Reverse proxy not rerouting

Niesyto · March 23, 2022, 2:14pm

1. Caddy version (`caddy version`):

v2.4.6 h1:HGkGICFGvyrodcqOOclHKfvJC0qTU7vny/7FhYp9hNw=

2. How I run Caddy:

a. System environment:

Windows 8, running it from powerShell, installed with choco

b. Command:

caddy run

c. Service/unit/compose file:

I think it's not relevant here?

d. My complete Caddyfile or JSON config:

{
	"apps": {
		"http": {
			"servers": {
				"example": {
					"listen": [
						"127.0.0.1:2137"
					],
					"routes": [
						{
							"handle": [
								{
									"handler": "reverse_proxy",
									"load_balancing": {
										"selection_policy": {
											"policy": "round_robin"
										}
									},
									"upstreams": [
										{
											"dial": "127.0.0.1:8444"
										},
										{
											"dial": "127.0.0.1:8445"
										}
									]
								}
							]
						}
					]
				}
			}
		}
	}
}

3. The problem I’m having:

I would expect it to proxy all request sent to localhost:2137 to either 8444 or 8445, but that’s not really happening. I’m running my backend on those ports, so I should receive some data, even if request is unauthorized.
If that helps, I’m not sending requests to just localhost:8444, but for example localhost:8444/authenticate
Tried with browser, postman and curl

curl -X POST https://localhost:8444/authenticate/debug -k

This works, (or just throws some error)
So I would expect that this:

 curl -X POST http://localhost:2137/authenticate/debug -k

or this

curl -X POST https://localhost:2137/authenticate/debug -k

Would work too

4. Error messages and/or full log output:

If I request for https I get

curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

But http returns nothing.

Here’s caddy output

2022/03/23 14:04:21.255 ←[34mINFO←[0m   admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2022/03/23 14:04:21.255 ←[34mINFO←[0m   serving initial configuration
2022/03/23 14:04:30.607 ←[34mINFO←[0m   admin.api       received request        {"method": "POST", "host": "localhost:2019", "uri": "/load", "remote_addr": "127.0.0.1:55108", "headers": {"Accept":["*/*"],"Content-Length":["492"],"Content-Type":["application/json"],"User-Agent":["curl/7.70.0"]}}
2022/03/23 14:04:30.608 ←[34mINFO←[0m   admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["[::1]:2019", "127.0.0.1:2019", "localhost:2019"]}
2022/03/23 14:04:30.608 ←[34mINFO←[0m   tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00016fc70"}
2022/03/23 14:04:30.608 ←[34mINFO←[0m   tls     cleaning storage unit   {"description": "FileStorage:C:\\Users\\Jarek\\AppData\\Roaming\\Caddy"}
2022/03/23 14:04:30.609 ←[34mINFO←[0m   autosaved config (load with --resume flag)      {"file": "C:\\Users\\Jarek\\AppData\\Roaming\\Caddy\\autosave.json"}
2022/03/23 14:04:30.613 ←[34mINFO←[0m   admin.api       load complete
2022/03/23 14:04:30.612 ←[34mINFO←[0m   tls     finished cleaning storage units
2022/03/23 14:04:30.623 ←[34mINFO←[0m   admin   stopped previous server {"address": "tcp/localhost:2019"}
2022/03/23 14:04:39.536 ←[31mERROR←[0m  http.log.error  EOF     {"request": {"remote_addr": "127.0.0.1:55614", "proto": "HTTP/1.1", "method": "POST", "host": "localhost:2137", "uri": "/authenticate/debug", "headers": {"Accept": ["*/*"], "User-Agent": ["curl/7.70.0"]}}, "duration": 0.0013792, "status": 502, "err_id": "mu4jgvkdq", "err_trace": "reverseproxy.statusError (reverseproxy.go:886)"}

5. What I already tried:

Switching up addresses in config. Tried 127.0.0.1, localhost, http://localhost, https://localhost
None of those really helped.

I’m new to Caddy, don’t know that much about networing, and docs for JSON configs are kind of hard to understand (at least for someone who installed caddy 3 hours ago).

I would go with Caddyfile, but I’ve been told that I will have to create my own .go plugin later on (upstream selection based on decoded token + some basic math), and based on this source: https://caddyserver.com/docs/getting-started it seems that it would be easier to do with JSON

Niesyto · March 23, 2022, 2:50pm

Adding this to handler:

	"transport": {
										"protocol": "http",
										"tls": {
											"insecure_skip_verify": true
										}
									},

Helped, but only this works, https is still broken
curl -X POST http://localhost:2137/authenticate/debug -k

francislavoie · March 23, 2022, 2:52pm

FYI, this will cause Caddy to bind to 127.0.0.1:2137, so only requests coming from the same machine will reach Caddy, no requests from outside your network.

Are your servers on port 8444 and 8445 listening for HTTPS requests, or HTTP?

By default, reverse_proxy will try to connect over HTTP (no TLS) unless you configure it to do so via the tls transport option as I see you’ve tried.

With your current config, Caddy wouldn’t turn on Automatic HTTPS for your server, because you didn’t use a host matcher with a domain that would make it do so. So it’ll only be listening for HTTP requests.

Set the default logger’s level to DEBUG to get more detailed logs about what the proxy is doing.

You definitely should start with the Caddyfile, you’ll have a much easier time to get started. You can always adapt your Caddyfile to JSON by running caddy adapt later to get the underlying JSON config, then work ahead from there.

But if you later need write a plugin, you can still use the Caddyfile, there’s no problem there. You’d just need to write a little bit more code to parse the Caddyfile config for your plugin: Caddyfile Support — Caddy Documentation

system · April 22, 2022, 2:15pm

This topic was automatically closed after 30 days. New replies are no longer allowed.