Apologies for using real domain names, I’ll use the ones reserved for this purpose from now on. Sorry, I can’t reveal the real domain name, not up to me to decide.
Here are the logs for one request after turning on the debug setting:
xcaddy
2022/09/28 16:04:52.973 debug events event {"name": "tls_get_certificate", "id": "1fb4cc86-48c4-4614-acfb-6a85454ed74b", "origin": "tls", "data": {"client_hello":{"CipherSuites":[4866,4867,4865,49200,49196,49192,49188,49172,49162,159,107,57,52393,52392,52394,65413,196,136,129,157,61,53,192,132,49199,49195,49191,49187,49171,49161,158,103,51,190,69,156,60,47,186,65,49169,49159,5,4,49170,49160,22,10,255],"ServerName":"prod.local","SupportedCurves":[29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[2054,1537,1539,2053,1281,1283,2052,1025,1027,513,515],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771,770,769],"Conn":{}}}}
2022/09/28 16:04:52.974 debug tls.handshake choosing certificate {"identifier": "prod.local", "num_choices": 1}
2022/09/28 16:04:52.974 debug tls.handshake default certificate selection results {"identifier": "prod.local", "subjects": ["prod.local"], "managed": true, "issuer_key": "local", "hash": "8cb49e0160a2c8330ae492ab1cfe745d1000b8ea90c94e46ed2c0905e5ef227b"}
2022/09/28 16:04:52.974 debug tls.handshake matched certificate in cache {"remote_ip": "127.0.0.1", "remote_port": "62953", "subjects": ["prod.local"], "managed": true, "expiration": "2022/09/28 20:56:53.000", "hash": "8cb49e0160a2c8330ae492ab1cfe745d1000b8ea90c94e46ed2c0905e5ef227b"}
2022/09/28 16:04:52.995 debug http.handlers.reverse_proxy selected upstream {"dial": "prod.example.com:443", "total_upstreams": 1}
2022/09/28 16:06:13.002 debug http.handlers.reverse_proxy upstream roundtrip {"upstream": "prod.example.com:443", "duration": 80.004422467, "request": {"remote_ip": "127.0.0.1", "remote_port": "62953", "proto": "HTTP/2.0", "method": "GET", "host": "prod.example.com:443", "uri": "/api/endpoint", "headers": {"Cache-Control": ["no-cache"], "X-Csrf-Token": ["***"], "Accept": ["*/*"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"], "Referer": ["https://prod.local:8443"], "Pragma": ["no-cache"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "prod.local"}}, "error": "dial tcp ***.***.***.***:443: connect: operation timed out"}
2022/09/28 16:06:13.005 error http.log.error.log2 dial tcp ***.***.***.***:443: connect: operation timed out {"request": {"remote_ip": "127.0.0.1", "remote_port": "62953", "proto": "HTTP/2.0", "method": "GET", "host": "prod.local:8443", "uri": "/api/endpoint", "headers": {"Referer": ["https://prod.local:8443"], "Accept": ["*/*"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"], "Pragma": ["no-cache"], "Cache-Control": ["no-cache"], "X-Csrf-Token": ["***"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "prod.local"}}, "duration": 80.007844101, "status": 502, "err_id": "70qaxgeq4", "err_trace": "reverseproxy.statusError (reverseproxy.go:1271)"}
2022/09/28 16:06:13.005 error http.log.access.log2 handled request {"request": {"remote_ip": "127.0.0.1", "remote_port": "62953", "proto": "HTTP/2.0", "method": "GET", "host": "prod.local:8443", "uri": "/api/endpoint", "headers": {"Accept": ["*/*"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"], "Pragma": ["no-cache"], "Cache-Control": ["no-cache"], "X-Csrf-Token": ["***"], "Referer": ["https://prod.local:8443"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "prod.local"}}, "user_id": "", "duration": 80.007844101, "size": 0, "status": 502, "resp_headers": {"Server": ["Caddy"], "Alt-Svc": ["h3=\":8443\"; ma=2592000"]}}
go build
2022/09/28 16:08:52.934 debug events event {"name": "tls_get_certificate", "id": "7c60846c-9bdd-441b-872b-ce9ec5dd79fb", "origin": "tls", "data": {"client_hello":{"CipherSuites":[4866,4867,4865,49200,49196,49192,49188,49172,49162,159,107,57,52393,52392,52394,65413,196,136,129,157,61,53,192,132,49199,49195,49191,49187,49171,49161,158,103,51,190,69,156,60,47,186,65,49169,49159,5,4,49170,49160,22,10,255],"ServerName":"prod.local","SupportedCurves":[29,23,24,25],"SupportedPoints":"AA==","SignatureSchemes":[2054,1537,1539,2053,1281,1283,2052,1025,1027,513,515],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771,770,769],"Conn":{}}}}
2022/09/28 16:08:52.934 debug tls.handshake choosing certificate {"identifier": "prod.local", "num_choices": 1}
2022/09/28 16:08:52.934 debug tls.handshake default certificate selection results {"identifier": "prod.local", "subjects": ["prod.local"], "managed": true, "issuer_key": "local", "hash": "8cb49e0160a2c8330ae492ab1cfe745d1000b8ea90c94e46ed2c0905e5ef227b"}
2022/09/28 16:08:52.934 debug tls.handshake matched certificate in cache {"remote_ip": "127.0.0.1", "remote_port": "62972", "subjects": ["prod.local"], "managed": true, "expiration": "2022/09/28 20:56:53.000", "hash": "8cb49e0160a2c8330ae492ab1cfe745d1000b8ea90c94e46ed2c0905e5ef227b"}
2022/09/28 16:08:52.949 debug http.handlers.reverse_proxy selected upstream {"dial": "prod.example.com:443", "total_upstreams": 1}
2022/09/28 16:08:53.024 debug http.handlers.reverse_proxy upstream roundtrip {"upstream": "prod.example.com:443", "duration": 0.074966453, "request": {"remote_ip": "127.0.0.1", "remote_port": "62972", "proto": "HTTP/2.0", "method": "GET", "host": "prod.example.com:443", "uri": "/api/endpoint", "headers": {"X-Csrf-Token": ["***"], "Referer": ["https://prod.local:8443"], "Accept": ["*/*"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"], "Pragma": ["no-cache"], "Cache-Control": ["no-cache"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "prod.local"}}, "headers": {"Content-Type": ["application/json"], "Content-Length": ["127"], "Connection": ["keep-alive"], "Vary": ["Accept-Encoding"], "Access-Control-Allow-Origin": ["https://prod.example.com"], "Server": ["nginx"], "Date": ["Wed, 28 Sep 2022 16:08:52 GMT"]}, "status": 401}
2022/09/28 16:08:53.025 error http.log.access.log2 handled request {"request": {"remote_ip": "127.0.0.1", "remote_port": "62972", "proto": "HTTP/2.0", "method": "GET", "host": "prod.local:8443", "uri": "/api/endpoint", "headers": {"Cache-Control": ["no-cache"], "X-Csrf-Token": ["***"], "Referer": ["https://prod.local:8443"], "Accept": ["*/*"], "User-Agent": ["Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"], "Pragma": ["no-cache"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "prod.local"}}, "user_id": "", "duration": 0.075553573, "size": 127, "status": 401, "resp_headers": {"Access-Control-Allow-Origin": ["*"], "Server": ["Caddy", "nginx"], "Alt-Svc": ["h3=\":8443\"; ma=2592000"], "Date": ["Wed, 28 Sep 2022 16:08:52 GMT"], "Content-Type": ["application/json"], "Content-Length": ["127"], "Vary": ["Accept-Encoding"]}}