Hello all,
We have been loving Caddy so far, and I have no complaint here. I was just hoping to get a bit of guidance on how to go about debugging a reverse_proxy issue to a server not under our control (static HTML pages served off gitlab.io).
What I already tried:
curl http://watheia.gitlab.io/lab/hello-gitbook/
: HTTP/1.1 200 OK
Vary: Origin
Content-Length: 11295
Cache-Control: max-age=600
Content-Type: text/html; charset=utf-8
Date: Sun, 29 Nov 2020 06:14:15 GMT
Expires: Sun, 29 Nov 2020 06:24:15 UTC
curl http://hello-gitbook.watheia.dev/
RawContent : HTTP/1.1 200 OK
Vary: Origin
Content-Length: 11295
Cache-Control: max-age=600
Content-Type: text/html; charset=utf-8
Date: Sun, 29 Nov 2020 06:17:54 GMT
Expires: Sun, 29 Nov 2020 06:27:54 UTC
RawContentLength : 11295
It returns the same response due to CNAME alias in DNS records.
But if I access either from a reverse_proxy I get:
curl : The remote server returned an error: (401) Unauthorized.
At line:1 char:1
+ curl https://sfo3-dev-caddy-01.watheia.dev/
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
I think Caddy is actually working fine here…
What I believe is happening is GitLab knows if I am accessing the link directly, or if I am accessing it from reverse_proxy, and is blocking the request in the latter case. My primary motivation is to set up a wild-card route so I don’t have to manually set DNS records for each project (See comments Caddyfile for how I intended to do this EG route /group* { ... })
Links to relevant resources:
- http://hello-gitbook.watheia.dev/
- http://watheia.gitlab.io/lab/hello-gitbook/
- https://sfo3-dev-caddy-01.watheia.dev/
(these should all point to the same resource)
Caddy version (caddy version):
caddy.HomeDir=/root
caddy.AppDataDir=/root/.local/share/caddy
caddy.AppConfigDir=/root/.config/caddy
caddy.ConfigAutosavePath=/root/.config/caddy/autosave.json
caddy.Version=v2.2.1
runtime.GOOS=linux
runtime.GOARCH=amd64
runtime.Compiler=gc
runtime.NumCPU=1
runtime.GOMAXPROCS=1
runtime.Version=go1.15.2
os.Getwd=/root
This is a fresh Digitalocean Dropplet running Debian 10, and was specifically set for Caddy.
My complete Caddyfile:
This is exactly what I used for this specific test
{
# acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
email amiller@watheia.dev
debug
}
sfo3-dev-caddy-01.watheia.dev, www.watheia.dev {
reverse_proxy http://hello-gitbook.watheia.dev
# Same results as below...
#
# route /lab* {
# reverse_proxy http://watheia.gitlab.io
#}
#
# route /hello-gitbook* {
# uri strip_prefix /hello-gitbook
# reverse_proxy http://hello-gitbook.watheia.dev
# }
}
Error messages and/or full log output:
{
"level": "debug",
"ts": 1606631550.5352397,
"logger": "http.handlers.reverse_proxy",
"msg": "upstream roundtrip",
"upstream": "hello-gitbook.watheia.dev:80",
"request": {
"remote_addr": "71.85.29.147:54635",
"proto": "HTTP/2.0",
"method": "GET",
"host": "sfo3-dev-caddy-01.watheia.dev",
"uri": "/",
"headers": {
"Accept": [
"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
],
"Sec-Fetch-Mode": [
"navigate"
],
"Accept-Encoding": [
"gzip, deflate, br"
],
"If-None-Match": [
"\"qi5hix9fm\""
],
"Upgrade-Insecure-Requests": [
"1"
],
"User-Agent": [
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36"
],
"Sec-Fetch-Dest": [
"document"
],
"X-Forwarded-For": [
"71.85.29.147"
],
"Cache-Control": [
"max-age=0"
],
"Sec-Fetch-Site": [
"none"
],
"Cookie": [
"access_token=<SECRET>"
],
"Sec-Fetch-User": [
"?1"
],
"Accept-Language": [
"en-US,en;q=0.9"
],
"If-Modified-Since": [
"Tue, 13 Oct 2020 17:20:57 GMT"
],
"X-Forwarded-Proto": [
"https"
]
},
"tls": {
"resumed": false,
"version": 772,
"cipher_suite": 4865,
"proto": "h2",
"proto_mutual": true,
"server_name": "sfo3-dev-caddy-01.watheia.dev"
}
},
"duration": 0.157154469,
"headers": {
"Location": [
"https://projects.gitlab.io/auth?domain=http://sfo3-dev-caddy-01.watheia.dev&state=CiN9QLahfHy-d3L7xXN7sw=="
],
"Set-Cookie": [
"gitlab-pages=<SECRET>; Path=/; Expires=Sun, 29 Nov 2020 06:42:30 GMT; Max-Age=600; HttpOnly"
],
"Date": [
"Sun, 29 Nov 2020 06:32:30 GMT"
],
"Content-Length": [
"133"
],
"Content-Type": [
"text/html; charset=utf-8"
]
},
"status": 302
}
Is this just a lost cause (compared to the cost of manually creating DNS records), or is there anything I can do here? How would one go about figuring something like that out?
Cheers, and thank you for any input you may have!