Plain reverse_proxy works - fails when using handle_path

mooncaptain108 · October 20, 2023, 1:53am

1. The problem I’m having:

Fronting two local web servers and using handle_path to direct traffic based on incoming /subfolder value. Not passing subfolder value.
One handle path works and the other doesn’t.
The failing revers_proxy works OK without handle_path.

NOTABLE: I needed to add “protocols h1” to global values in order for the problematic web pages to display properly with straight reverse_proxy directive.

regarding errors below - I am running this test on my LAN. So I am not using TLS.
The plan - once everything works is to point the company’s domain name at the caddy.

2. Error messages and/or full log output:

I also get 404 messages and sometimes this:

Server Error in '/' Application.
The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.  Please review the following URL and make sure that it is spelled correctly.

Requested URL: /login.aspx

Oct 19 20:04:04 rp systemd[1]: Starting Caddy...
Oct 19 20:04:04 rp caddy[1890]: caddy.HomeDir=/var/lib/caddy
Oct 19 20:04:04 rp caddy[1890]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Oct 19 20:04:04 rp caddy[1890]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Oct 19 20:04:04 rp caddy[1890]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Oct 19 20:04:04 rp caddy[1890]: caddy.Version=v2.7.5 h1:HoysvZkLcN2xJExEepaFHK92Qgs7xAiCFydN5x5Hs6Q=
Oct 19 20:04:04 rp caddy[1890]: runtime.GOOS=linux
Oct 19 20:04:04 rp caddy[1890]: runtime.GOARCH=amd64
Oct 19 20:04:04 rp caddy[1890]: runtime.Compiler=gc
Oct 19 20:04:04 rp caddy[1890]: runtime.NumCPU=4
Oct 19 20:04:04 rp caddy[1890]: runtime.GOMAXPROCS=4
Oct 19 20:04:04 rp caddy[1890]: runtime.Version=go1.21.3
Oct 19 20:04:04 rp caddy[1890]: os.Getwd=/
Oct 19 20:04:04 rp caddy[1890]: LANG=en_US.UTF-8
Oct 19 20:04:04 rp caddy[1890]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Oct 19 20:04:04 rp caddy[1890]: NOTIFY_SOCKET=/run/systemd/notify
Oct 19 20:04:04 rp caddy[1890]: HOME=/var/lib/caddy
Oct 19 20:04:04 rp caddy[1890]: LOGNAME=caddy
Oct 19 20:04:04 rp caddy[1890]: USER=caddy
Oct 19 20:04:04 rp caddy[1890]: INVOCATION_ID=1f958a7ea98e48a9980973a73d64f442
Oct 19 20:04:04 rp caddy[1890]: JOURNAL_STREAM=8:28110
Oct 19 20:04:04 rp caddy[1890]: SYSTEMD_EXEC_PID=1890
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.7819703,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Oct 19 20:04:04 rp caddy[1890]: {"level":"warn","ts":1697763844.7830105,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":4}
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.7840357,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//[::1]:2019","//127.0.0.1:2019","//localhost:2019"]}
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.7842026,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.7842216,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Oct 19 20:04:04 rp caddy[1890]: {"level":"debug","ts":1697763844.7845814,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{"subjects":["192.168.3.40"]},{}]}},"http":{"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"group":"group2","handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"rewrite","strip_path_prefix":"/files"}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.3.102:80"}]}]}]}],"match":[{"path":["/files/*"]}]},{"group":"group2","handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"rewrite"}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.3.101:80"}]}]}]}],"match":[{"path":["/*"]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{},"protocols":["h1"]}}}}
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.78512,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0004a8e80"}
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.785473,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.7857323,"logger":"tls","msg":"finished cleaning storage units"}
Oct 19 20:04:04 rp caddy[1890]: {"level":"warn","ts":1697763844.7977967,"logger":"pki.ca.local","msg":"installing root certificate (you might be prompted for password)","path":"storage:pki/authorities/local/root.crt"}
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.7979116,"msg":"warning: \"certutil\" is not available, install \"certutil\" with \"apt install libnss3-tools\" or \"yum install nss-tools\" and try again"}
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.7979188,"msg":"define JAVA_HOME environment variable to use the Java trust"}
Oct 19 20:04:04 rp sudo[1901]:    caddy : PWD=/ ; USER=root ; COMMAND=/usr/bin/tee /usr/local/share/ca-certificates/Caddy_Local_Authority_-_2023_ECC_Root_111681904853473613471351852130723584205.crt
Oct 19 20:04:04 rp sudo[1901]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=998)
Oct 19 20:04:04 rp sudo[1901]: pam_unix(sudo:session): session closed for user root
Oct 19 20:04:04 rp caddy[1890]: {"level":"error","ts":1697763844.8143814,"logger":"pki.ca.local","msg":"failed to install root certificate","error":"failed to execute sudo: exit status 1","certificate_file":"storage:pki/authorities/local/root.crt"}
Oct 19 20:04:04 rp caddy[1890]: {"level":"debug","ts":1697763844.814535,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":false}
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.8145652,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1"]}
Oct 19 20:04:04 rp caddy[1890]: {"level":"debug","ts":1697763844.8146322,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.8146462,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.8146513,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["192.168.3.40"]}
Oct 19 20:04:04 rp caddy[1890]: {"level":"warn","ts":1697763844.8149853,"logger":"tls","msg":"stapling OCSP","error":"no OCSP stapling for [192.168.3.40]: no OCSP server specified in certificate","identifiers":["192.168.3.40"]}
Oct 19 20:04:04 rp caddy[1890]: {"level":"debug","ts":1697763844.8150043,"logger":"tls.cache","msg":"added certificate to cache","subjects":["192.168.3.40"],"expiration":1697788591,"managed":true,"issuer_key":"local","hash":"45fa0aab5eaab9ea348f1dd8fbc4b183c361d16137d35fe45b2511918148a5d7","cache_size":1,"cache_capacity":10000}
Oct 19 20:04:04 rp caddy[1890]: {"level":"debug","ts":1697763844.8150241,"logger":"events","msg":"event","name":"cached_managed_cert","id":"74895dd2-6ed2-4bd8-86ae-291d00af4dc7","origin":"tls","data":{"sans":["192.168.3.40"]}}
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.8152125,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Oct 19 20:04:04 rp caddy[1890]: {"level":"info","ts":1697763844.815266,"msg":"serving initial configuration"}
Oct 19 20:04:04 rp systemd[1]: Started Caddy.
Oct 19 20:04:16 rp caddy[1890]: {"level":"debug","ts":1697763856.628052,"logger":"events","msg":"event","name":"tls_get_certificate","id":"720b2c2a-91ed-4e8e-a9cf-b354011f82ee","origin":"tls","data":{"client_hello":{"CipherSuites":[43690,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"","SupportedCurves":[6682,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[27242,772,771],"Conn":{}}}}
Oct 19 20:04:16 rp caddy[1890]: {"level":"debug","ts":1697763856.6283402,"logger":"tls.handshake","msg":"choosing certificate","identifier":"192.168.3.40","num_choices":1}
Oct 19 20:04:16 rp caddy[1890]: {"level":"debug","ts":1697763856.6283622,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"192.168.3.40","subjects":["192.168.3.40"],"managed":true,"issuer_key":"local","hash":"45fa0aab5eaab9ea348f1dd8fbc4b183c361d16137d35fe45b2511918148a5d7"}
Oct 19 20:04:16 rp caddy[1890]: {"level":"debug","ts":1697763856.6283755,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"192.168.3.103","remote_port":"63115","subjects":["192.168.3.40"],"managed":true,"expiration":1697788591,"hash":"45fa0aab5eaab9ea348f1dd8fbc4b183c361d16137d35fe45b2511918148a5d7"}
Oct 19 20:04:16 rp caddy[1890]: {"level":"debug","ts":1697763856.6297226,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.168.3.103:63115: remote error: tls: unknown certificate"}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.668637,"logger":"events","msg":"event","name":"tls_get_certificate","id":"52cc26dc-ba0e-41bf-9ea3-e4c68c19191d","origin":"tls","data":{"client_hello":{"CipherSuites":[14906,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"","SupportedCurves":[23130,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[27242,772,771],"Conn":{}}}}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.668739,"logger":"tls.handshake","msg":"choosing certificate","identifier":"192.168.3.40","num_choices":1}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.668753,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"192.168.3.40","subjects":["192.168.3.40"],"managed":true,"issuer_key":"local","hash":"45fa0aab5eaab9ea348f1dd8fbc4b183c361d16137d35fe45b2511918148a5d7"}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.6687615,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"192.168.3.103","remote_port":"63117","subjects":["192.168.3.40"],"managed":true,"expiration":1697788591,"hash":"45fa0aab5eaab9ea348f1dd8fbc4b183c361d16137d35fe45b2511918148a5d7"}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.6695874,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.168.3.103:63117: remote error: tls: unknown certificate"}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.6769388,"logger":"events","msg":"event","name":"tls_get_certificate","id":"b2fdc5da-276f-4cc8-8f6a-f77f2802b762","origin":"tls","data":{"client_hello":{"CipherSuites":[51914,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"","SupportedCurves":[39578,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[47802,772,771],"Conn":{}}}}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.6770108,"logger":"tls.handshake","msg":"choosing certificate","identifier":"192.168.3.40","num_choices":1}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.677021,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"192.168.3.40","subjects":["192.168.3.40"],"managed":true,"issuer_key":"local","hash":"45fa0aab5eaab9ea348f1dd8fbc4b183c361d16137d35fe45b2511918148a5d7"}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.677027,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"192.168.3.103","remote_port":"63118","subjects":["192.168.3.40"],"managed":true,"expiration":1697788591,"hash":"45fa0aab5eaab9ea348f1dd8fbc4b183c361d16137d35fe45b2511918148a5d7"}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.6774676,"logger":"events","msg":"event","name":"tls_get_certificate","id":"a7759d54-48d0-4a9a-b1aa-710701b3f3d5","origin":"tls","data":{"client_hello":{"CipherSuites":[60138,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"","SupportedCurves":[35466,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[60138,772,771],"Conn":{}}}}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.6775174,"logger":"tls.handshake","msg":"choosing certificate","identifier":"192.168.3.40","num_choices":1}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.6775239,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"192.168.3.40","subjects":["192.168.3.40"],"managed":true,"issuer_key":"local","hash":"45fa0aab5eaab9ea348f1dd8fbc4b183c361d16137d35fe45b2511918148a5d7"}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.677529,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"192.168.3.103","remote_port":"63119","subjects":["192.168.3.40"],"managed":true,"expiration":1697788591,"hash":"45fa0aab5eaab9ea348f1dd8fbc4b183c361d16137d35fe45b2511918148a5d7"}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.6784732,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.168.3.103:63118: remote error: tls: unknown certificate"}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.6794055,"logger":"http.stdlib","msg":"http: TLS handshake error from 192.168.3.103:63119: remote error: tls: unknown certificate"}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.680578,"logger":"events","msg":"event","name":"tls_get_certificate","id":"0a023f8a-49ee-4227-ab69-38e20c6e8f92","origin":"tls","data":{"client_hello":{"CipherSuites":[23130,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"","SupportedCurves":[19018,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[14906,772,771],"Conn":{}}}}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.680629,"logger":"tls.handshake","msg":"choosing certificate","identifier":"192.168.3.40","num_choices":1}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.6806364,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"192.168.3.40","subjects":["192.168.3.40"],"managed":true,"issuer_key":"local","hash":"45fa0aab5eaab9ea348f1dd8fbc4b183c361d16137d35fe45b2511918148a5d7"}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.680649,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"192.168.3.103","remote_port":"63120","subjects":["192.168.3.40"],"managed":true,"expiration":1697788591,"hash":"45fa0aab5eaab9ea348f1dd8fbc4b183c361d16137d35fe45b2511918148a5d7"}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.6816974,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.3.101:80","total_upstreams":1}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.6868849,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.3.101:80","duration":0.005131434,"request":{"remote_ip":"192.168.3.103","remote_port":"63120","client_ip":"192.168.3.103","proto":"HTTP/1.1","method":"GET","host":"192.168.3.40","uri":"/files","headers":{"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Ch-Ua":["\"Chromium\";v=\"118\", \"Microsoft Edge\";v=\"118\", \"Not=A?Brand\";v=\"99\""],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["192.168.3.40"],"Sec-Fetch-Mode":["navigate"],"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/118.0.2088.57"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Dest":["document"],"X-Forwarded-For":["192.168.3.103"],"Accept-Language":["en-US,en;q=0.9,pt;q=0.8"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","server_name":""}},"headers":{"Date":["Fri, 20 Oct 2023 01:04:20 GMT"],"Content-Length":["1245"],"Content-Type":["text/html"],"Server":["Microsoft-IIS/10.0"],"X-Powered-By":["ASP.NET"]},"status":404}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.766936,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.3.101:80","total_upstreams":1}
Oct 19 20:04:19 rp caddy[1890]: {"level":"debug","ts":1697763859.7678673,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.3.101:80","duration":0.000876796,"request":{"remote_ip":"192.168.3.103","remote_port":"63120","client_ip":"192.168.3.103","proto":"HTTP/1.1","method":"GET","host":"192.168.3.40","uri":"/favicon.ico","headers":{"Sec-Ch-Ua-Mobile":["?0"],"Accept":["image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Site":["same-origin"],"X-Forwarded-For":["192.168.3.103"],"X-Forwarded-Host":["192.168.3.40"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 Edg/118.0.2088.57"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Fetch-Dest":["image"],"Sec-Ch-Ua":["\"Chromium\";v=\"118\", \"Microsoft Edge\";v=\"118\", \"Not=A?Brand\";v=\"99\""],"Referer":["https://192.168.3.40/files"],"X-Forwarded-Proto":["https"],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-US,en;q=0.9,pt;q=0.8"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"http/1.1","server_name":""}},"headers":{"Content-Type":["text/html"],"Server":["Microsoft-IIS/10.0"],"X-Powered-By":["ASP.NET"],"Date":["Fri, 20 Oct 2023 01:04:20 GMT"],"Content-Length":["1245"]},"status":404}

3. Caddy version:

v2.7.5 h1:HoysvZkLcN2xJExEepaFHK92Qgs7xAiCFydN5x5Hs6Q=

4. How I installed and ran Caddy:

what I did to install

a. System environment:

ubuntu 22.4
using systemd systemctl etc.

b. Command:

sudo systemctl restart caddy

c. Service/unit/compose file:

d. My complete Caddy config:

{
	debug
	servers {
		protocols h1
	}
}
192.168.3.40 {
	handle_path /files* {
		reverse_proxy http://192.168.3.102:80
	}

	handle_path /* {
		reverse_proxy 192.168.3.101:80
	}
}

francislavoie · October 20, 2023, 1:58am

This doesn’t make sense – if you don’t have a path to strip, use handle instead (with no matcher).

mooncaptain108 · October 20, 2023, 2:16am

OK - changed as noted - the …3.101 web server still still works and the …3.102 web server still fails.
Thanks for responding.

{
	debug
	servers {
		protocols h1
	}
}
192.168.3.40 {
	handle_path /files* {
		reverse_proxy http://192.168.3.102:80
	}

	handle {
		reverse_proxy 192.168.3.101:80
	}
}

francislavoie · October 20, 2023, 2:24am

See this article:

If your upstream app isn’t configured to understand that it should make requests with /files as prefix, it won’t work properly.

mooncaptain108 · October 20, 2023, 3:02am

I misunderstood the handle_path directive - I thought that it would strip off the /files/ sub-folder from the URI and just execute the reverse_proxy command unadorned.

I read the link you provided - and having seen first hand how badly the handle_path behaves I know it isn’t working properly. It must be the case that having the sub-folder in the originating request keeps interfering with the communication even if the upstream request doesn’t have the sub-folder attached.

Is that a correct understanding - or is there more?

In any case I’ll work with my customer to get a suitable subdomain created and that will get me out of this problem.

francislavoie · October 20, 2023, 4:18am

That is what it does. It strips the matched path prefix from the URL, then continues handling. (They’re called “directives”, btw).

I think that’s a misrepresentation, handle_path doesn’t behave badly, it does exactly what’s advertised.

The fact is, your app will be responding with HTML and such with links that don’t have the path prefix you’re trying to add (i.e. /files), so any requests to subsequent files will fail because they won’t get routed to the same place.

As the article explains, the solution is to configure your upstream app to be aware that it’s running under a base path, if it supports being configured that way, or yes, you should run it under a subdomain to sidestep the issue altogether.

If you’re running it locally (on your current machine), you can use *.localhost as your domains to play around with it for the time being, e.g. app.localhost and files.localhost or whatever.

mooncaptain108 · October 20, 2023, 3:07pm

My customer is using a 3rd party web application - and it does have the ability to change it’s base url so I have been experimenting with that and it seems to work.

Thanks again for your help.

caddy is helping me solve some longtime problems with this installation.

system · November 19, 2023, 3:07pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.