Proxy is doing a url rewrite instead


(Sher Chowdhury) #1

Hello,

I have an odd problem that started recently on my CentOS 7 vm. Basically I have an Apache web server that has caddy running on top of it.

# httpd -t -D DUMP_VHOSTS
VirtualHost configuration:
*:8080                 libre.tools.example.co.uk (/etc/httpd/conf.d/librenms.conf:2)

Where, the apache vhost settings is:

# cat /etc/httpd/conf.d/librenms.conf
Listen 8080
<VirtualHost *:8080>
  DocumentRoot /opt/librenms/html/
  ServerName libre.tools.example.co.uk

  AllowEncodedSlashes NoDecode
  <Directory "/opt/librenms/html/">
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews
  </Directory>
</VirtualHost>

I can successfully access this website for testing purposes by going to:

http://libre.tools.example.co.uk:8080/

However, I have setup ssl via Caddy. I start caddy by running:

# /usr/local/bin/caddy -log /var/log/caddy -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp -email=admin@example.co.uk
Activating privacy features... done.
https://libre.tools.example.co.uk
http://libre.tools.example.co.uk
WARNING: File descriptor limit 1024 is too low for production servers. At least 8192 is recommended. Fix with "ulimit -n 8192".

Where:

# cat /etc/caddy/Caddyfile
import conf.d/*.conf

Which in turn leads to:

# ll /etc/caddy/conf.d/
total 4
-rw-r--r-- 1 root root 149 Sep 13 15:57 librenms-proxy.conf
# cat /etc/caddy/conf.d/librenms-proxy.conf
libre.tools.example.co.uk {
  proxy / localhost:8080
    tls {
      dns route53
      ca https://acme-v02.api.letsencrypt.org/directory
    }
}

I’ve also updated my dns (route53) to point to my caddy/apache server.

The version of caddy I’m using is:

# /usr/local/bin/caddy --version
Caddy 0.11.0 (+3ca6bc4 Wed Jul 18 13:35:05 UTC 2018) (unofficial)
1 file changed, 1 insertion(+)
caddy/caddymain/run.go

I only added the route53 plugin for my compilation.

So far so good.

However when I try to access ‘https://libre.tools.example.co.uk’ in my chrome browser, it ends up getting redirected to ‘http://localhost:8080/login

This vm was working fine for about a couple of months. But we noticed this problem today.

Does anyone have any ideas what could be causing this?


(Matthew Fay) #2

Sounds like your site is issuing absolute redirects. Here’s how an absolute redirect could cause this issue:

  1. Your client browses to https://libre.tools.example.co.uk and connects to Caddy.
  2. Caddy’s configured to proxy this site, so it browses to localhost:8080 and connects to Apache.
  3. Apache sees a client (Caddy) asking for localhost:8080 and wants them to log in.
    a. Apache builds a URL based on the site requested by Caddy and the path of the login resource.
    b. Apache then sends the redirect to Caddy - Location: http://localhost:8080/login
  4. Caddy faithfully passes that back to its original client, who follows it and winds up naturally confused.

Likely in the past your site used relative redirects instead (i.e. Location: /login), which let the browser fill in the blanks (like the Host) based on the client’s own context.

To fix this, you can add the transparent preset to your proxy. This will preserve the Host requested by the original client, so when Caddy connects to Apache, the latter will know that the site requested is actually https://libre.tools.example.co.uk and it should build its redirect URL appropriately.


(Sher Chowdhury) #3

Hi Matthew,

The transparent setting worked! Here’s the changes I made to get it working:

# cat /etc/caddy/conf.d/librenms-proxy.conf
libre.tools.example.co.uk {
  proxy / localhost:8080 {
    transparent
  }
  tls {
    dns route53
    ca https://acme-v02.api.letsencrypt.org/directory
  }
}

Many thanks for your help!