Reverse Proxy Help

imome9a · August 12, 2022, 3:55am

Thank you all for any and all support on this. Im a Caddy novice at best but looking to learn!

1. Output of `caddy version`:

It’s Docker. Running 2.5.2-alpine

2. How I run Caddy:

I run Caddy inside Docker which runs inside an Ubuntu virtual machine on an ESXi host. I use Caddy as a reverse proxy for Pnetlab which is a network emulator much like Eve-Ng or GNS3

a. System environment:

Ubuntu Server 20.04.3 vm running Docker 20.10.12

b. Command:

N/A (Dockerized)

c. Service/unit/compose file:

services:
  app:
    image: caddy:2.5.2-alpine
    restart: unless-stopped
    container_name: caddy
    ports:
      - 80:80
      - 443:443
      - 443:443/udp
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./data:/data
      - ./config:/config

d. My complete Caddy config:

labs.ome9a.net {
        reverse_proxy 10.8.200.213:80 {
        }
}

3. The problem I’m having:

Navigating to my url worked one time ( I was presented with the logon screen and was able to logon. Repeated attempts now only show a blank redirected screen. The browser tab still shows proper website info but the page content is otherwise blank.

4. Error messages and/or full log output:

Navigating to https://labs.ome9a.net redirects to:

https://labs.ome9a.net/store/public/auth/login/offline?link=http%3A%2F%2Flabs.ome9a.net%2Fstore%2Fpublic%2Fadmin%2Fmain%2Fview&error=&success=

and the page is blank.

5. What I already tried:

Ive come to understand that there is possibly a buffer issue and similar network emulator services positioned behind a reverse proxy had suggested disabling buffering. I had tried updating my Caddyfile to reflect the following:

labs.ome9a.net {
        reverse_proxy 10.8.200.213:80 {
            flush_interval -1
        }
}

but this didnt help after restarting my container

6. Links to relevant resources:

imome9a · August 12, 2022, 4:28am

Oddly enough I can get the URL to load correctly and present the login screen when using Firefox Focus (on my mobile device). Ive tried all other browsers from different desktop and laptop computers. Even standard Firefox or Chrome on my mobile doesn’t load the website.

imome9a · August 12, 2022, 4:46am

Logging out from Caddy while trying to navigate (via desktop PC using Firefox to the proxied URL: https://labs.ome9a.net


{"level":"info","ts":1660279489.668534,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"132.2.85.119","remote_port":"58262","proto":"HTTP/1.1","method":"GET","host":"labs.ome9a.net","uri":"/store/public/auth/login/offline?link=http%3A%2F%2Flabs.ome9a.net%2Fstore%2Fpublic%2Fadmin%2Fmain%2Fview&error=&success=","headers":{"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":[],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"],"Connection":["keep-alive"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false,"version":771,"cipher_suite":49195,"proto":"","server_name":"labs.ome9a.net"}},"user_id":"","duration":0.06474928,"size":1449,"status":200,"resp_headers":{"Server":["Caddy","Apache/2.4.29 (Ubuntu)"],"Access-Control-Allow-Headers":["*"],"Content-Length":["1449"],"Date":["Fri, 12 Aug 2022 04:44:49 GMT"],"Cache-Control":["no-cache, private"],"Set-Cookie":[],"Vary":["Accept-Encoding"],"Content-Type":["text/html; charset=UTF-8"],"Access-Control-Allow-Origin":["*"],"Content-Encoding":["gzip"]}}

imome9a · August 12, 2022, 4:52am

Caddy logging output from a working session from my working Firefox Focus mobile app:

tail output (too much output to post entirety)…

{"level":"info","ts":1660279736.0479946,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"174.207.166.10","remote_port":"11202","proto":"HTTP/2.0","method":"GET","host":"labs.ome9a.net","uri":"/","headers":{"Sec-Fetch-Site":["cross-site"],"Accept-Language":["en-US"],"Accept-Encoding":["gzip, deflate, br"],"Dnt":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (Android 12; Mobile; rv:103.0) Gecko/103.0 Firefox/103.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Upgrade-Insecure-Requests":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"labs.ome9a.net"}},"user_id":"","duration":0.046235106,"size":360,"status":301,"resp_headers":{"Set-Cookie":[],"Content-Length":["360"],"Access-Control-Allow-Headers":["*"],"Content-Type":["text/html; charset=UTF-8"],"Access-Control-Allow-Origin":["*"],"Server":["Caddy","Apache/2.4.29 (Ubuntu)"],"Date":["Fri, 12 Aug 2022 04:48:56 GMT"],"Location":["/store/public/admin/main/view"]}}
{"level":"info","ts":1660279736.19948,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"174.207.166.10","remote_port":"11202","proto":"HTTP/2.0","method":"GET","host":"labs.ome9a.net","uri":"/store/public/admin/main/view","headers":{"Accept-Language":["en-US"],"Dnt":["1"],"Cookie":[],"Sec-Fetch-Dest":["document"],"Te":["trailers"],"Sec-Fetch-Site":["cross-site"],"User-Agent":["Mozilla/5.0 (Android 12; Mobile; rv:103.0) Gecko/103.0 Firefox/103.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"labs.ome9a.net"}},"user_id":"","duration":0.051576194,"size":788,"status":302,"resp_headers":{"Cache-Control":["no-cache, private"],"Content-Type":["text/html; charset=UTF-8"],"Access-Control-Allow-Origin":["*"],"Access-Control-Allow-Headers":["*"],"Content-Length":["788"],"Server":["Caddy","Apache/2.4.29 (Ubuntu)"],"Date":["Fri, 12 Aug 2022 04:48:56 GMT"],"Location":["http://labs.ome9a.net/store/public/auth/login/manager?error=&link=http%3A%2F%2Flabs.ome9a.net%2Fstore%2Fpublic%2Fadmin%2Fmain%2Fview"],"Set-Cookie":[]}}
{"level":"info","ts":1660279741.857044,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"174.207.166.10","remote_port":"11202","proto":"HTTP/2.0","method":"POST","host":"labs.ome9a.net","uri":"/captcha","headers":{"Content-Length":["22"],"Referer":["https://labs.ome9a.net/store/public/auth/login/offline?link=http%3A%2F%2Flabs.ome9a.net%2Fstore%2Fpublic%2Fadmin%2Fmain%2Fview&error=&success="],"Cookie":[],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["same-origin"],"Content-Type":["application/json;charset=utf-8"],"Dnt":["1"],"Accept-Language":["en-US"],"Accept-Encoding":["gzip, deflate, br"],"X-Xsrf-Token":["eyJpdiI6IldYSWlsZWcyVklvc0xZeGdaMFQ3Qmc9PSIsInZhbHVlIjoieXplcWxCN2J3OE9WeGpIYVllT2lOSE1VTDRMNytmUkF3ZW1tUWFObTQyYzJaVmh5cFhjR3lkdDdIWjM0MDlqRyIsIm1hYyI6IjViMjgzYmIwMjVhZTJkZjk4Nzc1ODFmZGQxZWQxZWUzMGU5NzczN2JiODFlNDEyOTVlNGNlODU2Y2JhMGRhM2EifQ=="],"Origin":["https://labs.ome9a.net"],"User-Agent":["Mozilla/5.0 (Android 12; Mobile; rv:103.0) Gecko/103.0 Firefox/103.0"],"Accept":["application/json, text/plain, */*"],"Sec-Fetch-Dest":["empty"],"Te":["trailers"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"labs.ome9a.net"}},"user_id":"","duration":0.055238556,"size":3974,"status":202,"resp_headers":{"Server":["Caddy","Apache/2.4.29 (Ubuntu)"],"Date":["Fri, 12 Aug 2022 04:49:01 GMT"],"Access-Control-Allow-Headers":["*"],"Set-Cookie":[],"Content-Length":["3974"],"Content-Type":["application/json"],"Access-Control-Allow-Origin":["*"],"Cache-Control":["no-cache, private"]}}

imome9a · August 12, 2022, 5:21am

Looks like my Firefox Focus mobile app negotiates http/2.0 while others use http/1.1… tried the following but no luck:

labs.ome9a.net { 
        tls {
          alpn h2
        }
        reverse_proxy 10.8.200.213:80 {
          flush_interval -1
          transport http {
            versions 2
          }
        }
        log
}

francislavoie · August 12, 2022, 3:55pm

It looks like the problem is that the app is trying to load some resources over HTTP instead of HTTPS, which fails.

You don’t need to play with the reverse_proxy configuration at all, I think, this is a problem with your upstream app not using the correct scheme for resources it’s serving.

Open the Network tab in your browser (right-click anywhere, Inspect, Network tab, reload the page), you’ll notice that most of the resources (JS/CSS) fail to load because they try to load http:// on an https:// page. If you do View Page Source, you’ll see that there’s a bunch of <link rel="stylesheet" href="http://labs.ome9a.net, which have an incorrect scheme.

You config should probably just look like this:

labs.ome9a.net {
	reverse_proxy 10.8.200.213:80
	log
}

imome9a · August 12, 2022, 4:01pm

Thank you sir. How do we account for the proxied app working when using a mobile web browser? Id assume if the issue was the upstream app just not using the right scheme then the mobile web browser would have failed too?

system · September 11, 2022, 3:56am

This topic was automatically closed after 30 days. New replies are no longer allowed.