Hello,
1. Caddy version (caddy version
):
not certain. built it from source from the repo so I don’t have the exact version number, but the syntax seems to be v2.
2. How I run Caddy:
Systemd
a. System environment:
Ubuntu 18.04
b. Command:
sudo systemctl restart caddy.service
c. Service/unit/compose file:
[Unit]
Description=Caddy Web Server
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/local/bin/caddy -conf /etc/caddy/Caddyfile -email "pierre.depaz@gmail.com" -agree
ExecReload=/usr/bin/pkill -USR1 caddy
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
#ProtectSystem=full
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
wishes.enframed.net {
proxy / localhost:3003
header Host {http.request.host}
header X-Forwarded-For {http.request.remote.host}
header X-Forwarded-Port {http.request.port}
header X-Forwarded-Proto {http.request.scheme}
log /var/log/caddy.access.log
gzip
}
3. The problem I’m having:
I’m using Caddy as a proxy to a Rails application, to which I make POST requests through AJAX. All other requests work fine.
Rails sees the POST request as forwarded by Caddy as coming for http://localhost (wrong scheme+domain), instead of seeing for https://wishes.enframed.net
After some research, it seems that I cannot properly configure caddy to forward this information correctly
4. Error messages and/or full log output:
this is from the rails app log:
W, [2020-11-27T13:07:46.879115 #3990628] WARN -- : [6d0e97ac-2c10-4a2f-9d51-6acf29c4847b] HTTP Origin header (https://wishes.enframed.net) didn't match request.base_url (http://localhost:3003)
I, [2020-11-27T13:07:46.879445 #3990628] INFO -- : [6d0e97ac-2c10-4a2f-9d51-6acf29c4847b] Completed 422 Unprocessable Entity in 0ms (Allocations: 128)
F, [2020-11-27T13:07:46.880174 #3990628] FATAL -- : [6d0e97ac-2c10-4a2f-9d51-6acf29c4847b]
[6d0e97ac-2c10-4a2f-9d51-6acf29c4847b] ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
5. What I already tried:
A variety of combinations of the following:
header Host {http.request.host}
header X-Forwarded-For {http.request.remote.host}
header X-Forwarded-Port {http.request.port}
header X-Forwarded-Proto {http.request.scheme}
or
header Host {host}
header X-Enable-Ssl on
header X-Forwarded-For {host}
header X-Forwarded-Port {port}
header X-Forwarded-Proto {scheme}
as well as setting it as a reverse proxy, upon which caddy crashes.
including the post found here
6. Links to relevant resources:
This is the relevant issue in the Rails repo, which I’m unable to properly understand/find the correct syntax to fix: https://github.com/rails/rails/issues/22965
Thanks for the help!