Reverse proxy not working as expected. 1

TOG_WAS_HERE · July 11, 2023, 7:53pm

1. The problem I’m having:

Currently, the reverse proxy appears to be working, however when I put in the address. All I get is a white screen, no content. No errors.

Currently, it is just designed to push this: https://hellmanx.ddns.net/homeassistant to my home assistant server.

2. Error messages and/or full log output:

curl https://hellmanx.ddns.net/homeassistnat -vL
* Expire in 0 ms for 6 (transfer 0xb2b950)
* Expire in 1 ms for 1 (transfer 0xb2b950)
* Expire in 0 ms for 1 (transfer 0xb2b950)
* Expire in 1 ms for 1 (transfer 0xb2b950)
* Expire in 0 ms for 1 (transfer 0xb2b950)
* Expire in 0 ms for 1 (transfer 0xb2b950)
* Expire in 2 ms for 1 (transfer 0xb2b950)
* Expire in 0 ms for 1 (transfer 0xb2b950)
* Expire in 0 ms for 1 (transfer 0xb2b950)
* Expire in 2 ms for 1 (transfer 0xb2b950)
* Expire in 0 ms for 1 (transfer 0xb2b950)
* Expire in 0 ms for 1 (transfer 0xb2b950)
* Expire in 2 ms for 1 (transfer 0xb2b950)
* Expire in 0 ms for 1 (transfer 0xb2b950)
* Expire in 0 ms for 1 (transfer 0xb2b950)
* Expire in 2 ms for 1 (transfer 0xb2b950)
* Expire in 1 ms for 1 (transfer 0xb2b950)
* Expire in 1 ms for 1 (transfer 0xb2b950)
* Expire in 2 ms for 1 (transfer 0xb2b950)
* Expire in 1 ms for 1 (transfer 0xb2b950)
* Expire in 1 ms for 1 (transfer 0xb2b950)
* Expire in 4 ms for 1 (transfer 0xb2b950)
* Expire in 2 ms for 1 (transfer 0xb2b950)
* Expire in 2 ms for 1 (transfer 0xb2b950)
* Expire in 4 ms for 1 (transfer 0xb2b950)
* Expire in 2 ms for 1 (transfer 0xb2b950)
* Expire in 2 ms for 1 (transfer 0xb2b950)
* Expire in 3 ms for 1 (transfer 0xb2b950)
*   Trying 73.214.218.190...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0xb2b950)
* Connected to hellmanx.ddns.net (73.214.218.190) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=hellmanx.ddns.net
*  start date: Jul 11 18:20:06 2023 GMT
*  expire date: Oct  9 18:20:05 2023 GMT
*  subjectAltName: host "hellmanx.ddns.net" matched cert's "hellmanx.ddns.net"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xb2b950)
> GET /homeassistnat HTTP/2
> Host: hellmanx.ddns.net
> User-Agent: curl/7.64.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 200
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< content-length: 0
< date: Tue, 11 Jul 2023 19:37:45 GMT
<
* Connection #0 to host hellmanx.ddns.net left intact

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

Installed using Caddy App Templates on Portainer.io.

a. System environment:

Raspberry Pi4 | Debian 10.
Portainer

b. Command:

CMD, according to portainer:

caddy run --config /etc/caddy/Caddyfile --adapter caddyfile

c. Service/unit/compose file:

ID: f5ab609b7a929a1b6594465a04a70985f796693b5e1a4cc3fa406ae8eaac65a2
Image: caddy:latest@sha256:39597db44e2e53317349a9e42e7719ea893dd04e623b644d70f2b31f630366da

d. My complete Caddy config:

hellmanx.ddns.net:443 {

        handle_path /homeassistant/* {
		reverse_proxy https://10.0.0.13:8123
	}
}

5. Links to relevant resources:

francislavoie · July 11, 2023, 10:49pm

The matcher /homeassistant/* doesn’t match /homeassistant because there’s no trailing slash. Try /homeassistant* instead.

TOG_WAS_HERE · July 12, 2023, 12:09am

That’ll cause a 502 error.

This is what the dockers log shows when that 502 error happens:

2023-07-12T00:05:55.994970520Z ERR ts=1689120355.994555 logger=http.log.error msg=tls: first record does not look like a TLS handshake request={“remote_ip”:“174.203.106.15”,“remote_port”:“6973”,“proto”:“HTTP/2.0”,“method”:“GET”,“host”:“hellmanx.ddns.net”,“uri”:“/homeassistant”,“headers”:{“Sec-Ch-Ua-Mobile”:[“?1”],“Sec-Fetch-Site”:[“none”],“Sec-Fetch-Dest”:[“document”],“Accept-Language”:[“en-US,en;q=0.9”],“Cache-Control”:[“max-age=0”],“Sec-Ch-Ua”:[“"Not.A/Brand";v="8", "Chromium";v="114", "Google Chrome";v="114"”],“User-Agent”:[“Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Mobile Safari/537.36”],“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7”],“Sec-Fetch-Mode”:[“navigate”],“Sec-Fetch-User”:[“?1”],“Accept-Encoding”:[“gzip, deflate, br”],“Sec-Ch-Ua-Platform”:[“"Android"”],“Upgrade-Insecure-Requests”:[“1”]},“tls”:{“resumed”:false,“version”:772,“cipher_suite”:4867,“proto”:“h2”,“server_name”:“hellmanx.ddns.net”}} duration=0.019860413 status=502 err_id=v2n5jew57 err_trace=reverseproxy.statusError (reverseproxy.go:1299)

francislavoie · July 12, 2023, 12:42am

You configured your proxy with https://. Are you sure it’s an HTTPS upstream? Remove that if it’s an HTTP upstream.

TOG_WAS_HERE · July 12, 2023, 12:47am

Hmm, good point. Looks like It’s just using HTTP, could’ve sworn it was HTTPs.

There’s an error on the browser now: 400: Bad Request

Portainer doesn’t seem to be throwing any errors in the live log when I get the 400 error.

francislavoie · July 12, 2023, 7:40pm

That’s coming from your app, not Caddy. Either way, nothing we can do to help without more details.

TOG_WAS_HERE · July 12, 2023, 11:21pm

I was actually able to get closer to a solution with this config:

{
  debug
}

hellmanx.ddns.net:443 {
        handle_path /homeassistant* {
		reverse_proxy http://10.0.0.13:8123
	}
}

But I was only able to get a picture of the Home Assistant logo, nothing else.

I also learned that Home Assistant has some type of reverse proxy whitelist too, so I may have to ask that community about why I’m only getting a Home Assistant logo and no login afterwards.

francislavoie · July 13, 2023, 4:13am

See this article:

Running services under subpaths often won’t work. You can use a subdomain instead like home.hellmanx.ddns.net.

TOG_WAS_HERE · July 13, 2023, 8:12pm

Yeah, I learned that Home Assistant does not work with subfolders.

I got it to work now.

system · August 12, 2023, 8:12pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.