PHP Error on Caddy V2

Help
1

1. My Caddy version (caddy version):

v2.0.0-beta.15 h1:Td1esMk7bebftnoBuT3gOqUGxew5HqdIKw3s36S8tNw=

2. How I run Caddy:

a. System environment:

Debian 10, using systemd as a service

b. Command:

/usr/bin/caddy2 run --config /etc/caddy/CaddyfileV2 --adapter caddyfile --resume --environ

c. Service/unit/compose file:

[Unit]
Description=Caddy Web Server V2
Documentation=https://caddyserver.com/docs/
After=network.target

[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy2 run --config /etc/caddy/CaddyfileV2 --adapter caddyfile --resume --environ
ExecReload=/usr/bin/caddy2 reload --config /etc/caddy/CaddyfileV2 --adapter caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

(tls) {
	encode gzip
	tls /etc/ssl/caddy/craigary.net.crt.pem /etc/ssl/caddy/craigary.net.key
}

#which works fine
https://craigary.net {
	root * /var/www/craigary.net
	import tls
	file_server
}

#something weird happened.
https://note.craigary.net {
	root * /var/www/note.craigary.net
	import tls
	php_fastcgi 127.0.0.1:9000
	@r {
		path_regexp ^/([a-zA-Z0-9_-]+)$
	}
	rewrite @r /index.php?note={r}
}

3. The problem I’m having:

Web server (like the first site) works, but PHP one doesn’t work, got 502 error when I visit.

4. Error messages and/or full log output:

Error log from systemd:

● caddy2.service - Caddy Web Server V2
   Loaded: loaded (/etc/systemd/system/caddy2.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-02-28 09:24:54 CET; 16min ago
     Docs: https://caddyserver.com/docs/
  Process: 3913 ExecReload=/usr/bin/caddy2 reload --config /etc/caddy/CaddyfileV2 --adapter caddyfile (code=exited, status=0/SUCCESS)
 Main PID: 3792 (caddy2)
    Tasks: 7 (limit: 2359)
   Memory: 11.7M
   CGroup: /system.slice/caddy2.service
           └─3792 /usr/bin/caddy2 run --config /etc/caddy/CaddyfileV2 --adapter caddyfile --resume --environ

Feb 28 09:37:02 craigary caddy2[3792]: 2020/02/28 09:37:02 [INFO][cache:0xc000577720] Started certificate maintenance routine
Feb 28 09:37:02 craigary caddy2[3792]: 2020/02/28 08:37:02.828        INFO        autosaved config        {"file": "/var/lib/caddy/.config/caddy/autosave.json"}
Feb 28 09:37:02 craigary caddy2[3792]: 2020/02/28 08:37:02.828        INFO        admin.api        load complete
Feb 28 09:37:02 craigary systemd[1]: Reloaded Caddy Web Server V2.
Feb 28 09:37:03 craigary caddy2[3792]: 2020/02/28 08:37:03.327        INFO        admin        stopped previous server
Feb 28 09:37:12 craigary caddy2[3792]: 2020/02/28 08:37:12.771        ERROR        http.log.error        dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused        {"request": {"method": "GET", "uri": "/", "proto": "HTTP/1.1", "remote_addr": "172.68.209.194:29878", "host": "note.craigary.net", "headers": {"User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.34 Safari/537.36"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Sec-Fetch-Mode": ["navigate"], "Upgrade-Insecure-Requests": ["1"], "X-Forwarded-For": ["154.17.4.183"], "X-Forwarded-Proto": ["https"], "Cdn-Loop": ["cloudflare"], "Cookie": ["__cfduid=d089d24c80124e600ff9f7bf7103886f41582287386"], "Sec-Fetch-Site": ["none"], "Sec-Fetch-User": ["?1"], "Connection": ["close"], "Sec-Fetch-Dest": ["document"], "Accept-Encoding": ["gzip"], "Accept-Language": ["en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7"], "Cf-Ipcountry": ["US"], "Cf-Origin-Https": ["on"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Purpose": ["prefetch"], "Cf-Connecting-Ip": ["154.17.4.183"], "Cf-Ray": ["56c113424c0f99bf-LAX"], "Dnt": ["1"]}, "tls": {"resumed": false, "version": 771, "ciphersuite": 49200, "proto": "", "proto_mutual": true, "server_name": "note.craigary.net"}}, "status": 502, "err_id": "515pusbpc", "err_trace": "reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:363)"}
Feb 28 09:37:13 craigary caddy2[3792]: 2020/02/28 08:37:13.035        ERROR        http.log.error        dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused        {"request": {"method": "GET", "uri": "/", "proto": "HTTP/1.1", "remote_addr": "172.68.209.194:30226", "host": "note.craigary.net", "headers": {"User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.34 Safari/537.36"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Cdn-Loop": ["cloudflare"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Cookie": ["__cfduid=d089d24c80124e600ff9f7bf7103886f41582287386"], "Sec-Fetch-User": ["?1"], "Connection": ["close"], "Dnt": ["1"], "Sec-Fetch-Dest": ["document"], "Upgrade-Insecure-Requests": ["1"], "X-Forwarded-Proto": ["https"], "Accept-Encoding": ["gzip"], "Accept-Language": ["en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7"], "Cf-Connecting-Ip": ["154.17.4.183"], "Cf-Ipcountry": ["US"], "Cf-Origin-Https": ["on"], "Cf-Ray": ["56c113441e5499bf-LAX"], "Sec-Fetch-Mode": ["navigate"], "Sec-Fetch-Site": ["none"], "X-Forwarded-For": ["154.17.4.183"]}, "tls": {"resumed": false, "version": 771, "ciphersuite": 49200, "proto": "", "proto_mutual": true, "server_name": "note.craigary.net"}}, "status": 502, "err_id": "85rygj5ka", "err_trace": "reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:363)"}
Feb 28 09:39:53 craigary caddy2[3792]: 2020/02/28 08:39:53.089        ERROR        http.log.error        dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused        {"request": {"method": "GET", "uri": "/", "proto": "HTTP/1.1", "remote_addr": "172.68.209.194:43394", "host": "note.craigary.net", "headers": {"Referer": ["https://note.craigary.net/"], "Sec-Fetch-Dest": ["document"], "Sec-Fetch-User": ["?1"], "Upgrade-Insecure-Requests": ["1"], "Cdn-Loop": ["cloudflare"], "Cf-Connecting-Ip": ["154.17.4.183"], "Cookie": ["__cfduid=d089d24c80124e600ff9f7bf7103886f41582287386"], "Dnt": ["1"], "Accept-Encoding": ["gzip"], "Connection": ["close"], "Accept-Language": ["en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7"], "X-Forwarded-For": ["154.17.4.183"], "X-Forwarded-Proto": ["https"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Sec-Fetch-Site": ["same-origin"], "Cf-Ipcountry": ["US"], "Cf-Origin-Https": ["on"], "Cf-Ray": ["56c1172c5b4a99bf-LAX"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Sec-Fetch-Mode": ["navigate"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.34 Safari/537.36"], "Cache-Control": ["max-age=0"]}, "tls": {"resumed": false, "version": 771, "ciphersuite": 49200, "proto": "", "proto_mutual": true, "server_name": "note.craigary.net"}}, "status": 502, "err_id": "fy1a2ra9q", "err_trace": "reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:363)"}
Feb 28 09:39:54 craigary caddy2[3792]: 2020/02/28 08:39:54.256        ERROR        http.log.error        dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused        {"request": {"method": "GET", "uri": "/", "proto": "HTTP/1.1", "remote_addr": "172.68.209.194:45008", "host": "note.craigary.net", "headers": {"Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Accept-Language": ["en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7"], "Cf-Ipcountry": ["US"], "Cf-Ray": ["56c11733bb6499bf-LAX"], "Sec-Fetch-Dest": ["document"], "Accept-Encoding": ["gzip"], "Cdn-Loop": ["cloudflare"], "Cf-Origin-Https": ["on"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Dnt": ["1"], "Sec-Fetch-Site": ["same-origin"], "X-Forwarded-Proto": ["https"], "Cf-Connecting-Ip": ["154.17.4.183"], "Sec-Fetch-User": ["?1"], "Upgrade-Insecure-Requests": ["1"], "Connection": ["close"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.34 Safari/537.36"], "Cache-Control": ["max-age=0"], "Cookie": ["__cfduid=d089d24c80124e600ff9f7bf7103886f41582287386; cf_ob_info=502:56c1172c5b4a99bf:LAX; cf_use_ob=0"], "Referer": ["https://note.craigary.net/"], "Sec-Fetch-Mode": ["navigate"], "X-Forwarded-For": ["154.17.4.183"]}, "tls": {"resumed": false, "version": 771, "ciphersuite": 49200, "proto": "", "proto_mutual": true, "server_name": "note.craigary.net"}}, "status": 502, "err_id": "0q9wgta0k", "err_trace": "reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:363)"}
Feb 28 09:39:56 craigary caddy2[3792]: 2020/02/28 08:39:56.026        ERROR        http.log.error        dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused        {"request": {"method": "GET", "uri": "/", "proto": "HTTP/1.1", "remote_addr": "172.68.209.194:47356", "host": "note.craigary.net", "headers": {"Cookie": ["__cfduid=d089d24c80124e600ff9f7bf7103886f41582287386; cf_ob_info=502:56c11733bb6499bf:LAX; cf_use_ob=0"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.34 Safari/537.36"], "Cdn-Loop": ["cloudflare"], "Cf-Connecting-Ip": ["154.17.4.183"], "Cf-Ipcountry": ["US"], "Accept-Language": ["en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7"], "Cf-Origin-Https": ["on"], "Dnt": ["1"], "Sec-Fetch-Site": ["same-origin"], "Sec-Fetch-Mode": ["navigate"], "Sec-Fetch-User": ["?1"], "Upgrade-Insecure-Requests": ["1"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Cache-Control": ["max-age=0"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Referer": ["https://note.craigary.net/"], "Sec-Fetch-Dest": ["document"], "X-Forwarded-For": ["154.17.4.183"], "X-Forwarded-Proto": ["https"], "Cf-Ray": ["56c1173ecfb099bf-LAX"], "Accept-Encoding": ["gzip"], "Connection": ["close"]}, "tls": {"resumed": false, "version": 771, "ciphersuite": 49200, "proto": "", "proto_mutual": true, "server_name": "note.craigary.net"}}, "status": 502, "err_id": "p5cxxm4qu", "err_trace": "reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:363)"}

5. What I already tried:

  • Change Caddyfile:

I tried to use php_fastcgi unix//run/php/php7.3-fpm.sock or php_fastcgi / 127.0.0.1:9000 php to replace php_fastcgi 127.0.0.1:9000, the former one seems deprecated on caddy 15 , the latter one has the same issue.

  • Make sure the php listen.owner / listen.group is correct:
user = www-data
group = www-data

listen.owner = caddy
listen.group = caddy
listen.mode = 0660

6. Other info might help:

  1. I have caddy v1 installed alongside v2, which works fine, here’s the related string in caddyfile(v1):
https://note.craigary.net {
	root /var/www/note.craigary.net
	gzip
	import tls
	fastcgi / /run/php/php7.3-fpm.sock php
	rewrite {
		r ^/([a-zA-Z0-9_-]+)$
		to /index.php?note={1}
	}
}

Also, is there something wrong with Caddyfile v2 rewrite part :joy: :joy: :joy:?

  1. My hosts file:
root@craigary:~# cat /etc/hosts
127.0.0.1	localhost

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
  1. DNS settings on server:
root@craigary:~# cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4

7. Links to relevant resources:

Previous PHP-fpm 502 Error thread (Solved, which should blame my server, not a caddy issue)

1 Like
2

Yup, unfortunately, beta 15 broke unix sockets. Sorry! Known bug, will be fixed in the next release (or in a hotfix release, depending on what @matt decides to do)

3 Likes
3

I think your rewrite isn’t exactly correct.

	@r {
		path_regexp note ^/([a-zA-Z0-9_-]+)$
	}
	rewrite @r /index.php?note={http.regexp.note.0}

I think this should work. I don’t remember if the capture groups are 0 or 1 indexed but I assume 0 indexed. In v2, you need to give your regex a name, i.e. note, and then you can reference the matches of that regex with a placeholder.

1 Like
4

Is there a bug in the tracker we can watch to see when unix sockets get fixed? I’m not finding one in a quick search. I do need to test some PHP sites, so I’m happy to help test fixes if you need me to.

1 Like
5

Thank you bro, I will test it when I can make PHP site up and running, I thought just need to give a name for the matcher when I saw the regex name is optional :joy:.

1 Like
6

Not yet, feel free to open one! I was having a chat with Matt outside of any public forum about this just recently.

1 Like
7

:sob::sob::sob::sob::sob: I switch back to Caddy V2 because Beta 15 fixes the “TLS certificate loading” error, I’ll wait~

This time I keep both v1 & v2 on the server :joy:

8

You should still be able to use php-fpm with port 9000, it’s only the unix/ syntax that broke.

10

Here is the Caddyfile config:

https://note.craigary.net {
	root * /var/www/note.craigary.net
	import tls
	php_fastcgi 127.0.0.1:9000
	# I'll fix the rewrite error
	@r {
		path_regexp ^/([a-zA-Z0-9_-]+)$
	}
	rewrite @r /index.php?note={r}
}

But it still not working, I think there might be my mistake…

11

“not working” is too vague, you’ll need to describe exactly what you’re seeing. Are you sure php-fpm is running?

12

What is that?

If that’s supposed to be a capture group, more info in the docs: Request matchers (Caddyfile) — Caddy Documentation

13

Sorry I think I should explain more:

  1. I am sure php-fpm is running, I install Caddy and Caddy V2 both on the server, and when I stop v2 and start v1 with systemd, everything works fine, when I switch back, I can’t let PHP site up and running (static site works fine, I’m not testing proxy yet).

  2. “not working” shows 502 bad gateway error, I pasted error log from systemd above:

● caddy2.service - Caddy Web Server V2
   Loaded: loaded (/etc/systemd/system/caddy2.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2020-02-28 09:24:54 CET; 16min ago
     Docs: https://caddyserver.com/docs/
  Process: 3913 ExecReload=/usr/bin/caddy2 reload --config /etc/caddy/CaddyfileV2 --adapter caddyfile (code=exited, status=0/SUCCESS)
 Main PID: 3792 (caddy2)
    Tasks: 7 (limit: 2359)
   Memory: 11.7M
   CGroup: /system.slice/caddy2.service
           └─3792 /usr/bin/caddy2 run --config /etc/caddy/CaddyfileV2 --adapter caddyfile --resume --environ

Feb 28 09:37:02 craigary caddy2[3792]: 2020/02/28 09:37:02 [INFO][cache:0xc000577720] Started certificate maintenance routine
Feb 28 09:37:02 craigary caddy2[3792]: 2020/02/28 08:37:02.828        INFO        autosaved config        {"file": "/var/lib/caddy/.config/caddy/autosave.json"}
Feb 28 09:37:02 craigary caddy2[3792]: 2020/02/28 08:37:02.828        INFO        admin.api        load complete
Feb 28 09:37:02 craigary systemd[1]: Reloaded Caddy Web Server V2.
Feb 28 09:37:03 craigary caddy2[3792]: 2020/02/28 08:37:03.327        INFO        admin        stopped previous server
Feb 28 09:37:12 craigary caddy2[3792]: 2020/02/28 08:37:12.771        ERROR        http.log.error        dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused        {"request": {"method": "GET", "uri": "/", "proto": "HTTP/1.1", "remote_addr": "172.68.209.194:29878", "host": "note.craigary.net", "headers": {"User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.34 Safari/537.36"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Sec-Fetch-Mode": ["navigate"], "Upgrade-Insecure-Requests": ["1"], "X-Forwarded-For": ["154.17.4.183"], "X-Forwarded-Proto": ["https"], "Cdn-Loop": ["cloudflare"], "Cookie": ["__cfduid=d089d24c80124e600ff9f7bf7103886f41582287386"], "Sec-Fetch-Site": ["none"], "Sec-Fetch-User": ["?1"], "Connection": ["close"], "Sec-Fetch-Dest": ["document"], "Accept-Encoding": ["gzip"], "Accept-Language": ["en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7"], "Cf-Ipcountry": ["US"], "Cf-Origin-Https": ["on"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Purpose": ["prefetch"], "Cf-Connecting-Ip": ["154.17.4.183"], "Cf-Ray": ["56c113424c0f99bf-LAX"], "Dnt": ["1"]}, "tls": {"resumed": false, "version": 771, "ciphersuite": 49200, "proto": "", "proto_mutual": true, "server_name": "note.craigary.net"}}, "status": 502, "err_id": "515pusbpc", "err_trace": "reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:363)"}
Feb 28 09:37:13 craigary caddy2[3792]: 2020/02/28 08:37:13.035        ERROR        http.log.error        dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused        {"request": {"method": "GET", "uri": "/", "proto": "HTTP/1.1", "remote_addr": "172.68.209.194:30226", "host": "note.craigary.net", "headers": {"User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.34 Safari/537.36"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Cdn-Loop": ["cloudflare"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Cookie": ["__cfduid=d089d24c80124e600ff9f7bf7103886f41582287386"], "Sec-Fetch-User": ["?1"], "Connection": ["close"], "Dnt": ["1"], "Sec-Fetch-Dest": ["document"], "Upgrade-Insecure-Requests": ["1"], "X-Forwarded-Proto": ["https"], "Accept-Encoding": ["gzip"], "Accept-Language": ["en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7"], "Cf-Connecting-Ip": ["154.17.4.183"], "Cf-Ipcountry": ["US"], "Cf-Origin-Https": ["on"], "Cf-Ray": ["56c113441e5499bf-LAX"], "Sec-Fetch-Mode": ["navigate"], "Sec-Fetch-Site": ["none"], "X-Forwarded-For": ["154.17.4.183"]}, "tls": {"resumed": false, "version": 771, "ciphersuite": 49200, "proto": "", "proto_mutual": true, "server_name": "note.craigary.net"}}, "status": 502, "err_id": "85rygj5ka", "err_trace": "reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:363)"}
Feb 28 09:39:53 craigary caddy2[3792]: 2020/02/28 08:39:53.089        ERROR        http.log.error        dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused        {"request": {"method": "GET", "uri": "/", "proto": "HTTP/1.1", "remote_addr": "172.68.209.194:43394", "host": "note.craigary.net", "headers": {"Referer": ["https://note.craigary.net/"], "Sec-Fetch-Dest": ["document"], "Sec-Fetch-User": ["?1"], "Upgrade-Insecure-Requests": ["1"], "Cdn-Loop": ["cloudflare"], "Cf-Connecting-Ip": ["154.17.4.183"], "Cookie": ["__cfduid=d089d24c80124e600ff9f7bf7103886f41582287386"], "Dnt": ["1"], "Accept-Encoding": ["gzip"], "Connection": ["close"], "Accept-Language": ["en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7"], "X-Forwarded-For": ["154.17.4.183"], "X-Forwarded-Proto": ["https"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Sec-Fetch-Site": ["same-origin"], "Cf-Ipcountry": ["US"], "Cf-Origin-Https": ["on"], "Cf-Ray": ["56c1172c5b4a99bf-LAX"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Sec-Fetch-Mode": ["navigate"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.34 Safari/537.36"], "Cache-Control": ["max-age=0"]}, "tls": {"resumed": false, "version": 771, "ciphersuite": 49200, "proto": "", "proto_mutual": true, "server_name": "note.craigary.net"}}, "status": 502, "err_id": "fy1a2ra9q", "err_trace": "reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:363)"}
Feb 28 09:39:54 craigary caddy2[3792]: 2020/02/28 08:39:54.256        ERROR        http.log.error        dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused        {"request": {"method": "GET", "uri": "/", "proto": "HTTP/1.1", "remote_addr": "172.68.209.194:45008", "host": "note.craigary.net", "headers": {"Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Accept-Language": ["en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7"], "Cf-Ipcountry": ["US"], "Cf-Ray": ["56c11733bb6499bf-LAX"], "Sec-Fetch-Dest": ["document"], "Accept-Encoding": ["gzip"], "Cdn-Loop": ["cloudflare"], "Cf-Origin-Https": ["on"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Dnt": ["1"], "Sec-Fetch-Site": ["same-origin"], "X-Forwarded-Proto": ["https"], "Cf-Connecting-Ip": ["154.17.4.183"], "Sec-Fetch-User": ["?1"], "Upgrade-Insecure-Requests": ["1"], "Connection": ["close"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.34 Safari/537.36"], "Cache-Control": ["max-age=0"], "Cookie": ["__cfduid=d089d24c80124e600ff9f7bf7103886f41582287386; cf_ob_info=502:56c1172c5b4a99bf:LAX; cf_use_ob=0"], "Referer": ["https://note.craigary.net/"], "Sec-Fetch-Mode": ["navigate"], "X-Forwarded-For": ["154.17.4.183"]}, "tls": {"resumed": false, "version": 771, "ciphersuite": 49200, "proto": "", "proto_mutual": true, "server_name": "note.craigary.net"}}, "status": 502, "err_id": "0q9wgta0k", "err_trace": "reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:363)"}
Feb 28 09:39:56 craigary caddy2[3792]: 2020/02/28 08:39:56.026        ERROR        http.log.error        dialing backend: dial tcp 127.0.0.1:9000: connect: connection refused        {"request": {"method": "GET", "uri": "/", "proto": "HTTP/1.1", "remote_addr": "172.68.209.194:47356", "host": "note.craigary.net", "headers": {"Cookie": ["__cfduid=d089d24c80124e600ff9f7bf7103886f41582287386; cf_ob_info=502:56c11733bb6499bf:LAX; cf_use_ob=0"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.34 Safari/537.36"], "Cdn-Loop": ["cloudflare"], "Cf-Connecting-Ip": ["154.17.4.183"], "Cf-Ipcountry": ["US"], "Accept-Language": ["en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7"], "Cf-Origin-Https": ["on"], "Dnt": ["1"], "Sec-Fetch-Site": ["same-origin"], "Sec-Fetch-Mode": ["navigate"], "Sec-Fetch-User": ["?1"], "Upgrade-Insecure-Requests": ["1"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"], "Cache-Control": ["max-age=0"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Referer": ["https://note.craigary.net/"], "Sec-Fetch-Dest": ["document"], "X-Forwarded-For": ["154.17.4.183"], "X-Forwarded-Proto": ["https"], "Cf-Ray": ["56c1173ecfb099bf-LAX"], "Accept-Encoding": ["gzip"], "Connection": ["close"]}, "tls": {"resumed": false, "version": 771, "ciphersuite": 49200, "proto": "", "proto_mutual": true, "server_name": "note.craigary.net"}}, "status": 502, "err_id": "p5cxxm4qu", "err_trace": "reverseproxy.(*Handler).ServeHTTP (reverseproxy.go:363)"}

I am not sure if its my mistake or a bug…

14

Sorry, I didn’t read docs very carefully :sweat_smile:

15

Fixed the upstream parsing bug in reverse_proxy, php_fastcgi: Fix upstream parsing regression (fix #3101) ¡ caddyserver/caddy@c83d40c ¡ GitHub

Please build from source and verify that it is working for you!

1 Like
16

Okay, I’ll test it now~ Thank you matt~

1 Like
17

I pulled and build on my server, I can confirm that unix sockets is working!!! Also I found the reason I can’t use php_fastcgi 127.0.0.1:9000 is because I forget to edit php www.conf, and the 9000 port is not even open. Sorry to bother you guys so much time!

But still having a problem with rewrite, it shows “redirected you too many times”

Here is the Caddy V2 Caddyfile(ERR_TOO_MANY_REDIRECTS):

https://note.craigary.net {
	root * /var/www/note.craigary.net
	import tls
	php_fastcgi 127.0.0.1:9000
	@r {
		path_regexp note ^/([a-zA-Z0-9_-]+)$
	}
	rewrite @r /index.php?note={http.regexp.note.1}
# I tried to use rewrite @r /index.php?note={http.regexp.note.0}, still not work.
}

And the previous Caddy V1 Caddyfile (works well):

https://note.craigary.net {
	root /var/www/note.craigary.net
	gzip
	import tls
	fastcgi / 127.0.0.1:9000 php
	rewrite {
		r ^/([a-zA-Z0-9_-]+)$
		to /index.php?note={1}
	}
}

I am not so familiar with json config, I don’t know how to enable log with Caddyfile. but Systemd doesn’t show any error, Also I cleared cookies before I test.

Thank you @matt @francislavoie for your help :hugs:

18

I updated Caddy v2 to Beta 15 and it failed to start.
Since only this server was connecting php-fpm with Unix Socket, I changed to the port and it was able to start. Therefore, I was aware of the potential problem.
That was confirmed in your comments. I gave :heartbeat:.

The Caddy documentation about this is only Caddy configuration and does not touch on editing php-fpm at all:

I think few people use php-fpm. (That’s someone with nginx experience)
This description may need to be added to the Caddy documentation.

1 Like
19

luckily the latest commit fix the bug, and I agree, the docs can inform that if you need to use port, check www.conf first :joy:

(also, can anyone help me with the rewrite :joy: :joy:)

20

Hey @craigary - rewrites definitely shouldn’t result in a redirect loop unless the backend is aggressively redirecting back to whatever the client originally requested, prior to the rewrite.

Rewrites themselves are transparent to the client and don’t involve a redirect.

For rewrite debugging, especially with regex, the simplest way forward is to configure some output that demonstrates the rewrite is actually occurring and that it manipulates the URI in an expected manner.

You’ve copied the important bits over from a working v1 config, so we expect this to function just fine, but testing this way may expose some issue we weren’t expecting.

My go-to in v1 was to set a custom log format including the rewritten URI, but in v2 we can’t do it quite the same way. We can use a header though, which should serve our purposes.

Try something like this:

https://note.craigary.net {
  root * /var/www/note.craigary.net
  import tls
  php_fastcgi 127.0.0.1:9000
  @r {
    path_regexp note ^/([a-zA-Z0-9_-]+)$
  }
  route @r {
    rewrite /index.php?note={http.regexp.note.1}
    header_down X-Debug-Rewrite {uri}
  }
}

This should add the X-Debug-Rewrite header to any request the rewrite operates on.

Then, use curl -I to make a request to your site with some path you expect to be rewritten and inspect the header when it comes back. If the header looks good - i.e. it came in the format /index.php?note=foo - you know Caddy’s executing the rewrite just fine.

1 Like
21

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.