mTLS under FreeBSD

Rob789 · May 22, 2021, 5:46pm

Accessing the backend host directly doesn’t work for me either but this is expected. Unless you install the root CA in your browser.

Iv’e setup my split-DNS to redirect to the frontend Caddy ie nextcloud.mydomain.com goes straight to 192.168.2.2

Just an extra warning; I lost a lot of time debugging a working config because my browsers had something in the cache that would prevent a successful connection. I also had very different (cache) behaviour between Chrome and Firefox. I think the best results for me was to clear the browser cache and then close all browser windows before reconnecting again.

I also noticed that Caddy can get into a condition where the certificate renewal doesn’t work correctly:

I empty the Caddy storage ie rm -rf /.local/share on both the frontend and backend
I restart Caddy frontend to generate a new root CA for the internal ACME server
I copy the new certificate to the backend
I start Caddy on the backend
New certificates are being issues but connecting to the services gives me a certificate error similar to

"x509: certificate signed by unknown authority"

but there was an additional message which I lost and although I could reproduce this 3 times, not anymore…

Restarting Caddy may solve this but I don’t have solid proof (yet). When I do I’ll report this in a separate topic.

basil · May 22, 2021, 7:11pm

I do understand that, but that’s not what’s happening here. Strangely, when I access test.udance.com.au internally in my setup, I get a redirection to test.lan. Accessing sub-paths of test.udance.com.au are fine though.

Earlier, I was also getting a redirection to test.lan if I accessed test.udance.com.au externally. That’s since stopped and I now get a 502 error. Possibly, the difference is how quickly the CDN updates its caches.

Agree. I found that out the hard way too.

basil · May 24, 2021, 9:28am

I’ve updated how Caddy is integrated with FreeBSD by making it much more compliant with the FreeBSD rc.d framework. The approach now also honours XDG_CONFIG_HOME/XDG_DATA_HOME described in Caddy documentation under File locations. Caddy now creates subdirectories for each of those under a /var/db/caddy root.

This is evidenced by the following sample lines in the process logs:

Frontend

{"level":"debug","ts":"2021-05-24T17:13:19.558+0800","logger":"tls","msg":"loading managed certificate","domain":"readymcgetty.com.au","expiration":"2021-08-22T02:29:03.000Z","issuer_key":"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/var/db/caddy/data/caddy"}
{"level":"warn","ts":"2021-05-24T17:13:19.558+0800","logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [acme.lan]: no OCSP server specified in certificate"}
{"level":"info","ts":"2021-05-24T17:13:19.577+0800","logger":"pki.ca.local","msg":"root certificate is already trusted by system","path":"storage:pki/authorities/local/root.crt"}
{"level":"info","ts":"2021-05-24T17:13:19.577+0800","msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}

Backend

{"level":"info","ts":"2021-05-24T17:18:36.565+0800","logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/db/caddy/data/caddy"}
{"level":"debug","ts":"2021-05-24T17:18:36.565+0800","logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
{"level":"info","ts":"2021-05-24T17:18:36.565+0800","logger":"http","msg":"enabling automatic TLS certificate management","domains":["test.lan"]}
{"level":"info","ts":"2021-05-24T17:18:36.566+0800","logger":"tls","msg":"finished cleaning storage units"}
{"level":"warn","ts":"2021-05-24T17:18:36.588+0800","logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [test.lan]: no OCSP server specified in certificate"}
{"level":"info","ts":"2021-05-24T17:18:36.588+0800","msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}

I then repeated the tests in posts #59 and #60 to see if anything had changed. As evidenced below, the issues are still reproducible i.e. accessing the subdomain test.udance.com.au is a problem, but accessing its sub-paths is fine.

SUBDOMAIN TESTS

EXTERNAL

Accessing test.udance.com.au redirects to test.lan.

Frontend

{"level":"debug","ts":"2021-05-24T16:08:07.508+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{backend}","request":{"remote_addr":"10.1.1.50:34106","proto":"HTTP/1.1","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500","headers":{"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500"],"X-Forwarded-Proto":["https"],"Content-Length":["0"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"Accept":["*/*"],"Accept-Encoding":["deflate, gzip"],"Content-Type":["application/x-www-form-urlencoded"],"X-Forwarded-For":["10.1.1.50"],"X-Forwarded-Host":["test.udance.com.au"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"test.udance.com.au"}},"headers":{"Server":["Caddy"],"X-Powered-By":["PHP/7.4.16"],"Content-Length":["0"],"Date":["Mon, 24 May 2021 08:08:07 GMT"],"Cache-Control":["no-cache, must-revalidate, max-age=0"],"Content-Type":["text/html; charset=UTF-8"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"]},"status":200}
{"level":"debug","ts":"2021-05-24T16:08:07.537+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{backend}","request":{"remote_addr":"162.158.5.217:35172","proto":"HTTP/1.1","method":"GET","host":"test.lan:443","uri":"/","headers":{"Cdn-Loop":["cloudflare"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"],"X-Forwarded-Host":["test.udance.com.au"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Ray":["654508b93cafaec7-KIX"],"Cf-Ipcountry":["AU"],"Cf-Request-Id":["0a3f03c7c00000aec792aac000000001"],"Upgrade-Insecure-Requests":["1"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"X-Forwarded-For":["49.196.36.201, 162.158.5.217"],"Sec-Fetch-Site":["none"],"Cookie":["tk_or=%22%22; tk_lr=%22%22"],"Accept-Encoding":["gzip"],"Cf-Connecting-Ip":["49.196.36.201"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"test.udance.com.au"}},"headers":{"Content-Length":["0"],"Date":["Mon, 24 May 2021 08:08:07 GMT"],"Content-Type":["text/html; charset=UTF-8"],"Location":["https://test.lan/"],"Server":["Caddy"],"Status":["301 Moved Permanently"],"X-Powered-By":["PHP/7.4.16"],"X-Redirect-By":["WordPress"]},"status":301}

Backend

{"level":"debug","ts":"2021-05-24T16:08:05.704+0800","logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_addr":"10.1.1.4:41591","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/","headers":{"Accept-Encoding":["gzip"],"Cf-Request-Id":["0a3f03c7c00000aec792aac000000001"],"Cookie":["tk_or=%22%22; tk_lr=%22%22"],"X-Forwarded-For":["49.196.36.201, 162.158.5.217"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"],"Cf-Ipcountry":["AU"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"X-Forwarded-Host":["test.udance.com.au"],"Cf-Ray":["654508b93cafaec7-KIX"],"Sec-Fetch-Site":["none"],"Upgrade-Insecure-Requests":["1"],"Cf-Connecting-Ip":["49.196.36.201"],"Cdn-Loop":["cloudflare"],"Cf-Visitor":["{\"scheme\":\"https\"}"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"method":"GET","uri":"/index.php"}
{"level":"debug","ts":"2021-05-24T16:08:05.704+0800","logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"10.1.1.4:41591","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/index.php","headers":{"Cdn-Loop":["cloudflare"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Upgrade-Insecure-Requests":["1"],"Cf-Connecting-Ip":["49.196.36.201"],"Cf-Request-Id":["0a3f03c7c00000aec792aac000000001"],"Accept-Encoding":["gzip"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"],"Cf-Ipcountry":["AU"],"Cookie":["tk_or=%22%22; tk_lr=%22%22"],"X-Forwarded-For":["49.196.36.201, 162.158.5.217, 10.1.1.4"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"],"Cf-Ray":["654508b93cafaec7-KIX"],"Sec-Fetch-Site":["none"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"X-Forwarded-Host":["test.udance.com.au"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"dial":"127.0.0.1:9000","env":{"AUTH_TYPE":"","CONTENT_LENGTH":"","CONTENT_TYPE":"","DOCUMENT_ROOT":"/usr/local/www/wordpress","DOCUMENT_URI":"/index.php","GATEWAY_INTERFACE":"CGI/1.1","HTTPS":"on","HTTP_ACCEPT":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3","HTTP_ACCEPT_ENCODING":"gzip","HTTP_ACCEPT_LANGUAGE":"en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7","HTTP_CDN_LOOP":"cloudflare","HTTP_CF_CONNECTING_IP":"49.196.36.201","HTTP_CF_IPCOUNTRY":"AU","HTTP_CF_RAY":"654508b93cafaec7-KIX","HTTP_CF_REQUEST_ID":"0a3f03c7c00000aec792aac000000001","HTTP_CF_VISITOR":"{\"scheme\":\"https\"}","HTTP_COOKIE":"tk_or=%22%22; tk_lr=%22%22","HTTP_HOST":"test.lan:443","HTTP_SEC_FETCH_SITE":"none","HTTP_UPGRADE_INSECURE_REQUESTS":"1","HTTP_USER_AGENT":"Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155","HTTP_X_FORWARDED_FOR":"49.196.36.201, 162.158.5.217, 10.1.1.4","HTTP_X_FORWARDED_HOST":"test.udance.com.au","HTTP_X_FORWARDED_PROTO":"https","PATH_INFO":"","QUERY_STRING":"","REMOTE_ADDR":"10.1.1.4","REMOTE_HOST":"10.1.1.4","REMOTE_IDENT":"","REMOTE_PORT":"41591","REMOTE_USER":"","REQUEST_METHOD":"GET","REQUEST_SCHEME":"https","REQUEST_URI":"/","SCRIPT_FILENAME":"/usr/local/www/wordpress/index.php","SCRIPT_NAME":"/index.php","SERVER_NAME":"test.lan","SERVER_PORT":"80","SERVER_PROTOCOL":"HTTP/2.0","SERVER_SOFTWARE":"Caddy/v2.4.1","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","SSL_PROTOCOL":"TLSv1.3"}}
{"level":"debug","ts":"2021-05-24T16:08:07.393+0800","logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"10.1.1.4:41591","proto":"HTTP/2.0","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500","headers":{"Accept-Encoding":["deflate, gzip"],"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"X-Forwarded-For":["10.1.1.50, 10.1.1.4"],"Content-Length":["0"],"Accept":["*/*"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["test.udance.com.au"],"Content-Type":["application/x-www-form-urlencoded"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"dial":"127.0.0.1:9000","env":{"AUTH_TYPE":"","CONTENT_LENGTH":"0","CONTENT_TYPE":"application/x-www-form-urlencoded","DOCUMENT_ROOT":"/usr/local/www/wordpress","DOCUMENT_URI":"/wp-cron.php","GATEWAY_INTERFACE":"CGI/1.1","HTTPS":"on","HTTP_ACCEPT":"*/*","HTTP_ACCEPT_ENCODING":"deflate, gzip","HTTP_CONTENT_LENGTH":"0","HTTP_CONTENT_TYPE":"application/x-www-form-urlencoded","HTTP_HOST":"test.lan:443","HTTP_REFERER":"https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500","HTTP_USER_AGENT":"WordPress/5.7.2; https://test.udance.com.au","HTTP_X_FORWARDED_FOR":"10.1.1.50, 10.1.1.4","HTTP_X_FORWARDED_HOST":"test.udance.com.au","HTTP_X_FORWARDED_PROTO":"https","PATH_INFO":"","QUERY_STRING":"doing_wp_cron=1621843687.3493719100952148437500","REMOTE_ADDR":"10.1.1.4","REMOTE_HOST":"10.1.1.4","REMOTE_IDENT":"","REMOTE_PORT":"41591","REMOTE_USER":"","REQUEST_METHOD":"POST","REQUEST_SCHEME":"https","REQUEST_URI":"/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500","SCRIPT_FILENAME":"/usr/local/www/wordpress/wp-cron.php","SCRIPT_NAME":"/wp-cron.php","SERVER_NAME":"test.lan","SERVER_PORT":"80","SERVER_PROTOCOL":"HTTP/2.0","SERVER_SOFTWARE":"Caddy/v2.4.1","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","SSL_PROTOCOL":"TLSv1.3"}}
{"level":"debug","ts":"2021-05-24T16:08:07.509+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","request":{"remote_addr":"10.1.1.4:41591","proto":"HTTP/2.0","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500","headers":{"X-Forwarded-Host":["test.udance.com.au"],"Content-Type":["application/x-www-form-urlencoded"],"Accept":["*/*"],"X-Forwarded-Proto":["https"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"X-Forwarded-For":["10.1.1.50, 10.1.1.4"],"Content-Length":["0"],"Accept-Encoding":["deflate, gzip"],"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621843687.3493719100952148437500"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"headers":{"X-Powered-By":["PHP/7.4.16"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"],"Cache-Control":["no-cache, must-revalidate, max-age=0"],"Content-Type":["text/html; charset=UTF-8"]},"status":200}
{"level":"debug","ts":"2021-05-24T16:08:07.538+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","request":{"remote_addr":"10.1.1.4:41591","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/index.php","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"],"Cf-Ipcountry":["AU"],"Cookie":["tk_or=%22%22; tk_lr=%22%22"],"X-Forwarded-For":["49.196.36.201, 162.158.5.217, 10.1.1.4"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"],"Cf-Ray":["654508b93cafaec7-KIX"],"Sec-Fetch-Site":["none"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"X-Forwarded-Host":["test.udance.com.au"],"Cdn-Loop":["cloudflare"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Upgrade-Insecure-Requests":["1"],"Cf-Connecting-Ip":["49.196.36.201"],"Cf-Request-Id":["0a3f03c7c00000aec792aac000000001"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"headers":{"Status":["301 Moved Permanently"],"X-Powered-By":["PHP/7.4.16"],"Content-Type":["text/html; charset=UTF-8"],"X-Redirect-By":["WordPress"],"Location":["https://test.lan/"]},"status":301}

INTERNAL

Accessing test.udance.com.au redirects to test.lan .

mtls7

Frontend

{"level":"debug","ts":"2021-05-24T16:25:04.490+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{backend}","request":{"remote_addr":"10.1.1.50:35992","proto":"HTTP/1.1","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750","headers":{"Content-Length":["0"],"X-Forwarded-For":["10.1.1.50"],"Accept-Encoding":["deflate, gzip"],"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750"],"X-Forwarded-Proto":["https"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"Accept":["*/*"],"Content-Type":["application/x-www-form-urlencoded"],"X-Forwarded-Host":["test.udance.com.au"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","proto_mutual":true,"server_name":"test.udance.com.au"}},"headers":{"X-Powered-By":["PHP/7.4.16"],"Content-Length":["0"],"Date":["Mon, 24 May 2021 08:25:04 GMT"],"Cache-Control":["no-cache, must-revalidate, max-age=0"],"Content-Type":["text/html; charset=UTF-8"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"],"Server":["Caddy"]},"status":200}
{"level":"debug","ts":"2021-05-24T16:25:04.519+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{backend}","request":{"remote_addr":"10.1.1.222:49694","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/","headers":{"X-Forwarded-For":["10.1.1.222"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-User":["?1"],"X-Forwarded-Host":["test.udance.com.au"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\""],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Site":["none"],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"test.udance.com.au"}},"headers":{"Location":["https://test.lan/"],"Server":["Caddy"],"Status":["301 Moved Permanently"],"X-Powered-By":["PHP/7.4.16"],"X-Redirect-By":["WordPress"],"Content-Length":["0"],"Date":["Mon, 24 May 2021 08:25:04 GMT"],"Content-Type":["text/html; charset=UTF-8"]},"status":301}
root@caddy:~ #

Backend

{"level":"debug","ts":"2021-05-24T16:25:02.700+0800","logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/","headers":{"X-Forwarded-Host":["test.udance.com.au"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-For":["10.1.1.222"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\""],"Sec-Fetch-User":["?1"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66"],"Sec-Fetch-Site":["none"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Language":["en-US,en;q=0.9"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"method":"GET","uri":"/index.php"}
{"level":"debug","ts":"2021-05-24T16:25:02.700+0800","logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/index.php","headers":{"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66"],"Sec-Fetch-Site":["none"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Language":["en-US,en;q=0.9"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"X-Forwarded-Host":["test.udance.com.au"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-For":["10.1.1.222, 10.1.1.4"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\""],"Sec-Fetch-User":["?1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"dial":"127.0.0.1:9000","env":{"AUTH_TYPE":"","CONTENT_LENGTH":"","CONTENT_TYPE":"","DOCUMENT_ROOT":"/usr/local/www/wordpress","DOCUMENT_URI":"/index.php","GATEWAY_INTERFACE":"CGI/1.1","HTTPS":"on","HTTP_ACCEPT":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","HTTP_ACCEPT_ENCODING":"gzip, deflate, br","HTTP_ACCEPT_LANGUAGE":"en-US,en;q=0.9","HTTP_HOST":"test.lan:443","HTTP_SEC_CH_UA":"\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\"","HTTP_SEC_CH_UA_MOBILE":"?0","HTTP_SEC_FETCH_DEST":"document","HTTP_SEC_FETCH_MODE":"navigate","HTTP_SEC_FETCH_SITE":"none","HTTP_SEC_FETCH_USER":"?1","HTTP_UPGRADE_INSECURE_REQUESTS":"1","HTTP_USER_AGENT":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66","HTTP_X_FORWARDED_FOR":"10.1.1.222, 10.1.1.4","HTTP_X_FORWARDED_HOST":"test.udance.com.au","HTTP_X_FORWARDED_PROTO":"https","PATH_INFO":"","QUERY_STRING":"","REMOTE_ADDR":"10.1.1.4","REMOTE_HOST":"10.1.1.4","REMOTE_IDENT":"","REMOTE_PORT":"46355","REMOTE_USER":"","REQUEST_METHOD":"GET","REQUEST_SCHEME":"https","REQUEST_URI":"/","SCRIPT_FILENAME":"/usr/local/www/wordpress/index.php","SCRIPT_NAME":"/index.php","SERVER_NAME":"test.lan","SERVER_PORT":"80","SERVER_PROTOCOL":"HTTP/2.0","SERVER_SOFTWARE":"Caddy/v2.4.1","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","SSL_PROTOCOL":"TLSv1.3"}}
{"level":"debug","ts":"2021-05-24T16:25:04.376+0800","logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750","headers":{"Accept":["*/*"],"Content-Type":["application/x-www-form-urlencoded"],"Accept-Encoding":["deflate, gzip"],"X-Forwarded-Proto":["https"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"X-Forwarded-For":["10.1.1.50, 10.1.1.4"],"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750"],"Content-Length":["0"],"X-Forwarded-Host":["test.udance.com.au"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"dial":"127.0.0.1:9000","env":{"AUTH_TYPE":"","CONTENT_LENGTH":"0","CONTENT_TYPE":"application/x-www-form-urlencoded","DOCUMENT_ROOT":"/usr/local/www/wordpress","DOCUMENT_URI":"/wp-cron.php","GATEWAY_INTERFACE":"CGI/1.1","HTTPS":"on","HTTP_ACCEPT":"*/*","HTTP_ACCEPT_ENCODING":"deflate, gzip","HTTP_CONTENT_LENGTH":"0","HTTP_CONTENT_TYPE":"application/x-www-form-urlencoded","HTTP_HOST":"test.lan:443","HTTP_REFERER":"https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750","HTTP_USER_AGENT":"WordPress/5.7.2; https://test.udance.com.au","HTTP_X_FORWARDED_FOR":"10.1.1.50, 10.1.1.4","HTTP_X_FORWARDED_HOST":"test.udance.com.au","HTTP_X_FORWARDED_PROTO":"https","PATH_INFO":"","QUERY_STRING":"doing_wp_cron=1621844704.3333621025085449218750","REMOTE_ADDR":"10.1.1.4","REMOTE_HOST":"10.1.1.4","REMOTE_IDENT":"","REMOTE_PORT":"46355","REMOTE_USER":"","REQUEST_METHOD":"POST","REQUEST_SCHEME":"https","REQUEST_URI":"/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750","SCRIPT_FILENAME":"/usr/local/www/wordpress/wp-cron.php","SCRIPT_NAME":"/wp-cron.php","SERVER_NAME":"test.lan","SERVER_PORT":"80","SERVER_PROTOCOL":"HTTP/2.0","SERVER_SOFTWARE":"Caddy/v2.4.1","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","SSL_PROTOCOL":"TLSv1.3"}}
{"level":"debug","ts":"2021-05-24T16:25:04.490+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750","headers":{"X-Forwarded-Host":["test.udance.com.au"],"X-Forwarded-For":["10.1.1.50, 10.1.1.4"],"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621844704.3333621025085449218750"],"Content-Length":["0"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"Accept":["*/*"],"Content-Type":["application/x-www-form-urlencoded"],"Accept-Encoding":["deflate, gzip"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"headers":{"Cache-Control":["no-cache, must-revalidate, max-age=0"],"Content-Type":["text/html; charset=UTF-8"],"X-Powered-By":["PHP/7.4.16"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"]},"status":200}
{"level":"debug","ts":"2021-05-24T16:25:04.519+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/index.php","headers":{"X-Forwarded-Host":["test.udance.com.au"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-For":["10.1.1.222, 10.1.1.4"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\""],"Sec-Fetch-User":["?1"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66"],"Sec-Fetch-Site":["none"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Language":["en-US,en;q=0.9"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"headers":{"Status":["301 Moved Permanently"],"X-Powered-By":["PHP/7.4.16"],"Content-Type":["text/html; charset=UTF-8"],"X-Redirect-By":["WordPress"],"Location":["https://test.lan/"]},"status":301}
{"level":"debug","ts":"2021-05-24T16:25:04.561+0800","logger":"http.stdlib","msg":"http: TLS handshake error from 10.1.1.222:49698: remote error: tls: unknown certificate"}

Continued in next post…

basil · May 24, 2021, 9:28am

SUB-PATH TESTS

EXTERNAL

Frontend

{"level":"debug","ts":"2021-05-24T16:40:17.651+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{backend}","request":{"remote_addr":"162.158.118.125:38708","proto":"HTTP/1.1","method":"GET","host":"test.lan:443","uri":"/phpmyadmin/","headers":{"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"Accept-Encoding":["gzip"],"X-Forwarded-For":["49.196.36.201, 162.158.118.125"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"],"Cf-Request-Id":["0a3f21429700001d83410e3000000001"],"X-Forwarded-Proto":["https"],"Sec-Fetch-User":["?1"],"Cdn-Loop":["cloudflare"],"Authorization":["Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ=="],"Cf-Ray":["654537e4284e1d83-NRT"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"],"Sec-Fetch-Mode":["navigate"],"Cf-Ipcountry":["AU"],"Cf-Connecting-Ip":["49.196.36.201"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cookie":["pma_lang_https=en; phpMyAdmin_https=cpb9c2o1kbbs7s1skopdeh8u0i; tk_or=%22%22; tk_lr=%22%22"],"X-Forwarded-Host":["test.udance.com.au"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"test.udance.com.au"}},"headers":{"X-Ob_mode":["1"],"X-Webkit-Csp":["default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';"],"Date":["Mon, 24 May 2021 08:40:17 GMT"],"Cache-Control":["no-store, no-cache, must-revalidate,  pre-check=0, post-check=0, max-age=0"],"Referrer-Policy":["no-referrer"],"Server":["Caddy"],"Set-Cookie":["phpMyAdmin_https=5sh31f5b1gpecd8pbjg3fgj6ml; path=/phpmyadmin/; secure; HttpOnly"],"Vary":["Accept-Encoding"],"X-Robots-Tag":["noindex, nofollow"],"X-Xss-Protection":["1; mode=block"],"Content-Type":["text/html; charset=utf-8"],"Last-Modified":["Mon, 24 May 2021 08:40:17 +0000"],"X-Content-Security-Policy":["default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';"],"X-Frame-Options":["DENY"],"X-Powered-By":["PHP/7.4.16"],"X-Permitted-Cross-Domain-Policies":["none"],"Content-Encoding":["gzip"],"Content-Security-Policy":["default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';"],"Expires":["Mon, 24 May 2021 08:40:17 +0000"],"Pragma":["no-cache"],"X-Content-Type-Options":["nosniff"]},"status":200}
{"level":"debug","ts":"2021-05-24T16:40:18.823+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{backend}","request":{"remote_addr":"162.158.118.125:44186","proto":"HTTP/1.1","method":"GET","host":"test.lan:443","uri":"/phpmyadmin/js/messages.php?l=en&v=5.1.0","headers":{"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"],"Cf-Connecting-Ip":["49.196.36.201"],"Cf-Request-Id":["0a3f21476900001d833ba68000000001"],"Cf-Ipcountry":["AU"],"Authorization":["Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ=="],"X-Forwarded-Proto":["https"],"Sec-Fetch-Site":["same-origin"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"Cdn-Loop":["cloudflare"],"X-Forwarded-For":["49.196.36.201, 162.158.118.125"],"Cf-Ray":["654537ebdde41d83-NRT"],"Cookie":["pma_lang_https=en; phpMyAdmin_https=5sh31f5b1gpecd8pbjg3fgj6ml; tk_or=%22%22; tk_lr=%22%22"],"Sec-Fetch-Mode":["no-cors"],"Accept":["*/*"],"Accept-Encoding":["gzip"],"X-Forwarded-Host":["test.udance.com.au"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"test.udance.com.au"}},"headers":{"Date":["Mon, 24 May 2021 08:40:18 GMT"],"Content-Encoding":["gzip"],"Content-Type":["text/javascript; charset=UTF-8"],"Expires":["Mon, 24 May 2021 09:40:18 GMT"],"Server":["Caddy"],"Vary":["Accept-Encoding"],"X-Ob_mode":["1"],"X-Powered-By":["PHP/7.4.16"]},"status":200}

Backend

{"level":"debug","ts":"2021-05-24T16:40:17.402+0800","logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/phpmyadmin/","headers":{"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"Accept-Encoding":["gzip"],"X-Forwarded-For":["49.196.36.201, 162.158.118.125"],"Upgrade-Insecure-Requests":["1"],"Cf-Request-Id":["0a3f21429700001d83410e3000000001"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cookie":["pma_lang_https=en; phpMyAdmin_https=cpb9c2o1kbbs7s1skopdeh8u0i; tk_or=%22%22; tk_lr=%22%22"],"Cf-Ray":["654537e4284e1d83-NRT"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"],"X-Forwarded-Host":["test.udance.com.au"],"Cf-Ipcountry":["AU"],"Cf-Connecting-Ip":["49.196.36.201"],"Authorization":["Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ=="],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"],"Sec-Fetch-User":["?1"],"Cdn-Loop":["cloudflare"],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Site":["none"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"method":"GET","uri":"/phpmyadmin/index.php"}
{"level":"debug","ts":"2021-05-24T16:40:17.403+0800","logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/phpmyadmin/index.php","headers":{"Cf-Ray":["654537e4284e1d83-NRT"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"],"X-Forwarded-Host":["test.udance.com.au"],"Cf-Ipcountry":["AU"],"Cf-Connecting-Ip":["49.196.36.201"],"Authorization":["Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ=="],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"],"Sec-Fetch-User":["?1"],"Cdn-Loop":["cloudflare"],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Site":["none"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"Accept-Encoding":["gzip"],"X-Forwarded-For":["49.196.36.201, 162.158.118.125, 10.1.1.4"],"Upgrade-Insecure-Requests":["1"],"Cf-Request-Id":["0a3f21429700001d83410e3000000001"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cookie":["pma_lang_https=en; phpMyAdmin_https=cpb9c2o1kbbs7s1skopdeh8u0i; tk_or=%22%22; tk_lr=%22%22"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"dial":"127.0.0.1:9000","env":{"AUTH_TYPE":"","CONTENT_LENGTH":"","CONTENT_TYPE":"","DOCUMENT_ROOT":"/usr/local/www/wordpress","DOCUMENT_URI":"/phpmyadmin/index.php","GATEWAY_INTERFACE":"CGI/1.1","HTTPS":"on","HTTP_ACCEPT":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3","HTTP_ACCEPT_ENCODING":"gzip","HTTP_ACCEPT_LANGUAGE":"en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7","HTTP_AUTHORIZATION":"Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ==","HTTP_CDN_LOOP":"cloudflare","HTTP_CF_CONNECTING_IP":"49.196.36.201","HTTP_CF_IPCOUNTRY":"AU","HTTP_CF_RAY":"654537e4284e1d83-NRT","HTTP_CF_REQUEST_ID":"0a3f21429700001d83410e3000000001","HTTP_CF_VISITOR":"{\"scheme\":\"https\"}","HTTP_COOKIE":"pma_lang_https=en; phpMyAdmin_https=cpb9c2o1kbbs7s1skopdeh8u0i; tk_or=%22%22; tk_lr=%22%22","HTTP_HOST":"test.lan:443","HTTP_SEC_FETCH_MODE":"navigate","HTTP_SEC_FETCH_SITE":"none","HTTP_SEC_FETCH_USER":"?1","HTTP_UPGRADE_INSECURE_REQUESTS":"1","HTTP_USER_AGENT":"Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155","HTTP_X_FORWARDED_FOR":"49.196.36.201, 162.158.118.125, 10.1.1.4","HTTP_X_FORWARDED_HOST":"test.udance.com.au","HTTP_X_FORWARDED_PROTO":"https","PATH_INFO":"","QUERY_STRING":"","REMOTE_ADDR":"10.1.1.4","REMOTE_HOST":"10.1.1.4","REMOTE_IDENT":"","REMOTE_PORT":"46355","REMOTE_USER":"","REQUEST_METHOD":"GET","REQUEST_SCHEME":"https","REQUEST_URI":"/phpmyadmin/","SCRIPT_FILENAME":"/usr/local/www/wordpress/phpmyadmin/index.php","SCRIPT_NAME":"/phpmyadmin/index.php","SERVER_NAME":"test.lan","SERVER_PORT":"80","SERVER_PROTOCOL":"HTTP/2.0","SERVER_SOFTWARE":"Caddy/v2.4.1","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","SSL_PROTOCOL":"TLSv1.3"}}
{"level":"debug","ts":"2021-05-24T16:40:17.652+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/phpmyadmin/index.php","headers":{"X-Forwarded-Proto":["https"],"Sec-Fetch-Site":["none"],"Cookie":["pma_lang_https=en; phpMyAdmin_https=cpb9c2o1kbbs7s1skopdeh8u0i; tk_or=%22%22; tk_lr=%22%22"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"Accept-Encoding":["gzip"],"X-Forwarded-For":["49.196.36.201, 162.158.118.125, 10.1.1.4"],"Upgrade-Insecure-Requests":["1"],"Cf-Request-Id":["0a3f21429700001d83410e3000000001"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Sec-Fetch-User":["?1"],"Cf-Ray":["654537e4284e1d83-NRT"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3"],"X-Forwarded-Host":["test.udance.com.au"],"Cf-Ipcountry":["AU"],"Cf-Connecting-Ip":["49.196.36.201"],"Authorization":["Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ=="],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"],"Cdn-Loop":["cloudflare"],"Sec-Fetch-Mode":["navigate"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"headers":{"X-Powered-By":["PHP/7.4.16"],"Content-Security-Policy":["default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';"],"Last-Modified":["Mon, 24 May 2021 08:40:17 +0000"],"Pragma":["no-cache"],"Set-Cookie":["phpMyAdmin_https=5sh31f5b1gpecd8pbjg3fgj6ml; path=/phpmyadmin/; secure; HttpOnly"],"X-Frame-Options":["DENY"],"Referrer-Policy":["no-referrer"],"X-Webkit-Csp":["default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';"],"X-Content-Type-Options":["nosniff"],"X-Permitted-Cross-Domain-Policies":["none"],"Expires":["Mon, 24 May 2021 08:40:17 +0000"],"X-Ob_mode":["1"],"X-Content-Security-Policy":["default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';"],"X-Robots-Tag":["noindex, nofollow"],"Cache-Control":["no-store, no-cache, must-revalidate,  pre-check=0, post-check=0, max-age=0"],"Content-Encoding":["gzip"],"Vary":["Accept-Encoding"],"X-Xss-Protection":["1; mode=block"],"Content-Type":["text/html; charset=utf-8"]},"status":200}
{"level":"debug","ts":"2021-05-24T16:40:18.629+0800","logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/phpmyadmin/js/messages.php?l=en&v=5.1.0","headers":{"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"],"Cf-Connecting-Ip":["49.196.36.201"],"Authorization":["Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ=="],"Cf-Ray":["654537ebdde41d83-NRT"],"Sec-Fetch-Mode":["no-cors"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cdn-Loop":["cloudflare"],"X-Forwarded-Proto":["https"],"Cookie":["pma_lang_https=en; phpMyAdmin_https=5sh31f5b1gpecd8pbjg3fgj6ml; tk_or=%22%22; tk_lr=%22%22"],"Accept":["*/*"],"Sec-Fetch-Site":["same-origin"],"Cf-Request-Id":["0a3f21476900001d833ba68000000001"],"X-Forwarded-For":["49.196.36.201, 162.158.118.125, 10.1.1.4"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"X-Forwarded-Host":["test.udance.com.au"],"Cf-Ipcountry":["AU"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"dial":"127.0.0.1:9000","env":{"AUTH_TYPE":"","CONTENT_LENGTH":"","CONTENT_TYPE":"","DOCUMENT_ROOT":"/usr/local/www/wordpress","DOCUMENT_URI":"/phpmyadmin/js/messages.php","GATEWAY_INTERFACE":"CGI/1.1","HTTPS":"on","HTTP_ACCEPT":"*/*","HTTP_ACCEPT_ENCODING":"gzip","HTTP_ACCEPT_LANGUAGE":"en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7","HTTP_AUTHORIZATION":"Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ==","HTTP_CDN_LOOP":"cloudflare","HTTP_CF_CONNECTING_IP":"49.196.36.201","HTTP_CF_IPCOUNTRY":"AU","HTTP_CF_RAY":"654537ebdde41d83-NRT","HTTP_CF_REQUEST_ID":"0a3f21476900001d833ba68000000001","HTTP_CF_VISITOR":"{\"scheme\":\"https\"}","HTTP_COOKIE":"pma_lang_https=en; phpMyAdmin_https=5sh31f5b1gpecd8pbjg3fgj6ml; tk_or=%22%22; tk_lr=%22%22","HTTP_HOST":"test.lan:443","HTTP_SEC_FETCH_MODE":"no-cors","HTTP_SEC_FETCH_SITE":"same-origin","HTTP_USER_AGENT":"Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155","HTTP_X_FORWARDED_FOR":"49.196.36.201, 162.158.118.125, 10.1.1.4","HTTP_X_FORWARDED_HOST":"test.udance.com.au","HTTP_X_FORWARDED_PROTO":"https","PATH_INFO":"","QUERY_STRING":"l=en&v=5.1.0","REMOTE_ADDR":"10.1.1.4","REMOTE_HOST":"10.1.1.4","REMOTE_IDENT":"","REMOTE_PORT":"46355","REMOTE_USER":"","REQUEST_METHOD":"GET","REQUEST_SCHEME":"https","REQUEST_URI":"/phpmyadmin/js/messages.php?l=en&v=5.1.0","SCRIPT_FILENAME":"/usr/local/www/wordpress/phpmyadmin/js/messages.php","SCRIPT_NAME":"/phpmyadmin/js/messages.php","SERVER_NAME":"test.lan","SERVER_PORT":"80","SERVER_PROTOCOL":"HTTP/2.0","SERVER_SOFTWARE":"Caddy/v2.4.1","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","SSL_PROTOCOL":"TLSv1.3"}}
{"level":"debug","ts":"2021-05-24T16:40:18.823+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/phpmyadmin/js/messages.php?l=en&v=5.1.0","headers":{"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"X-Forwarded-Host":["test.udance.com.au"],"Cf-Ipcountry":["AU"],"Cdn-Loop":["cloudflare"],"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.116 Mobile Safari/537.36 EdgA/46.03.4.5155"],"Cf-Connecting-Ip":["49.196.36.201"],"Authorization":["Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ=="],"Cf-Ray":["654537ebdde41d83-NRT"],"Sec-Fetch-Mode":["no-cors"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"X-Forwarded-Proto":["https"],"Cf-Request-Id":["0a3f21476900001d833ba68000000001"],"Cookie":["pma_lang_https=en; phpMyAdmin_https=5sh31f5b1gpecd8pbjg3fgj6ml; tk_or=%22%22; tk_lr=%22%22"],"Accept":["*/*"],"Sec-Fetch-Site":["same-origin"],"X-Forwarded-For":["49.196.36.201, 162.158.118.125, 10.1.1.4"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"headers":{"Expires":["Mon, 24 May 2021 09:40:18 GMT"],"X-Ob_mode":["1"],"Content-Encoding":["gzip"],"Vary":["Accept-Encoding"],"X-Powered-By":["PHP/7.4.16"],"Content-Type":["text/javascript; charset=UTF-8"]},"status":200}
{"level":"debug","ts":"2021-05-24T16:40:30.783+0800","logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"HEAD","host":"test.lan:443","uri":"/","headers":{"X-Forwarded-Host":["test.udance.com.au"],"Cdn-Loop":["cloudflare"],"Cf-Request-Id":["0a3f2174c70000c7ea6b1c2000000001"],"Cf-Ipcountry":["US"],"X-Forwarded-For":["192.0.91.177, 172.69.71.67"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Ray":["654538347aefc7ea-DFW"],"Cf-Connecting-Ip":["192.0.91.177"],"X-Forwarded-Proto":["https"],"User-Agent":["jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"],"Accept-Encoding":["gzip"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"method":"HEAD","uri":"/index.php"}
{"level":"debug","ts":"2021-05-24T16:40:30.784+0800","logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"HEAD","host":"test.lan:443","uri":"/index.php","headers":{"Cf-Connecting-Ip":["192.0.91.177"],"X-Forwarded-Proto":["https"],"User-Agent":["jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"],"Accept-Encoding":["gzip"],"X-Forwarded-Host":["test.udance.com.au"],"Cdn-Loop":["cloudflare"],"Cf-Request-Id":["0a3f2174c70000c7ea6b1c2000000001"],"Cf-Ipcountry":["US"],"X-Forwarded-For":["192.0.91.177, 172.69.71.67, 10.1.1.4"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Ray":["654538347aefc7ea-DFW"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"dial":"127.0.0.1:9000","env":{"AUTH_TYPE":"","CONTENT_LENGTH":"","CONTENT_TYPE":"","DOCUMENT_ROOT":"/usr/local/www/wordpress","DOCUMENT_URI":"/index.php","GATEWAY_INTERFACE":"CGI/1.1","HTTPS":"on","HTTP_ACCEPT_ENCODING":"gzip","HTTP_CDN_LOOP":"cloudflare","HTTP_CF_CONNECTING_IP":"192.0.91.177","HTTP_CF_IPCOUNTRY":"US","HTTP_CF_RAY":"654538347aefc7ea-DFW","HTTP_CF_REQUEST_ID":"0a3f2174c70000c7ea6b1c2000000001","HTTP_CF_VISITOR":"{\"scheme\":\"https\"}","HTTP_HOST":"test.lan:443","HTTP_USER_AGENT":"jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)","HTTP_X_FORWARDED_FOR":"192.0.91.177, 172.69.71.67, 10.1.1.4","HTTP_X_FORWARDED_HOST":"test.udance.com.au","HTTP_X_FORWARDED_PROTO":"https","PATH_INFO":"","QUERY_STRING":"","REMOTE_ADDR":"10.1.1.4","REMOTE_HOST":"10.1.1.4","REMOTE_IDENT":"","REMOTE_PORT":"46355","REMOTE_USER":"","REQUEST_METHOD":"HEAD","REQUEST_SCHEME":"https","REQUEST_URI":"/","SCRIPT_FILENAME":"/usr/local/www/wordpress/index.php","SCRIPT_NAME":"/index.php","SERVER_NAME":"test.lan","SERVER_PORT":"80","SERVER_PROTOCOL":"HTTP/2.0","SERVER_SOFTWARE":"Caddy/v2.4.1","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","SSL_PROTOCOL":"TLSv1.3"}}
{"level":"debug","ts":"2021-05-24T16:40:32.903+0800","logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621845632.7852690219879150390625","headers":{"Accept-Encoding":["deflate, gzip"],"X-Forwarded-Proto":["https"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"Accept":["*/*"],"Content-Length":["0"],"Content-Type":["application/x-www-form-urlencoded"],"X-Forwarded-For":["10.1.1.50, 10.1.1.4"],"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621845632.7852690219879150390625"],"X-Forwarded-Host":["test.udance.com.au"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"dial":"127.0.0.1:9000","env":{"AUTH_TYPE":"","CONTENT_LENGTH":"0","CONTENT_TYPE":"application/x-www-form-urlencoded","DOCUMENT_ROOT":"/usr/local/www/wordpress","DOCUMENT_URI":"/wp-cron.php","GATEWAY_INTERFACE":"CGI/1.1","HTTPS":"on","HTTP_ACCEPT":"*/*","HTTP_ACCEPT_ENCODING":"deflate, gzip","HTTP_CONTENT_LENGTH":"0","HTTP_CONTENT_TYPE":"application/x-www-form-urlencoded","HTTP_HOST":"test.lan:443","HTTP_REFERER":"https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621845632.7852690219879150390625","HTTP_USER_AGENT":"WordPress/5.7.2; https://test.udance.com.au","HTTP_X_FORWARDED_FOR":"10.1.1.50, 10.1.1.4","HTTP_X_FORWARDED_HOST":"test.udance.com.au","HTTP_X_FORWARDED_PROTO":"https","PATH_INFO":"","QUERY_STRING":"doing_wp_cron=1621845632.7852690219879150390625","REMOTE_ADDR":"10.1.1.4","REMOTE_HOST":"10.1.1.4","REMOTE_IDENT":"","REMOTE_PORT":"46355","REMOTE_USER":"","REQUEST_METHOD":"POST","REQUEST_SCHEME":"https","REQUEST_URI":"/wp-cron.php?doing_wp_cron=1621845632.7852690219879150390625","SCRIPT_FILENAME":"/usr/local/www/wordpress/wp-cron.php","SCRIPT_NAME":"/wp-cron.php","SERVER_NAME":"test.lan","SERVER_PORT":"80","SERVER_PROTOCOL":"HTTP/2.0","SERVER_SOFTWARE":"Caddy/v2.4.1","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","SSL_PROTOCOL":"TLSv1.3"}}
{"level":"debug","ts":"2021-05-24T16:40:33.025+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","request":{"remote_addr":"10.1.1.4:46355","proto":"HTTP/2.0","method":"POST","host":"test.lan:443","uri":"/wp-cron.php?doing_wp_cron=1621845632.7852690219879150390625","headers":{"Content-Type":["application/x-www-form-urlencoded"],"X-Forwarded-For":["10.1.1.50, 10.1.1.4"],"Referer":["https://test.udance.com.au/wp-cron.php?doing_wp_cron=1621845632.7852690219879150390625"],"X-Forwarded-Host":["test.udance.com.au"],"Accept-Encoding":["deflate, gzip"],"X-Forwarded-Proto":["https"],"User-Agent":["WordPress/5.7.2; https://test.udance.com.au"],"Accept":["*/*"],"Content-Length":["0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"headers":{"X-Powered-By":["PHP/7.4.16"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"],"Cache-Control":["no-cache, must-revalidate, max-age=0"],"Content-Type":["text/html; charset=UTF-8"]},"status":200}

INTERNAL

Frontend

{"level":"debug","ts":"2021-05-24T17:00:29.085+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{backend}","request":{"remote_addr":"10.1.1.222:50316","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/phpmyadmin/","headers":{"X-Forwarded-Proto":["https"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-For":["10.1.1.222"],"Sec-Fetch-User":["?1"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\""],"Sec-Fetch-Dest":["document"],"X-Forwarded-Host":["test.udance.com.au"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Accept-Language":["en-US,en;q=0.9"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Authorization":["Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ=="],"Cookie":["pma_lang_https=en; phpMyAdmin_https=8epmdea0qnpdtqt4tit0p72bao"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"test.udance.com.au"}},"headers":{"X-Webkit-Csp":["default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';"],"Content-Encoding":["gzip"],"Last-Modified":["Mon, 24 May 2021 09:00:29 +0000"],"Referrer-Policy":["no-referrer"],"Set-Cookie":["phpMyAdmin_https=rb045gnspcdqp6tmv6hvjc6jil; path=/phpmyadmin/; secure; HttpOnly"],"Vary":["Accept-Encoding"],"X-Content-Security-Policy":["default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';"],"X-Frame-Options":["DENY"],"Cache-Control":["no-store, no-cache, must-revalidate,  pre-check=0, post-check=0, max-age=0"],"Content-Security-Policy":["default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';"],"Content-Type":["text/html; charset=utf-8"],"X-Permitted-Cross-Domain-Policies":["none"],"X-Powered-By":["PHP/7.4.16"],"X-Robots-Tag":["noindex, nofollow"],"Pragma":["no-cache"],"X-Content-Type-Options":["nosniff"],"Date":["Mon, 24 May 2021 09:00:29 GMT"],"Expires":["Mon, 24 May 2021 09:00:29 +0000"],"Server":["Caddy"],"X-Ob_mode":["1"],"X-Xss-Protection":["1; mode=block"]},"status":200}

Backend

{"level":"debug","ts":"2021-05-24T17:00:28.830+0800","logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_addr":"10.1.1.4:25917","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/phpmyadmin/","headers":{"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\""],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66"],"X-Forwarded-Proto":["https"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-Host":["test.udance.com.au"],"Sec-Ch-Ua-Mobile":["?0"],"X-Forwarded-For":["10.1.1.222"],"Authorization":["Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ=="],"Cookie":["pma_lang_https=en; phpMyAdmin_https=8epmdea0qnpdtqt4tit0p72bao"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"method":"GET","uri":"/phpmyadmin/index.php"}
{"level":"debug","ts":"2021-05-24T17:00:28.830+0800","logger":"http.reverse_proxy.transport.fastcgi","msg":"roundtrip","request":{"remote_addr":"10.1.1.4:25917","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/phpmyadmin/index.php","headers":{"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-Host":["test.udance.com.au"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-User":["?1"],"Authorization":["Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ=="],"Cookie":["pma_lang_https=en; phpMyAdmin_https=8epmdea0qnpdtqt4tit0p72bao"],"X-Forwarded-For":["10.1.1.222, 10.1.1.4"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\""],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66"],"Accept-Encoding":["gzip, deflate, br"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"dial":"127.0.0.1:9000","env":{"AUTH_TYPE":"","CONTENT_LENGTH":"","CONTENT_TYPE":"","DOCUMENT_ROOT":"/usr/local/www/wordpress","DOCUMENT_URI":"/phpmyadmin/index.php","GATEWAY_INTERFACE":"CGI/1.1","HTTPS":"on","HTTP_ACCEPT":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","HTTP_ACCEPT_ENCODING":"gzip, deflate, br","HTTP_ACCEPT_LANGUAGE":"en-US,en;q=0.9","HTTP_AUTHORIZATION":"Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ==","HTTP_COOKIE":"pma_lang_https=en; phpMyAdmin_https=8epmdea0qnpdtqt4tit0p72bao","HTTP_HOST":"test.lan:443","HTTP_SEC_CH_UA":"\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\"","HTTP_SEC_CH_UA_MOBILE":"?0","HTTP_SEC_FETCH_DEST":"document","HTTP_SEC_FETCH_MODE":"navigate","HTTP_SEC_FETCH_SITE":"none","HTTP_SEC_FETCH_USER":"?1","HTTP_UPGRADE_INSECURE_REQUESTS":"1","HTTP_USER_AGENT":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66","HTTP_X_FORWARDED_FOR":"10.1.1.222, 10.1.1.4","HTTP_X_FORWARDED_HOST":"test.udance.com.au","HTTP_X_FORWARDED_PROTO":"https","PATH_INFO":"","QUERY_STRING":"","REMOTE_ADDR":"10.1.1.4","REMOTE_HOST":"10.1.1.4","REMOTE_IDENT":"","REMOTE_PORT":"25917","REMOTE_USER":"","REQUEST_METHOD":"GET","REQUEST_SCHEME":"https","REQUEST_URI":"/phpmyadmin/","SCRIPT_FILENAME":"/usr/local/www/wordpress/phpmyadmin/index.php","SCRIPT_NAME":"/phpmyadmin/index.php","SERVER_NAME":"test.lan","SERVER_PORT":"80","SERVER_PROTOCOL":"HTTP/2.0","SERVER_SOFTWARE":"Caddy/v2.4.1","SSL_CIPHER":"TLS_CHACHA20_POLY1305_SHA256","SSL_PROTOCOL":"TLSv1.3"}}
{"level":"debug","ts":"2021-05-24T17:00:29.085+0800","logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:9000","request":{"remote_addr":"10.1.1.4:25917","proto":"HTTP/2.0","method":"GET","host":"test.lan:443","uri":"/phpmyadmin/index.php","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-Host":["test.udance.com.au"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-User":["?1"],"Authorization":["Basic YWRtaW46OComQXZLTFJ0SCUyITJGaUFlZQ=="],"Cookie":["pma_lang_https=en; phpMyAdmin_https=8epmdea0qnpdtqt4tit0p72bao"],"X-Forwarded-For":["10.1.1.222, 10.1.1.4"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Microsoft Edge\";v=\"90\""],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 Edg/90.0.818.66"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"h2","proto_mutual":true,"server_name":"test.lan"}},"headers":{"X-Xss-Protection":["1; mode=block"],"Pragma":["no-cache"],"Content-Type":["text/html; charset=utf-8"],"X-Powered-By":["PHP/7.4.16"],"X-Content-Security-Policy":["default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';"],"Expires":["Mon, 24 May 2021 09:00:29 +0000"],"Last-Modified":["Mon, 24 May 2021 09:00:29 +0000"],"Content-Security-Policy":["default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';"],"X-Permitted-Cross-Domain-Policies":["none"],"X-Content-Type-Options":["nosniff"],"Vary":["Accept-Encoding"],"X-Ob_mode":["1"],"X-Frame-Options":["DENY"],"X-Webkit-Csp":["default-src 'self' ;script-src 'self'  'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none';"],"X-Robots-Tag":["noindex, nofollow"],"Cache-Control":["no-store, no-cache, must-revalidate,  pre-check=0, post-check=0, max-age=0"],"Content-Encoding":["gzip"],"Set-Cookie":["phpMyAdmin_https=rb045gnspcdqp6tmv6hvjc6jil; path=/phpmyadmin/; secure; HttpOnly"],"Referrer-Policy":["no-referrer"]},"status":200}

basil · May 29, 2021, 6:32am

So, I have some good news and some bad news. The good news is that Caddy mTLS works perfectly on FreeBSD. The bad news is that I haven’t been able to successfully roll it into the WordPress backend I have set up. I’ll summarise the good news in this post first and discuss the bad news in the next post.

Assumptions

The first assumption is that I have set up two FreeBSD jails; a frontend reverse proxy server in one jail and a web server in the second jail. Caddy is installed in both jails using the package manager pkg install caddy. At the time of preparing this post, I’m working with these versions:

# freebsd-version
12.2-RELEASE
# pkg info caddy
caddy-2.3.0_1

If using the DNS challenge, the frontend Caddy binary will need to be replaced using xcaddy to build a version of Caddy with a supported DNS provider module.

The second assumption this thread makes is that Caddy is serving subdomains of domain.com using a wildcard certificate. The map handler is used in the Caddyfile to facilitate managing the subdomains.

Local DNS resolver

The example below assumes acme.lan resolves to the frontend jail IP and test.lan resolves to backend jail IP.

Frontend jail considerations

Key frontend Caddyfile constructs required for mTLS:

...
# Internal CA
acme.lan {
  acme_server
  tls internal
}
...
*.domain.com {
  ...
  map {labels.2} {backend} {mtls} {

#   HOSTNAME     BACKEND         mTLS  #COMMENT
#---------------------------------------------------------------
  ...
    test         test.lan:443    yes   # test.domain.com
  ...
  route {
    ...
# Secure backend communication
    @mtls expression `{mtls} == "yes"`
    reverse_proxy @mtls {backend} {
      header_up Host {http.reverse_proxy.upstream.hostport}
      header_up X-Forwarded-Host {host}
      transport http {
        tls
      }
    }
# Unsecured backend communication
    @nomtls expression `{mtls} == "no"`
    reverse_proxy @nomtls {backend}
    ...
  }
}

Next, and this is the secret ingredient to make mTLS work for FreeBSD, the root certificate for the internal CA has to be added to the system trust.

cat /var/db/caddy/data/caddy/pki/authorities/local/root.crt >> /usr/local/share/certs/ca-root-nss.crt

Limitations

The arrangement breaks if the ca_root_css package is upgraded in the frontend jail. When this happens, the local CA root certificate will have to be added to the system trust again.

Backend jail considerations

Key backend Caddyfile constructs required for mTLS:

{
  ...
  acme_ca https://acme.lan/acme/local/directory
  acme_ca_root /etc/ssl/certs/root.crt
}

test.lan {
  ...
}

Remember to add the local CA root certificate from the frontend to /etc/ssl/certs/ in the backend,

Next, for test.lan, I set up a static file server:

test.lan {
  root * /usr/local/www/caddy
  file server browse
}

I can reliably and consistently access the file server through test.domain.com. The Caddy reverse proxy provides automatic HTTPS, and mTLS ensures that the path between the frontend and backend Caddy servers is encrypted.

basil · May 29, 2021, 1:51pm

Now the bad news…

WordPress is a bit temperamental when it is hosted behind a reverse proxy that provides TLS, but local traffic behind the reverse proxy is unencrypted. so WordPress itself is hosted without TLS. In this situation, the following code has to be added to the WordPress configuration file wp-config.php to prevent an infinite redirect loop.

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

Reference: WordPress: Using a Reverse Proxy

When a reverse proxy is not involved, though I haven’t tried it myself, the WordPress documentation suggests that setting up WordPress with HTTPS is straightforward.

Reference: WordPress: HTTPS for WordPress.

What I have now is not covered by either of the above scenarios i.e. WordPress behind a reverse proxy, but with the backend retrospectively being encrypted using mTLS. More recent posts in this thread suggest that WordPress is responding to mTLS, but is now one step removed from the frontend and can’t seem to find its way back there.

I’ve dropped this in the lap of WordPress support to see if they have any ideas. You can follow the thread here mTLS and WordPress.

system · June 3, 2021, 6:25am

This topic was automatically closed after 30 days. New replies are no longer allowed.