORWARDED_HOST":"test.udance.com.au","HTTP_X_FORWARDED_PROTO":"https","PATH_INFO":"","QUERY_STRING":"","REMOTE_ADDR":"10.1.1.4","REMOTE_HOST":"10.1.1.4","REMOTE_IDENT":"","REMOTE_PORT":"46355","REMOTE_USER":"","REQUEST_METHOD":"GET","REQUEST_SCHEME":"https","REQUEST_URI":"/","SCRIPT_FILENAME":"/usr/local/www/wordpress/index.php","SCRIPT_NAME":"/index.php","SERVER_NAME":"test.lan","SERVER_PORT":"80","SERVER_PROTOCOL":"HTTP/2.0","SERVER_SOFTWARE":"Caddy/v2.4.1","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","SSL_PROTOCOL":"TLSv1.3"}}
{"level":"debug","ts":"2021-05-24T16:25:04.376+0800","logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750","headers":{"Accept":["*/*"],"Content-Type":["application/x-www-form-urlencoded"],"Accept-Encoding":["deflate, gzip"],"X-Forwarded-Proto":["https"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"X-Forwarded-For":["10.1.1.50, 10.1.1.4"],"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750"],"Content-Length":["0"],"X-Forwarded-Host":["test.udance.com.au"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"dial":"127.0.0.1:9000","env":{"AUTH_TYPE":"","CONTENT_LENGTH":"0","CONTENT_TYPE":"application/x-www-form-urlencoded","DOCUMENT_ROOT":"/usr/local/www/wordpress","DOCUMENT_URI":"/wp-cron.php","GATEWAY_INTERFACE":"CGI/1.1","HTTPS":"on","HTTP_ACCEPT":"*/*","HTTP_ACCEPT_ENCODING":"deflate, gzip","HTTP_CONTENT_LENGTH":"0","HTTP_CONTENT_TYPE":"application/x-www-form-urlencoded","HTTP_HOST":"test.lan:443","HTTP_REFERER":"https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750","HTTP_USER_AGENT":"WordPress/5.7.2; https://test.udance.com.au","HTTP_X_FORWARDED_FOR":"10.1.1.50, 10.1.1.4","HTTP_X_FORWARDED_HOST":"test.udance.com.au","HTTP_X_FORWARDED_PROTO":"https","PATH_INFO":"","QUERY_STRING":"doing_wp_cron=1621844704.3333621025085449218750","REMOTE_ADDR":"10.1.1.4","REMOTE_HOST":"10.1.1.4","REMOTE_IDENT":"","REMOTE_PORT":"46355","REMOTE_USER":"","REQUEST_METHOD":"POST","REQUEST_SCHEME":"https","REQUEST_URI":"/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750","SCRIPT_FILENAME":"/usr/local/www/wordpress/wp-cron.php","SCRIPT_NAME":"/wp-cron.php","SERVER_NAME":"test.lan","SERVER_PORT":"80","SERVER_PROTOCOL":"HTTP/2.0","SERVER_SOFTWARE":"Caddy/v2.4.1","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","SSL_PROTOCOL":"TLSv1.3"}}
{"level":"debug","ts":"2021-05-24T16:25:04.490+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750","headers":{"X-Forwarded-Host":["test.udance.com.au"],"X-Forwarded-For":["10.1.1.50, 10.1.1.4"],"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750"],"Content-Length":["0"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"Accept":["*/*"],"Content-Type":["application/x-www-form-urlencoded"],"Accept-Encoding":["deflate, gzip"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"headers":{"Cache-Control":["no-cache, must-revalidate, max-age=0"],"Content-Type":["text/html; charset=UTF-8"],"X-Powered-By":["PHP/7.4.16"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"]},"status":200}
{"level":"debug","ts":"2021-05-24T16:25:04.519+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/index.php","headers":{"X-Forwarded-Host":["test.udance.com.au"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-For":["10.1.1.222, 10.1.1.4"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\""],"Sec-Fetch-User":["?1"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66"],"Sec-Fetch-Site":["none"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Language":["en-US,en;q=0.9"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"headers":{"Status":["301 Moved Permanently"],"X-Powered-By":["PHP/7.4.16"],"Content-Type":["text/html; charset=UTF-8"],"X-Redirect-By":["WordPress"],"Location":["https://test.lan/"]},"status":301}
{"level":"debug","ts":"2021-05-24T16:25:04.561+0800","logger":"http.stdlib","msg":"http: TLS handshake error from 10.1.1.222:49698: remote error: tls: unknown certificate"}

Continued in next post…