Path redirects to IP address

1. Caddy version (caddy version):

v2.2.0-rc.1

2. How I run Caddy:

a. System environment:

OS:

Distributor ID: Ubuntu
Description:    Ubuntu 18.04.5 LTS
Release:        18.04
Codename:       bionic

Running through Docker & Docker-Compose

b. Command:

(If the container is down)

docker-compose up -d

(If I just need to reload the config)

docker exec -w /etc/caddy caddy caddy reload

c. Service/unit/compose file:

version: "3.7"
services:

  caddy:
    build: ./dns-dockerfile
    container_name: caddy
    hostname: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    environment:
      - MY_DOMAIN
      - CLOUDFLARE_API_TOKEN
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile:ro
      - ./data:/data
      - ./config:/config

networks:
  default:
    external:
      name: $DOCKER_MY_NETWORK

d. My complete Caddyfile or JSON config:

(cloudflare) {
    # tls {env.CLOUDFLARE_EMAIL}
    tls {
        dns cloudflare {env.CLOUDFLARE_API_TOKEN}
    }
}
(LAN_only) {
    @fuck_off_world {
        not remote_ip 24.227.248.138/24
    }
    respond @fuck_off_world 403
}
#@print_matcher {
#    path_regexp ^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$
#}
{$MY_DOMAIN} {
    import cloudflare
    log {
        output file ~/caddylog {
            roll_size 20mb
            roll_keep 5
        }
    }
    reverse_proxy 192.168.1.3:80
}

a.{$MY_DOMAIN} {
    import cloudflare
    reverse_proxy whoami:80
}
b.{$MY_DOMAIN} {
    import cloudflare
    reverse_proxy nginx:80
}
vault.{$MY_DOMAIN} {
    import cloudflare
    encode gzip

    header {
        # Enable cross-site filter (XSS) and tell browser to block detected attacks
        X-XSS-Protection "1; mode=block"
        # Disallow the site to be rendered within a frame (clickjacking protection)
        X-Frame-Options "DENY"
        # Prevent search engines from indexing (optional)
        X-Robots-Tag "none"
        # Server name removing
        -Server
    }

    # Notifications redirected to the websockets server
    reverse_proxy /notifications/hub bitwarden:3012

    # Proxy the Root directory to Rocket
    reverse_proxy bitwarden:80
}

wiki.{$MY_DOMAIN} {
    import cloudflare
    log {
        output file /data/logs/bookstack_access.log {
            roll_size 20mb
            roll_keep 5
        }
    }
    #reverse_proxy bookstack:80
    reverse_proxy bookstack:443 {
        transport http {
            tls
            tls_insecure_skip_verify
        }
    }
}
print.{$MY_DOMAIN} {
    import cloudflare
  
    route {path} {
        #uri strip_prefix {path}
        reverse_proxy {path} {
            to {query}/:80
            #insecure_skip_verify
            header_up Host {http.reverse_proxy.upstream.hostport}
            # header_up +X-Frame-Options SAMESITE
            header_down -X-Frame-Options
            header_down -Host
            #header_down +X-Frame-Options ALLOW-FROM {MY_DOMAIN}
        }
        #uri strip_prefix {query}
    }

}

3. The problem I’m having:

Some background:

I’m trying to set up a “Printer Page” for the administrative staff at the company I work at. The concept is that they can add the printer and it’s IP address to a database, and then view all of the different printer pages from a table of links.

Image for reference:

Anyways, I wanted to have the printer pages all on a single subdomain and have caddy redirect the request to the proper page. Now, my current code does work, but it seems to be acting as a redirect instead of a reverse proxy, so the printer settings page will not show up within an iframe.

4. Error messages and/or full log output:

Here’s the error I get from caddy whenever I attempt to load any of the printers within the iframe:

{
   "level":"debug",
   "ts":1599843213.0695734,
   "logger":"http.handlers.reverse_proxy",
   "msg":"upstream roundtrip",
   "upstream":"{http.request.uri.query}/:80",
   "request":{
      "method":"GET",
      "uri":"/192.168.1.16/",
      "proto":"HTTP/1.1",
      "remote_addr":"162.158.187.70:20172",
      "host":":80",
      "headers":{
         "X-Forwarded-For":[
            "24.227.248.138, 162.158.187.70"
         ],
         "Cache-Control":[
            "no-cache"
         ],
         "Sec-Fetch-User":[
            "?1"
         ],
         "Cf-Ray":[
            "5d12e5855b3107d6-ATL"
         ],
         "Accept":[
            "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
         ],
         "Cdn-Loop":[
            "cloudflare"
         ],
         "X-Forwarded-Proto":[
            "https"
         ],
         "Upgrade-Insecure-Requests":[
            "1"
         ],
         "Pragma":[
            "no-cache"
         ],
         "Accept-Language":[
            "en-US,en;q=0.9"
         ],
         "Sec-Fetch-Site":[
            "same-site"
         ],
         "Cf-Ipcountry":[
            "US"
         ],
         "Sec-Fetch-Mode":[
            "navigate"
         ],
         "User-Agent":[
            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36"
         ],
         "Cf-Connecting-Ip":[
            "24.227.248.138"
         ],
         "Referer":[
            "https://vprsrv.org/printers.php"
         ],
         "Cf-Request-Id":[
            "051fadc75b000007d6e73a3200000001"
         ],
         "Cookie":[
            "__cfduid=d8703413d8c110a3d1e7a08b7b6194e0a1599759255"
         ],
         "Cf-Visitor":[
            "{\"scheme\":\"https\"}"
         ],
         "Sec-Fetch-Dest":[
            "iframe"
         ],
         "Accept-Encoding":[
            "gzip"
         ]
      },
      "tls":{
         "resumed":false,
         "version":772,
         "ciphersuite":4867,
         "proto":"",
         "proto_mutual":true,
         "server_name":"print.vprsrv.org"
      }
   },
   "headers":{
      "Date":[
         "Fri, 11 Sep 2020 16:53:33 GMT"
      ],
      "Content-Length":[
         "0"
      ],
      "Location":[
         "https:///192.168.1.16/"
      ],
      "Server":[
         "Caddy"
      ]
   },
   "duration":0.00080883,
   "status":308
}{
   "level":"info",
   "ts":1599843213.069884,
   "logger":"http.log.access",
   "msg":"handled request",
   "request":{
      "method":"GET",
      "uri":"/192.168.1.16/",
      "proto":"HTTP/1.1",
      "remote_addr":"162.158.187.70:20172",
      "host":"print.vprsrv.org",
      "headers":{
         "Sec-Fetch-User":[
            "?1"
         ],
         "Referer":[
            "https://vprsrv.org/printers.php"
         ],
         "Cf-Request-Id":[
            "051fadc75b000007d6e73a3200000001"
         ],
         "Cdn-Loop":[
            "cloudflare"
         ],
         "Cf-Ipcountry":[
            "US"
         ],
         "X-Forwarded-For":[
            "24.227.248.138"
         ],
         "Cache-Control":[
            "no-cache"
         ],
         "Sec-Fetch-Site":[
            "same-site"
         ],
         "X-Forwarded-Proto":[
            "https"
         ],
         "Upgrade-Insecure-Requests":[
            "1"
         ],
         "Sec-Fetch-Mode":[
            "navigate"
         ],
         "Cookie":[
            "__cfduid=d8703413d8c110a3d1e7a08b7b6194e0a1599759255"
         ],
         "Cf-Connecting-Ip":[
            "24.227.248.138"
         ],
         "Cf-Visitor":[
            "{\"scheme\":\"https\"}"
         ],
         "Pragma":[
            "no-cache"
         ],
         "User-Agent":[
            "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36"
         ],
         "Sec-Fetch-Dest":[
            "iframe"
         ],
         "Accept":[
            "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
         ],
         "Accept-Language":[
            "en-US,en;q=0.9"
         ],
         "Connection":[
            "Keep-Alive"
         ],
         "Accept-Encoding":[
            "gzip"
         ],
         "Cf-Ray":[
            "5d12e5855b3107d6-ATL"
         ]
      },
      "tls":{
         "resumed":false,
         "version":772,
         "ciphersuite":4867,
         "proto":"",
         "proto_mutual":true,
         "server_name":"print.vprsrv.org"
      }
   },
   "common_log":"162.158.187.70 - - [11/Sep/2020:16:53:33 +0000] \"GET /192.168.1.16/ HTTP/1.1\" 308 0",
   "duration":0.001026267,
   "size":0,
   "status":308,
   "resp_headers":{
      "Server":[
         "Caddy",
         "Caddy"
      ],
      "Date":[
         "Fri, 11 Sep 2020 16:53:33 GMT"
      ],
      "Content-Length":[
         "0"
      ],
      "Location":[
         "https:///192.168.1.16/"
      ]
   }
}

5. What I already tried:

As I mentioned before, my current code works (if you go to the url in a new tab at least), but it redirects to the printer’s IP address. I’m pretty sure this is due to this: header_up Host {http.reverse_proxy.upstream.hostport}, but removing that doesn’t allow me to access the printers at all.

I also have gotten this to work, but only when I reverse proxy all paths to a specific subdomain (i.e.

print.{$MY_DOMAIN} {
    reverse_proxy 192.168.1.100:80
}

). As much as I would like for that to be the solution, it requires someone to change the Caddyfile anytime a new printer is added (or whose IP changes), which isn’t realistic for the administrative staff.

Other things I’ve tried…

Using the transport directive:

reverse_proxy {path}:443 {
        transport http {
            tls
            tls_insecure_skip_verify
        }
}

I’ve also tried using regex:

@static {
     path_regexp static (.[0-9]{1})+
 }
 reverse_proxy @static {
            to {http.regexp.static.1}/:80
             header_down -X-Frame-Options
    
    }

And finally what I started with:

print.{$MY_DOMAIN} {
    reverse_proxy {path}:80
}

Help is much appreciated!

6. Links to relevant resources: