PHP pages stopped loading

Aidoboy · June 28, 2022, 5:38pm

1. Caddy version (`caddy version`):

v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=

2. How I run Caddy:

a. System environment:

            .-/+oossssoo+/-.               aidan@Yamato
        `:+ssssssssssssssssss+:`           ------------
      -+ssssssssssssssssssyyssss+-         OS: Ubuntu 21.10 x86_64
    .ossssssssssssssssssdMMMNysssso.       Host: OptiPlex 790 01
   /ssssssssssshdmmNNmmyNMMMMhssssss/      Kernel: 5.13.0-52-generic
  +ssssssssshmydMMMMMMMNddddyssssssss+     Uptime: 18 mins
 /sssssssshNMMMyhhyyyyhmNMMMNhssssssss/    Packages: 3131 (dpkg), 11 (snap)
.ssssssssdMMMNhsssssssssshNMMMdssssssss.   Shell: bash 5.1.8
+sssshhhyNMMNyssssssssssssyNMMMysssssss+   Resolution: 6000x1440
ossyNMMMNyMMhsssssssssssssshmmmhssssssso   Theme: Adwaita [GTK3]
ossyNMMMNyMMhsssssssssssssshmmmhssssssso   Icons: Adwaita [GTK3]
+sssshhhyNMMNyssssssssssssyNMMMysssssss+   Terminal: /dev/pts/0
.ssssssssdMMMNhsssssssssshNMMMdssssssss.   CPU: Intel i7-2600 (8) @ 3.800GHz
 /sssssssshNMMMyhhyyyyhdNMMMNhssssssss/    GPU: Intel 2nd Generation Core Processor Family
  +sssssssssdmydMMMMMMMMddddyssssssss+     Memory: 2371MiB / 7829MiB
   /ssssssssssshdmNNNNmyNMMMMhssssss/
    .ossssssssssssssssssdMMMNysssso.
      -+sssssssssssssssssyyyssss+-
        `:+ssssssssssssssssss+:`
            .-/+oossssoo+/-.

b. Command:

systemctl start caddy

c. Service/unit/compose file:

# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

{
    debug
}

(default) {
    root * /usr/share/caddy/public_html

    @php path /tt-rss/* /minecraft/solder/* /launcher-update/* #/rss-bridge/* /heimdall/*
    php_fastcgi @php unix//run/php/php7.4-fpm.sock

    #@heimdall_try {
    #    file {
    #        try_files /heimdall/public/* /heimdall/public/index.php
    #    }
    #}
    #rewrite @heimdall_try /heimdall/public/*
    #try_files /heimdall/* /heimdall/public/index.php
    #try_files /heimdall/public /heimdall/public/index.php
    #try_files /heimdall/public/* /heimdall/public/index.php

    file_server
}
(php) {
    php_fastcgi unix//run/php/php8.0-fpm.sock
}
(tt-rss) {
    root * /usr/share/caddy/tt-rss
    import php
    file_server
}
(heimdall) {
    root * /usr/share/caddy/heimdall/public
    import php
    file_server
}

server.theundarkpixel.com { # http://localhost, , http://192.168.1.34
    import heimdall
}

http://192.168.1.34 {
    # tls internal
    #import default
    #handle_path /wallpapers/* {
    #    #root * /mnt/storage/aidan/Wallpapers/
    #    root * /usr/share/caddy/public_html
    #    import php
    #    file_server
    #}
    import heimdall
}

:6587 {
    root * /mnt/storage/aidan/Wallpapers
    import php
    #uri replace feed feed.php
    try_files {path} /index.php
    file_server #browse
}

:8785 {
    root * /usr/share/caddy/vault
}

ttrss.server.theundarkpixel.com { # , http://192.168.1.34
    import tt-rss
}

minecraftplus.server.theundarkpixel.com :7780 { # , http://192.168.1.34
    root * /usr/share/caddy/minecraftplus
    @wasm {
        path *.wasm
    }
    header @wasm Content-Type application/wasm
    file_server
}

wrapped.server.theundarkpixel.com :8782 {
    root * /usr/share/caddy/plex-wrapped
    import php
    file_server
}

nextcloud.server.theundarkpixel.com :7867 {
    root * /usr/share/caddy/nextcloud
    file_server

    import php
    header {
        #enable HSTS
        Strict-Transport-Security max-age=31536000;
    }

    #tls internal {
    #    on_demand
    #}

    redir /.well-known/carddav /remote.php/dav 301
    redir /.well-known/caldav /remote.php/dav 301

    # .htaccess / data / config / ... shouldn't be accessible from outside
    @forbidden {
        path    /.htaccess
        path    /data/*
        path    /config/*
        path    /db_structure
        path    /.xml
        path    /README
        path    /3rdparty/*
        path    /lib/*
        path    /templates/*
        path    /occ
        path    /console.php
    }

    respond @forbidden 404
}

http://192.168.1.34:8482 {
    # tls internal
    import tt-rss
}

hass.server.theundarkpixel.com {
    reverse_proxy localhost:8123 {
        header_up Host {http.request.host}
        header_up X-Real-IP {http.request.remote}
        header_up X-Forwarded-For {http.request.remote}
        header_up X-Forwarded-Port {http.request.port}
        header_up X-Forwarded-Proto {http.request.scheme}
    }
}

wallpapergarden.server.theundarkpixel.com {
    reverse_proxy localhost:8771 {
        header_up Public true
    }
}

plex.server.theundarkpixel.com {
    reverse_proxy localhost:32400
}

tautulli.server.theundarkpixel.com {
    reverse_proxy localhost:8181
}

friesandaioli.server.theundarkpixel.com {
    reverse_proxy localhost:2368
}

pterodactyl.server.theundarkpixel.com :8084 {
    root * /usr/share/caddy/pterodactyl/public

    header {
                X-Content-Type-Options nosniff
                X-XSS-Protection "1; mode=block"
                X-Robots-Tag none
                Content-Security-Policy "frame-ancestors 'self'"
                X-Frame-Options DENY
                Referrer-Policy same-origin
        }

        @htFiles {
                path_regexp /\.ht
        }
        respond @htFiles 403

    import php

        file_server
}

wings.server.theundarkpixel.com {
    reverse_proxy localhost:8087 {
        header_up Host {http.request.host}
        header_up X-Real-IP {http.request.remote}
        header_up X-Forwarded-For {http.request.remote}
        header_up X-Forwarded-Port {http.request.port}
        header_up X-Forwarded-Proto {http.request.scheme}
    }
}

:4945 {
    root * /usr/share/caddy/esivywp
    import php
    file_server browse
}

prometheus.theundarkpixel.com {
    reverse_proxy 192.168.1.70
}

#plex.prometheus.theundarkpixel.com {
#    reverse_proxy 192.168.1.70:32400
#}

tautulli.prometheus.theundarkpixel.com {
    reverse_proxy 192.168.1.70:8181
}

nextcloud.prometheus.theundarkpixel.com {
    reverse_proxy 192.168.1.70:7867
}

http://photoprism.prometheus.theundarkpixel.com {
    reverse_proxy 192.168.1.70:2342
}

#librephotos.server.theundarkpixel.com
#:7680 {
#    reverse_proxy :7680
#    reverse_proxy * :7682 {
#        header_up Host {http.request.host}
#    }
#    @api path /api/* /media/*
#    reverse_proxy @api :7681 {
#        header_up Host backend
#        header_up X-Real-IP {http.request.remote}
#    }
#    @protected_media {
#        remote_ip 127.0.0.1
#        path /protected_media*
#    }
#    file_server @protected_media {
#        root /var/lib/librephotos/
#    }
#    @original {
#        remote_ip 127.0.0.1
#        path /original*
#    }
#    handle @original {
#        uri strip_prefix /original
#        file_server {
#            root /var/lib/librephotos/data/
#        }
#    }
#    @nextcloud_original {
#        remote_ip 127.0.0.1
#        path /nextcloud_original*
#    }
#    handle @nextcloud_original {
#        uri strip_prefix /nextcloud_original
#        file_server {
#            root /var/lib/librephotos/data/nextcloud_media/
#        }
#    }
#}

#git {
#    path       launcher-update
#    repo       http://25.4.88.33:3000/Minecraft/Launcher.git
#    branch     update-site
#}

#git {
#    path       launcher-extras
#    repo       http://25.4.88.33:3000/Minecraft/Launcher.git
#    branch     extras
#}

#browse /launcher-extras

#fastcgi / /var/run/php/php7.0-fpm.sock {
#    ext        .php
#    split      .php
#    #index     index.php
#}

# errors /home/caddy/errorlog.log

3. The problem I’m having:

I went through the manual upgrade process for Pterdactyl Panel and afterwards I haven’t been able to get any of my PHP pages to load.

$ curl -v https://pterodactyl.server.theundarkpixel.com
*   Trying 72.179.21.5:443...
* Connected to pterodactyl.server.theundarkpixel.com (72.179.21.5) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=pterodactyl.server.theundarkpixel.com
*  start date: May 30 01:40:59 2022 GMT
*  expire date: Aug 28 01:40:58 2022 GMT
*  subjectAltName: host "pterodactyl.server.theundarkpixel.com" matched cert's "pterodactyl.server.theundarkpixel.com"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x56248de4a510)
> GET / HTTP/2
> Host: pterodactyl.server.theundarkpixel.com
> user-agent: curl/7.74.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 500
< content-security-policy: frame-ancestors 'self'
< content-type: text/html; charset=UTF-8
< referrer-policy: same-origin
< server: Caddy
< status: 500 Internal Server Error
< x-content-type-options: nosniff
< x-frame-options: DENY
< x-robots-tag: none
< x-xss-protection: 1; mode=block
< content-length: 0
< date: Tue, 28 Jun 2022 17:31:27 GMT
<
* Connection #0 to host pterodactyl.server.theundarkpixel.com left intact

4. Error messages and/or full log output:

2022/06/28 17:34:35.602 DEBUG   tls.handshake   choosing certificate    {"identifier": "pterodactyl.server.theundarkpixel.com", "num_choices": 1}
2022/06/28 17:34:35.602 DEBUG   tls.handshake   default certificate selection results   {"identifier": "pterodactyl.server.theundarkpixel.com", "subjects": ["pterodactyl.server.theundarkpixel.com"], "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "17c9bb5982c823ff2c2cba4182766d36eac443b876678db4ae0490b7c254d4b7"}
2022/06/28 17:34:35.602 DEBUG   tls.handshake   matched certificate in cache    {"subjects": ["pterodactyl.server.theundarkpixel.com"], "managed": true, "expiration": "2022/09/26 16:00:40.000", "hash": "17c9bb5982c823ff2c2cba4182766d36eac443b876678db4ae0490b7c254d4b7"}
2022/06/28 17:34:35.605 DEBUG   http.handlers.rewrite   rewrote request {"request": {"remote_ip": "72.179.21.5", "remote_port": "55890", "proto": "HTTP/2.0", "method": "GET", "host": "pterodactyl.server.theundarkpixel.com", "uri": "/", "headers": {"User-Agent": ["curl/7.74.0"], "Accept": ["*/*"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "pterodactyl.server.theundarkpixel.com"}}, "method": "GET", "uri": "/index.php"}
2022/06/28 17:34:35.605 DEBUG   http.handlers.reverse_proxy     selected upstream       {"dial": "/run/php/php8.0-fpm.sock", "total_upstreams": 1}
2022/06/28 17:34:35.605 DEBUG   http.reverse_proxy.transport.fastcgi    roundtrip       {"request": {"remote_ip": "72.179.21.5", "remote_port": "55890", "proto": "HTTP/2.0", "method": "GET", "host": "pterodactyl.server.theundarkpixel.com", "uri": "/index.php", "headers": {"Accept": ["*/*"], "X-Forwarded-For": ["72.179.21.5"], "X-Forwarded-Proto": ["https"], "X-Forwarded-Host": ["pterodactyl.server.theundarkpixel.com"], "User-Agent": ["curl/7.74.0"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "pterodactyl.server.theundarkpixel.com"}}, "dial": "/run/php/php8.0-fpm.sock", "env": {"REQUEST_SCHEME": "https", "DOCUMENT_URI": "/index.php", "AUTH_TYPE": "", "SCRIPT_FILENAME": "/usr/share/caddy/pterodactyl/public/index.php", "HTTPS": "on", "SSL_PROTOCOL": "TLSv1.3", "HTTP_ACCEPT": "*/*", "SERVER_NAME": "pterodactyl.server.theundarkpixel.com", "SCRIPT_NAME": "/index.php", "HTTP_X_FORWARDED_HOST": "pterodactyl.server.theundarkpixel.com", "REMOTE_IDENT": "", "PATH_INFO": "", "REMOTE_HOST": "72.179.21.5", "SERVER_PROTOCOL": "HTTP/2.0", "HTTP_X_FORWARDED_FOR": "72.179.21.5", "HTTP_X_FORWARDED_PROTO": "https", "CONTENT_LENGTH": "", "REMOTE_USER": "", "REQUEST_METHOD": "GET", "SERVER_SOFTWARE": "Caddy/v2.5.1", "SSL_CIPHER": "TLS_AES_128_GCM_SHA256", "GATEWAY_INTERFACE": "CGI/1.1", "REQUEST_URI": "/", "SERVER_PORT": "443", "DOCUMENT_ROOT": "/usr/share/caddy/pterodactyl/public", "QUERY_STRING": "", "REMOTE_ADDR": "72.179.21.5", "REMOTE_PORT": "55890", "HTTP_USER_AGENT": "curl/7.74.0", "CONTENT_TYPE": "", "HTTP_HOST": "pterodactyl.server.theundarkpixel.com"}}
2022/06/28 17:34:35.660 DEBUG   http.handlers.reverse_proxy     upstream roundtrip      {"upstream": "unix//run/php/php8.0-fpm.sock", "duration": 0.054364981, "request": {"remote_ip": "72.179.21.5", "remote_port": "55890", "proto": "HTTP/2.0", "method": "GET", "host": "pterodactyl.server.theundarkpixel.com", "uri": "/index.php", "headers": {"X-Forwarded-Proto": ["https"], "X-Forwarded-Host": ["pterodactyl.server.theundarkpixel.com"], "User-Agent": ["curl/7.74.0"], "Accept": ["*/*"], "X-Forwarded-For": ["72.179.21.5"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "pterodactyl.server.theundarkpixel.com"}}, "headers": {"Status": ["500 Internal Server Error"], "Content-Type": ["text/html; charset=UTF-8"]}, "status": 500}

5. What I already tried:

Restarted Caddy
Restarted PHP
Reset file ownership in /usr/share/caddy/
Check for apt updates (nothing relevant)
Restarted the system

6. Links to relevant resources:

Updating the Panel | Pterodactyl

francislavoie · June 28, 2022, 7:31pm

That’s not the best place to put your site. /usr/share/ is meant for files from packages you install to live, not for your own sites.

You should put your sites in either /srv or /var/www/html.

Either way, the issue is that PHP is responding with a 500 error. You need to check your PHP logs to see what it’s complaining about.

Aidoboy:

        header_up Host {http.request.host}
        header_up X-Real-IP {http.request.remote}
        header_up X-Forwarded-For {http.request.remote}
        header_up X-Forwarded-Port {http.request.port}
        header_up X-Forwarded-Proto {http.request.scheme}

Remove all these header_up lines. They’re not useful. See the docs:

Aidoboy · June 28, 2022, 9:57pm

What PHP log should I be looking at? Nothing seems to show up in /var/log/php8.0-fpm.log.

francislavoie · June 28, 2022, 10:09pm

It entirely depends on how your PHP was installed and configured. I can’t answer that for you.

Aidoboy · June 29, 2022, 2:17pm

Everything should be stock or near-stock from PHP from APT. Where should I start to look?

Aidoboy · July 17, 2022, 7:07pm

I found the issue! I’d changed the permissions to caddy:caddy when PHP is running as www-data:www:data

system · July 28, 2022, 5:38pm

This topic was automatically closed after 30 days. New replies are no longer allowed.