Requesting website throws fileserver.parseErrorCode into the log

1. Caddy version (caddy version):

v2.5.1 h1:bAWwslD1jNeCzDa+jDCNwb8M3UJ2tPa8UZFFzPVmGKs=

2. How I run Caddy:

a. System environment:

Debian GNU/Linux 11 (bullseye) x86_64

b. Command:

systemctl start caddy
# If starting caddy manually
caddy run

c. Service/unit/compose file:

# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

flawlessco.de {                                                                                                                                                                                                                                             
        handle_errors {                                                                                                                                                                                                                                     
                rewrite * /{err.status_code}                                                                                                                                                                                                                
                reverse_proxy https://http.cat {                                                                                                                                                                                                            
                        header_up Host {upstream_hostport}                                                                                                                                                                                                  
                }                                                                                                                                                                                                                                           
        }                                                                                                                                                                                                                                                   
                                                                                                                                                                                                                                                            
        root * /srv/http/flawlessco.de/                                                                                                                                                                                                                     
        php_fastcgi unix//var/run/php/php-fpm.sock {                                                                                                                                                                                                        
                try_files {path} {path}/index.php =404                                                                                                                                                                                                      
        }                                                                                                                                                                                                                                                   
        file_server                                                                                                                                                                                                                                         
        tls /etc/ssl/certs/flawlessco.de.pem /etc/ssl/private/flawlessco.de.pem                                                                                                                                                                             
}

And a few other domains that follow the exact same scheme

3. The problem I’m having:

No files are served. Only a blank page.

Output of curl -v https://flawlessco.de:

*   Trying 172.67.158.184:443...
* Connected to flawlessco.de (172.67.158.184) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=*.flawlessco.de
*  start date: May 28 15:42:50 2022 GMT
*  expire date: Aug 26 15:42:49 2022 GMT
*  subjectAltName: host "flawlessco.de" matched cert's "flawlessco.de"
*  issuer: C=US; O=Let's Encrypt; CN=E1
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: flawlessco.de]
* h2h3 [user-agent: curl/7.84.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0xa3544666800)
> GET / HTTP/2
> Host: flawlessco.de
> user-agent: curl/7.84.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 404 
< date: Wed, 13 Jul 2022 09:28:40 GMT
< content-length: 0
< cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2FV2iarwgo%2BuKrcIj3kyGRlDApfo0VBph4kAvI1ECBXt6uXIc7LBQywbepmEyDZivZgX5evG52%2FyBtLUHgusll6DuLOS4TQmsTdujlYGM9qTvH%2FxEKSr4ZtAGT32NJxf"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 72a0fd640a3c7282-HAM
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
< 
* Connection #0 to host flawlessco.de left intact

4. Error messages and/or full log output:

2022/07/13 09:31:26.377 INFO    using provided configuration    {"config_file": "/etc/caddy/Caddyfile", "config_adapter": ""}
2022/07/13 09:31:26.401 INFO    admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2022/07/13 09:31:26.403 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [cloudflare origin certificate *.redacted-for-privacy.xyz redacted-for-privacy.xyz]: no URL to issuing certificate"}
2022/07/13 09:31:26.403 DEBUG   tls.cache       added certificate to cache      {"subjects": ["cloudflare origin certificate", "*.redacted-for-privacy.xyz", "redacted-for-privacy.xyz"], "expiration": "2037/06/20 20:21:00.000", "managed": false, "issuer_key": "", "hash": "43a2505d04244afcaa09acd4d539b2189fb8ce55e09ff00a02949cc0d4557443", "cache_size": 1, "cache_capacity": 10000}
2022/07/13 09:31:26.406 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [cloudflare origin certificate *.flawlessco.de flawlessco.de]: no URL to issuing certificate"}
2022/07/13 09:31:26.406 DEBUG   tls.cache       added certificate to cache      {"subjects": ["cloudflare origin certificate", "*.flawlessco.de", "flawlessco.de"], "expiration": "2037/06/20 19:25:00.000", "managed": false, "issuer_key": "", "hash": "ba531bd03392375334629aa5e2bbe0e062c3ed0d894dc4ea38f220162745f6a1", "cache_size": 2, "cache_capacity": 10000}
2022/07/13 09:31:26.406 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [cloudflare origin certificate *.i-use-arch.de i-use-arch.de]: no URL to issuing certificate"}
2022/07/13 09:31:26.406 DEBUG   tls.cache       added certificate to cache      {"subjects": ["cloudflare origin certificate", "*.i-use-arch.de", "i-use-arch.de"], "expiration": "2037/06/20 20:24:00.000", "managed": false, "issuer_key": "", "hash": "b5fdef211a8c85bb3adf69c95c6731e105dc3f32a57c46fffb2bed8e62b96129", "cache_size": 3, "cache_capacity": 10000}
2022/07/13 09:31:26.406 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [cloudflare origin certificate *.redacted-for-privacy.xyz redacted-for-privacy.xyz]: no URL to issuing certificate"}
2022/07/13 09:31:26.406 DEBUG   tls.cache       added certificate to cache      {"subjects": ["cloudflare origin certificate", "*.redacted-for-privacy.xyz", "redacted-for-privacy.xyz"], "expiration": "2037/06/21 10:16:00.000", "managed": false, "issuer_key": "", "hash": "a8f121e2e63fca926ed209276f5a1aa2e34860e65fdb093b5deca4cbc1b59610", "cache_size": 4, "cache_capacity": 10000}
2022/07/13 09:31:26.406 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc0004e4a80"}
2022/07/13 09:31:26.407 WARN    http    server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server {"server_name": "srv1", "http_port": 80}
2022/07/13 09:31:26.407 INFO    http    skipping automatic certificate management because one or more matching certificates are already loaded  {"domain": "testing.flawlessco.de", "server_name": "srv0"}
2022/07/13 09:31:26.407 INFO    http    skipping automatic certificate management because one or more matching certificates are already loaded  {"domain": "git.flawlessco.de", "server_name": "srv0"}
2022/07/13 09:31:26.407 INFO    http    skipping automatic certificate management because one or more matching certificates are already loaded  {"domain": "testing.redacted-for-privacy.xyz", "server_name": "srv0"}
2022/07/13 09:31:26.407 INFO    http    skipping automatic certificate management because one or more matching certificates are already loaded  {"domain": "i-use-arch.de", "server_name": "srv0"}
2022/07/13 09:31:26.407 INFO    http    skipping automatic certificate management because one or more matching certificates are already loaded  {"domain": "school-game.redacted-for-privacy.xyz", "server_name": "srv0"}
2022/07/13 09:31:26.407 INFO    http    skipping automatic certificate management because one or more matching certificates are already loaded  {"domain": "bitwarden.i-use-arch.de", "server_name": "srv0"}
2022/07/13 09:31:26.407 INFO    http    skipping automatic certificate management because one or more matching certificates are already loaded  {"domain": "yt-dl.flawlessco.de", "server_name": "srv0"}
2022/07/13 09:31:26.407 INFO    http    skipping automatic certificate management because one or more matching certificates are already loaded  {"domain": "flawlessco.de", "server_name": "srv0"}
2022/07/13 09:31:26.407 INFO    http    skipping automatic certificate management because one or more matching certificates are already loaded  {"domain": "redacted-for-privacy.xyz", "server_name": "srv0"}
2022/07/13 09:31:26.407 INFO    http    skipping automatic certificate management because one or more matching certificates are already loaded  {"domain": "redacted-for-privacy.xyz", "server_name": "srv0"}
2022/07/13 09:31:26.407 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2022/07/13 09:31:26.433 INFO    tls     cleaning storage unit   {"description": "FileStorage:/root/.local/share/caddy"}
2022/07/13 09:31:26.434 INFO    tls     finished cleaning storage units
2022/07/13 09:31:26.452 DEBUG   http    starting server loop    {"address": "[::]:443", "http3": false, "tls": true}
2022/07/13 09:31:26.452 DEBUG   http    starting server loop    {"address": "[::]:80", "http3": false, "tls": false}
2022/07/13 09:31:26.453 INFO    autosaved config (load with --resume flag)      {"file": "/root/.config/caddy/autosave.json"}
2022/07/13 09:31:26.453 INFO    serving initial configuration
2022/07/13 09:31:47.034 DEBUG   tls.handshake   choosing certificate    {"identifier": "flawlessco.de", "num_choices": 1}
2022/07/13 09:31:47.034 DEBUG   tls.handshake   custom certificate selection results    {"identifier": "flawlessco.de", "subjects": ["cloudflare origin certificate", "*.flawlessco.de", "flawlessco.de"], "managed": false, "issuer_key": "", "hash": "ba531bd03392375334629aa5e2bbe0e062c3ed0d894dc4ea38f220162745f6a1"}
2022/07/13 09:31:47.034 DEBUG   tls.handshake   matched certificate in cache    {"subjects": ["cloudflare origin certificate", "*.flawlessco.de", "flawlessco.de"], "managed": false, "expiration": "2037/06/20 19:25:00.000", "hash": "ba531bd03392375334629aa5e2bbe0e062c3ed0d894dc4ea38f220162745f6a1"}
2022/07/13 09:31:47.051 ERROR   http.log.error  error handling handler error    {"request": {"remote_ip": "162.158.202.176", "remote_port": "63386", "proto": "HTTP/2.0", "method": "GET", "host": "flawlessco.de", "uri": "/", "headers": {"Cf-Ray": ["72a101f2be22725e-HAM"], "Dnt": ["1"], "Sec-Fetch-Dest": ["document"], "Sec-Fetch-Mode": ["navigate"], "Cf-Ipcountry": ["DE"], "Accept-Encoding": ["gzip"], "X-Forwarded-For": ["191.41.74.4,2a03:d9c0:3000::a22e"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0"], "Sec-Fetch-Site": ["none"], "Sec-Gpc": ["1"], "Cdn-Loop": ["cloudflare"], "X-Forwarded-Proto": ["https"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "Cf-Connecting-Ip": ["2a03:d9c0:3000::a22e"], "Sec-Fetch-User": ["?1"], "Via": ["1.1 191.41.74.4"], "Accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"], "Accept-Language": ["en-US,en;q=0.5"], "Upgrade-Insecure-Requests": ["1"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "flawlessco.de"}}, "duration": 0.000632951, "error": "{id=466rm6e93} fileserver.parseErrorCode (matcher.go:295): HTTP 404: 404", "first_error": {"msg": "404", "status": 404, "err_id": "466rm6e93", "err_trace": "fileserver.parseErrorCode (matcher.go:295)"}}
2022/07/13 09:31:47.363 ERROR   http.log.error  error handling handler error    {"request": {"remote_ip": "162.158.202.176", "remote_port": "63386", "proto": "HTTP/2.0", "method": "GET", "host": "flawlessco.de", "uri": "/undefined", "headers": {"Sec-Fetch-Mode": ["no-cors"], "Cf-Visitor": ["{\"scheme\":\"https\"}"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0"], "Accept-Language": ["en-US,en;q=0.5"], "Dnt": ["1"], "Referer": ["https://flawlessco.de"], "Accept-Encoding": ["gzip"], "X-Forwarded-For": ["191.41.74.4,2a03:d9c0:3000::a22e"], "Cf-Ray": ["72a101f4fb46725e-HAM"], "X-Forwarded-Proto": ["https"], "Cf-Ipcountry": ["DE"], "Cdn-Loop": ["cloudflare"], "Accept": ["image/avif,image/webp,*/*"], "Sec-Fetch-Site": ["same-origin"], "Sec-Gpc": ["1"], "Sec-Fetch-Dest": ["image"], "Via": ["1.1 191.41.74.4"], "Cf-Connecting-Ip": ["2a03:d9c0:3000::a22e"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "flawlessco.de"}}, "duration": 0.00032132, "error": "{id=cdq3m08ks} fileserver.parseErrorCode (matcher.go:295): HTTP 404: 404", "first_error": {"msg": "404", "status": 404, "err_id": "cdq3m08ks", "err_trace": "fileserver.parseErrorCode (matcher.go:295)"}}

5. What I already tried:

  1. Changed ownership of the folder to caddy
  2. Ran as root
  3. Changed file permissions of all files to 777

6. Links to relevant resources:

7. Own observations

  • My reverse proxy on bitwarden.i-use-arch.de is working as expected.
  • first_error": {"msg": "404", "status": 404, "err_id": "cdq3m08ks", "err_trace": "fileserver.parseErrorCode (matcher.go:295)"}}. In the log Requesting website throws fileserver.parseErrorCode into the log

Please upgrade to v2.5.2.

You’re using a change that was introduced in that version, i.e. {err.status_code} which is a shortcut that didn’t previously exist for the slightly longer {http.error.status_code} placeholder.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.