Change the header_up line to:
header_up Host jetty.eclipse.org
still not working. if you don’t mine can we have a call.
Here is the meeting link:
Log:
{“level”:“info”,“ts”:1630676141.3607857,“msg”:“serving initial configuration”}
{“level”:“debug”,“ts”:1630676144.4195025,“logger”:“http.handlers.reverse_proxy”,“msg”:“upstream roundtrip”,“upstream”:“localhost:8443”,“request”:{“remote_addr”:"[::1]:61980",“proto”:“HTTP/1.1”,“method”:“GET”,“host”:“jetty.eclipse.org”,“uri”:"/",“headers”:{“Sec-Ch-Ua-Mobile”:["?0"],“Sec-Ch-Ua-Platform”:["“Windows”"],“Sec-Fetch-Site”:[“none”],“User-Agent”:[“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36”],“Accept-Language”:[“en-US,en;q=0.9”],“Upgrade-Insecure-Requests”:[“1”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”],“Accept-Encoding”:[“gzip, deflate, br”],“Sec-Fetch-Mode”:[“navigate”],“X-Forwarded-For”:["::1"],“X-Forwarded-Proto”:[“http”],“Cache-Control”:[“max-age=0”],“Sec-Fetch-User”:["?1"],“Sec-Ch-Ua”:["“Google Chrome”;v=“93”, " Not;A Brand";v=“99”, “Chromium”;v=“93"”],“Sec-Fetch-Dest”:[“document”]}},“duration”:0.0179121,“error”:“remote error: tls: handshake failure”}
{“level”:“error”,“ts”:1630676149.4366245,“logger”:“http.log.error”,“msg”:“remote error: tls: handshake failure”,“request”:{“remote_addr”:"[::1]:61980",“proto”:“HTTP/1.1”,“method”:“GET”,“host”:“localhost”,“uri”:"/",“headers”:{“Accept-Encoding”:[“gzip, deflate, br”],“Cache-Control”:[“max-age=0”],“Upgrade-Insecure-Requests”:[“1”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”],“Sec-Fetch-Mode”:[“navigate”],“Sec-Fetch-User”:["?1"],“Sec-Fetch-Dest”:[“document”],“Connection”:[“keep-alive”],“Sec-Ch-Ua-Mobile”:["?0"],“Sec-Ch-Ua-Platform”:["“Windows”"],“Sec-Fetch-Site”:[“none”],“User-Agent”:[“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36”],“Accept-Language”:[“en-US,en;q=0.9”],“Sec-Ch-Ua”:["“Google Chrome”;v=“93”, " Not;A Brand";v=“99”, “Chromium”;v=“93"”]}},“duration”:5.0349525,“status”:502,“err_id”:“wfc9d07v2”,“err_trace”:“reverseproxy.statusError (reverseproxy.go:857)”}
Per Jetty docs, you need to set tls_server_name.
I have tried but still getting 502 Error
If you don’t mine can we have a call
2021/09/03 16:44:22.605 ERROR http.log.error remote error: tls: handshake failure {“request”: {“remote_addr”: “20.105.172.104:55396”, “proto”: “HTTP/1.1”, “method”: “GET”, “host”: “localhost:8443”, “uri”: “/.env”, “headers”: {“Connection”: [“keep-alive”], “User-Agent”: [“Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30”], “Accept-Encoding”: [“gzip, deflate”], “Accept”: ["/"]}}, “duration”: 5.0264333, “status”: 502, “err_id”: “mrqbb6b7b”, “err_trace”: “reverseproxy.statusError (reverseproxy.go:857)”
Just FYI – and I can’t speak for each individual helper here – but most will not be able to devote dedicated phone support for free. I know that we charge a premium for private, real-time support over the phone. Happy to do it but you should probably contact us: https://caddyserver.com/business
ok. here is my config and iam trying to enable reverse proxy from https://localhost:8443 to http://localhost:80. and iam getting 502 error.
======================================================================
{
debug
}
:80 {
# Set this path to your site’s directory.
#root * /usr/share/caddy
# Enable the static file server.
#file_server
# Another common task is to set up a reverse proxy:
reverse_proxy https://localhost:8443 {
header_up Host jetty.eclipse.org
lb_policy round_robin
lb_try_duration 5s
health_status 200
health_interval 10s
fail_duration 30s
transport http {
tls_insecure_skip_verify
}
}
}
======================================================================
It doesn’t look like you are setting tls_server_name like @Mohammed90 suggested. Please try that first.
now iam getting 502 error and here is logs
CaddyFile:
{
debug
}
:80 {
# Set this path to your site’s directory.
#root * /usr/share/caddy
# Enable the static file server.
#file_server
# Another common task is to set up a reverse proxy:
reverse_proxy https://localhost:8443 {
header_up Host jetty.eclipse.org
lb_policy round_robin
lb_try_duration 5s
health_status 200
health_interval 10s
fail_duration 30s
transport http {
tls_server_name jetty.eclipse.org
tls_insecure_skip_verify
}
}
}
Logs:
{“level”:“error”,“ts”:1630688556.1450188,“logger”:“http.log.error”,“msg”:“remote error: tls: handshake failure”,“request”:{“remote_addr”:"[::1]:63247",“proto”:“HTTP/1.1”,“method”:“GET”,“host”:“localhost”,“uri”:"/",“headers”:{“Sec-Ch-Ua-Platform”:["“Windows”"],“User-Agent”:[“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”],“Sec-Fetch-Dest”:[“document”],“Accept-Encoding”:[“gzip, deflate, br”],“Connection”:[“keep-alive”],“Upgrade-Insecure-Requests”:[“1”],“Sec-Fetch-User”:["?1"],“Sec-Ch-Ua-Mobile”:["?0"],“Sec-Fetch-Site”:[“none”],“Sec-Fetch-Mode”:[“navigate”],“Cache-Control”:[“max-age=0”],“Sec-Ch-Ua”:["“Google Chrome”;v=“93”, " Not;A Brand";v=“99”, “Chromium”;v=“93"”],“Accept-Language”:[“en-US,en;q=0.9”]}},“duration”:5.0190037,“status”:502,“err_id”:“772neatxe”,“err_trace”:“reverseproxy.statusError (reverseproxy.go:857)”}
{“level”:“error”,“ts”:1630688558.0801852,“logger”:“http.log.error”,“msg”:“no upstreams available”,“request”:{“remote_addr”:"[::1]:55299",“proto”:“HTTP/1.1”,“method”:“GET”,“host”:“localhost”,“uri”:"/",“headers”:{“Upgrade-Insecure-Requests”:[“1”],“Accept-Encoding”:[“gzip, deflate, br”],“Connection”:[“keep-alive”],“Sec-Ch-Ua”:["“Google Chrome”;v=“93”, " Not;A Brand";v=“99”, “Chromium”;v=“93"”],“Sec-Ch-Ua-Mobile”:["?0"],“Sec-Ch-Ua-Platform”:["“Windows”"],“Sec-Fetch-Dest”:[“document”],“Accept-Language”:[“en-US,en;q=0.9”],“Pragma”:[“no-cache”],“Cache-Control”:[“no-cache”],“User-Agent”:[“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”],“Sec-Fetch-Site”:[“none”],“Sec-Fetch-Mode”:[“navigate”],“Sec-Fetch-User”:["?1"]}},“duration”:5.0141381,“status”:502,“err_id”:“vpjg6rdj9”,“err_trace”:“reverseproxy.statusError (reverseproxy.go:857)”}
Do you have logs of what Jetty sees?
with http://localhost:8080 is working and when we are trying with https://localhost:8443 getting 502 error . my application page
Here is the logs for jetty:
INFO <04 Sep 2021 02:09:47,373> <SearchBlox Version 10.0[DEV#3]>
INFO <04 Sep 2021 02:09:47,375> <JVM Vendor: Azul Systems, Inc.>
INFO <04 Sep 2021 02:09:47,375> <JVM Version: 11.0.1>
INFO <04 Sep 2021 02:09:47,390> <Server Information : jetty/9.4.43.v20210629 Version 3.1>
INFO <04 Sep 2021 02:09:47,399> <OS Information : amd64|Windows Server 2016|10.0>
INFO <04 Sep 2021 02:09:47,399> <Host IP Address : 172.26.4.0>
INFO <04 Sep 2021 02:09:47,412> <Memory: 8 GB | 7 GB>
INFO <04 Sep 2021 02:10:13,591> <Loading Analytics from PATH: C:\SearchBloxServer\analytics\bin\cubejs.bat>
INFO <04 Sep 2021 02:10:25,013> <2021/09/04 02:10:25 Scheduler started>
INFO <04 Sep 2021 02:10:26,513>
INFO <04 Sep 2021 02:10:26,520>
INFO <04 Sep 2021 02:10:35,212>
INFO <04 Sep 2021 02:10:35,662> <Analytics started with PID: 1524>
INFO <04 Sep 2021 02:10:35,664>
any update for the above issue.
The logs aren’t giving anything informative. You need to share more helpful information. There’s a reason why Caddy isn’t able to connect to your server over TLS.
As @matt said, if you need one-on-one support, you may always reach out using the Caddy for Business page.
if i want skip the tls error how to do that.
Well, we need to know the issue in order to skip it. It can’t be swept under the rug. What’s the TLS version of your certificate? What’s Jetty config? You need to increase the log level and see the exact error.
our tls version 1.2 or 2 and every time iam getting tls handshake error. What are possible to do pass request from https to http
If your Caddyfile is truly only that, it should work, unless Jetty does something different and/or the running Caddyfile isn’t the same one here. You have to share more about your setup to know.
Ashok the team asked that you encase your logs and configs in ``` on the line before and after the text block.
Your subject for this post is “Reverse Proxy from HTTPS to HTTP”, but your configuration is for reverse proxy of HTTP at caddy going back to a service that is a HTTPS connection…
I would need to test but is that even going to work? If you were setting up caddy to serve HTTPS and connect back to a service that was on HTTP, that would work, or to HTTPS on caddy and HTTPS back to your service that caddy is acting as a reverse proxy for.
The way your config for caddy is set up for HTTP ( port 80 ). This would require that caddy’s reverse proxy support ‘HTTP connect’ as a method (which I’m not sure it can do, it seems specialized to be able to reverse proxy a HTTP connection to HTTPS? CONNECT - HTTP | MDN )
So this is failing because you are attempting an unsupported configuration as best I can tell?
:80 {
reverse_proxy https://localhost:8443 {
header_up Host {http.reverse_proxy.upstream.hostport}
#lb_policy round_robin
#lb_try_duration 5s
health_status 200
health_interval 10s
fail_duration 30s
transport http {
tls
tls_insecure_skip_verify
}
}
}
1 Like
its just webserver. nothing else
You’re really not helping yourself to get productive answers here @Ashok_Kumar.
We’re asking clarifying questions, and you’re not answering them. So we cannot help you.
Please understand that we don’t have the full picture so we cannot make further suggestions.
This is very frustrating for all of us trying to help you.
2 Likes
This topic was automatically closed after 30 days. New replies are no longer allowed.