1. Caddy version (caddy version
):
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=
2. How I run Caddy:
Using docker image here lucaslorentz/caddy-docker-proxy:ci-alpine
c. Service/unit/compose file:
version: "3.7"
services:
caddy:
image: lucaslorentz/caddy-docker-proxy:ci-alpine
ports:
- 80:80
- 443:443
networks:
- caddy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./Caddyfile:/Caddyfile
- caddy_data:/data
- /root/sites:/sites
restart: unless-stopped
environment:
CADDY_DOCKER_CADDYFILE_PATH: "/Caddyfile"
networks:
caddy:
external: true
volumes:
caddy_data: {}
d. My complete Caddyfile or JSON config:
the relevant lines for the server I have trouble with: nginx.conf · GitHub
3. The problem I’m having:
I want to proxy from caddy to nginx server here nginx.conf · GitHub (also running inside docker).
When I issue: docker exec caddy_caddy_1 curl http://sovazlutice:8001/static/central/js/custom.js
, that is internally talking to the nginx service of sovazlutice
from within caddy container, I get the expected result.
But when I try to go through caddy (with TLS): curl https://sovazlutice.eu/http://sovazlutice:8001/static/central/js/custom.js -v
, I only get empty results with 200:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 162.55.58.53:443...
* TCP_NODELAY set
* Connected to sovazlutice.eu (162.55.58.53) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2263 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=sovazlutice.eu
* start date: Apr 20 05:56:40 2021 GMT
* expire date: Jul 19 05:56:40 2021 GMT
* subjectAltName: host "sovazlutice.eu" matched cert's "sovazlutice.eu"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x5618d0282600)
} [5 bytes data]
> GET /blog/ HTTP/2
> Host: sovazlutice.eu
> user-agent: curl/7.67.0
> accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [130 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
} [5 bytes data]
< HTTP/2 200
< server: Caddy
< content-length: 0
< date: Tue, 20 Apr 2021 09:25:53 GMT
<
{ [0 bytes data]
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Connection #0 to host sovazlutice.eu left intact
what’s striking is that when I do the request to the root, I get through just fine https://sovazlutice.eu/ , but that’s the only address that hits nginx.
4. Error messages and/or full log output:
Nothing in the logs actually :-/
5. What I already tried:
Various changes in the nginx configuration, as I suspect the problem is somehow there, but I cannot figure out what/how and it only demonstrates when trying to go through caddy :-/ .
It seems that requests through caddy just don’t make it to the nginx server at all except when asking for root (which you can validate yourself). Everything else is ignored when going through caddy (according to the access log on nginx)