Reverse proxy works on desktop but not on mobile

rcunningham · October 1, 2022, 11:51am

1. Output of `caddy version`:

v2.6.1 h1:EDqo59TyYWhXQnfde93Mmv4FJfYe00dO60zMiEt+pzo=

2. How I run Caddy:

a. System environment:

Ubuntu 20.04, installed via apt

b. Command:

Caddy is run as systemd service

c. Service/unit/compose file:

I have not modified the provided systemd files

d. My complete Caddy config:

{
        debug
}

(basic-auth) {
        basicauth {
                username password
        }
}

deluge.example.com {
        import basic-auth
        reverse_proxy 192.168.1.200:8112

        log {
                output file /var/log/access.log
        }
}

3. The problem I’m having:

Acessing deluge.example.com from (firefox/chrome) on my desktop and laptop is working fine as expected. The basic auth sign in form pops up and once the correct username and password are entered I can access the deluge webui.

If accessing from my mobile phone browser (firefox/chrome) I get the basic auth form again as expected. I enter the correct details, the form goes away and a few seconds later the form pops back up asking me to enter again. No matter how many times I enter the corect username and password I cannot access the deluge webui. This is the same result wether my phone is connected to the same network as the reverse proxy with WiFi or if its on its 4G mobile network.

I also tried connecting my desktop to my phones hotspot and basic auth works fine in both firefox & chrome. So it appears to be an issue with mobile phone browsers.

I also have other services that are reverse proxied and they all suffer from this issue.

4. Error messages and/or full log output:

Logs from desktop which authenticates and allows me access to the deluge webui

Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.0062397,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.200:8112","total_upstreams":1}
Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.0185022,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.200:8112","total_upstreams":1}
Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.0185022,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.200:8112","total_upstreams":1}
Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.044222,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.200:8112","total_upstreams":1}
Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.059607,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.200:8112","duration":0.053002472,"request":{"remote_ip":"195.99.37.194","remote_port":"54917","proto":"HTTP/3.0","method":"GET","host":"deluge.example.com","uri":"/render/tab_status.html","headers":{"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"X-Forwarded-For":["195.99.37.194"],"X-Forwarded-Host":["deluge.example.com"],"X-Requested-With":["XMLHttpRequest"],"Accept":["*/*"],"Sec-Fetch-Mode":["cors"],"Authorization":[],"Referer":["https://deluge.example.com/"],"Sec-Ch-Ua-Mobile":["?0"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"],"Sec-Fetch-Site":["same-origin"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua":["\"Chromium\";v=\"106\", \"Google Chrome\";v=\"106\", \"Not;A=Brand\";v=\"99\""],"Sec-Fetch-Dest":["empty"]},"tls":{"resumed":false,"version":0,"cipher_suite":0,"proto":"","server_name":""}},"headers":{"Content-Type":["text/html"],"Server":["TwistedWeb"],"Date":["Sat, 01 Oct 2022 11:26:59 GMT"],"Content-Encoding":["gzip"]},"status":200}
Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.0597513,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.200:8112","duration":0.040893733,"request":{"remote_ip":"195.99.37.194","remote_port":"54917","proto":"HTTP/3.0","method":"POST","host":"deluge.example.com","uri":"/json","headers":{"Origin":["https://deluge.example.com"],"Content-Type":["application/json"],"Sec-Fetch-Dest":["empty"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Authorization":[],"Accept":["*/*"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Mode":["cors"],"Sec-Ch-Ua":["\"Chromium\";v=\"106\", \"Google Chrome\";v=\"106\", \"Not;A=Brand\";v=\"99\""],"X-Forwarded-Host":["deluge.example.com"],"X-Forwarded-For":["195.99.37.194"],"Sec-Ch-Ua-Mobile":["?0"],"Referer":["https://deluge.example.com/"],"Sec-Fetch-Site":["same-origin"],"X-Requested-With":["XMLHttpRequest"]},"tls":{"resumed":false,"version":0,"cipher_suite":0,"proto":"","server_name":""}},"headers":{"Date":["Sat, 01 Oct 2022 11:26:59 GMT"],"Content-Type":["application/json"],"Server":["TwistedWeb"],"Content-Encoding":["gzip"]},"status":200}
Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.0667958,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.200:8112","duration":0.047645475,"request":{"remote_ip":"195.99.37.194","remote_port":"54917","proto":"HTTP/3.0","method":"POST","host":"deluge.example.com","uri":"/json","headers":{"Sec-Ch-Ua-Platform":["\"Windows\""],"Authorization":[],"X-Forwarded-Proto":["https"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Sec-Ch-Ua":["\"Chromium\";v=\"106\", \"Google Chrome\";v=\"106\", \"Not;A=Brand\";v=\"99\""],"Content-Type":["application/json"],"Sec-Fetch-Dest":["empty"],"Referer":["https://deluge.example.com/"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"],"X-Forwarded-Host":["deluge.example.com"],"Sec-Fetch-Mode":["cors"],"Sec-Fetch-Site":["same-origin"],"Sec-Ch-Ua-Mobile":["?0"],"Accept":["*/*"],"Accept-Encoding":["gzip, deflate, br"],"X-Requested-With":["XMLHttpRequest"],"Origin":["https://deluge.example.com"],"X-Forwarded-For":["195.99.37.194"]},"tls":{"resumed":false,"version":0,"cipher_suite":0,"proto":"","server_name":""}},"headers":{"Content-Encoding":["gzip"],"Date":["Sat, 01 Oct 2022 11:26:59 GMT"],"Server":["TwistedWeb"],"Content-Type":["application/json"]},"status":200}
Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.066871,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.200:8112","duration":0.022330076,"request":{"remote_ip":"195.99.37.194","remote_port":"54917","proto":"HTTP/3.0","method":"GET","host":"deluge.example.com","uri":"/images/s.gif","headers":{"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Mode":["no-cors"],"Referer":["https://deluge.example.com/"],"Authorization":[],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua":["\"Chromium\";v=\"106\", \"Google Chrome\";v=\"106\", \"Not;A=Brand\";v=\"99\""],"X-Forwarded-For":["195.99.37.194"],"X-Forwarded-Host":["deluge.example.com"],"Sec-Fetch-Site":["same-origin"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Fetch-Dest":["image"],"Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"]},"tls":{"resumed":false,"version":0,"cipher_suite":0,"proto":"","server_name":""}},"headers":{"Server":["TwistedWeb"],"Date":["Sat, 01 Oct 2022 11:26:59 GMT"],"Content-Type":["image/gif"],"Content-Length":["43"]},"status":200}
Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.0981379,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.200:8112","total_upstreams":1}
Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.105707,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.200:8112","duration":0.007158045,"request":{"remote_ip":"195.99.37.194","remote_port":"54917","proto":"HTTP/3.0","method":"GET","host":"deluge.example.com","uri":"/icons/deluge-32.png","headers":{"Sec-Ch-Ua-Platform":["\"Windows\""],"Sec-Fetch-Dest":["image"],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-Proto":["https"],"Sec-Ch-Ua-Mobile":["?0"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"Sec-Fetch-Site":["same-origin"],"Authorization":[],"Sec-Fetch-Mode":["no-cors"],"Referer":["https://deluge.example.com/"],"Sec-Ch-Ua":["\"Chromium\";v=\"106\", \"Google Chrome\";v=\"106\", \"Not;A=Brand\";v=\"99\""],"X-Forwarded-For":["195.99.37.194"],"X-Forwarded-Host":["deluge.example.com"]},"tls":{"resumed":false,"version":0,"cipher_suite":0,"proto":"","server_name":""}},"headers":{"Content-Length":["1126"],"Server":["TwistedWeb"],"Date":["Sat, 01 Oct 2022 11:26:59 GMT"],"Content-Type":["image/png"]},"status":200}
Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.122717,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.200:8112","total_upstreams":1}
Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.1306882,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.200:8112","duration":0.007557213,"request":{"remote_ip":"195.99.37.194","remote_port":"54917","proto":"HTTP/3.0","method":"POST","host":"deluge.example.com","uri":"/json","headers":{"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Authorization":[],"X-Forwarded-Host":["deluge.example.com"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"],"Referer":["https://deluge.example.com/"],"X-Requested-With":["XMLHttpRequest"],"Sec-Fetch-Site":["same-origin"],"Content-Type":["application/json"],"Sec-Ch-Ua":["\"Chromium\";v=\"106\", \"Google Chrome\";v=\"106\", \"Not;A=Brand\";v=\"99\""],"Origin":["https://deluge.example.com"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Mode":["cors"],"Accept":["*/*"],"Sec-Fetch-Dest":["empty"],"Sec-Ch-Ua-Mobile":["?0"],"X-Forwarded-For":["195.99.37.194"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":0,"cipher_suite":0,"proto":"","server_name":""}},"headers":{"Server":["TwistedWeb"],"Date":["Sat, 01 Oct 2022 11:26:59 GMT"],"Content-Type":["application/json"],"Content-Encoding":["gzip"]},"status":200}
Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.1770716,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.200:8112","total_upstreams":1}
Oct 01 11:26:59 ubuntu caddy[1189]: {"level":"debug","ts":1664623619.1838822,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.200:8112","duration":0.006200177,"request":{"remote_ip":"195.99.37.194","remote_port":"54917","proto":"HTTP/3.0","method":"GET","host":"deluge.example.com","uri":"/icons/login.png","headers":{"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"X-Forwarded-Host":["deluge.example.com"],"Referer":["https://deluge.example.com/css/deluge.css"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Dest":["image"],"Sec-Ch-Ua-Mobile":["?0"],"Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"X-Forwarded-For":["195.99.37.194"],"X-Forwarded-Proto":["https"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Site":["same-origin"],"Authorization":[],"Sec-Ch-Ua":["\"Chromium\";v=\"106\", \"Google Chrome\";v=\"106\", \"Not;A=Brand\";v=\"99\""]},"tls":{"resumed":false,"version":0,"cipher_suite":0,"proto":"","server_name":""}},"headers":{"Content-Length":["469"],"Server":["TwistedWeb"],"Date":["Sat, 01 Oct 2022 11:26:59 GMT"],"Content-Type":["image/png"]},"status":200}

Logs from mobile which does not authenticate

Oct 01 11:42:43 ubuntu caddy[1189]: {"level":"debug","ts":1664624563.3588946,"logger":"http.log.error","msg":"not authenticated","request":{"remote_ip":"82.132.228.248","remote_port":"24234","proto":"HTTP/3.0","method":"GET","host":"deluge.example.com","uri":"/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Ch-Ua":["\"Chromium\";v=\"106\", \"Google Chrome\";v=\"106\", \"Not;A=Brand\";v=\"99\""],"Sec-Ch-Ua-Platform":["\"Android\""],"Accept-Encoding":["gzip, deflate, br"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; ONEPLUS A6003) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua-Mobile":["?1"]},"tls":{"resumed":false,"version":0,"cipher_suite":0,"proto":"","server_name":""}},"duration":0.000146927,"status":401,"err_id":"d1si6nhgq","err_trace":"caddyauth.Authentication.ServeHTTP (caddyauth.go:88)"}
Oct 01 11:42:50 ubuntu caddy[1189]: {"level":"debug","ts":1664624570.0178053,"logger":"http.log.error","msg":"not authenticated","request":{"remote_ip":"82.132.228.248","remote_port":"24234","proto":"HTTP/3.0","method":"GET","host":"deluge.example.com","uri":"/","headers":{"Authorization":[],"Sec-Ch-Ua-Platform":["\"Android\""],"User-Agent":["Mozilla/5.0 (Linux; Android 11; ONEPLUS A6003) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-GB,en-US;q=0.9,en;q=0.8"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua":["\"Chromium\";v=\"106\", \"Google Chrome\";v=\"106\", \"Not;A=Brand\";v=\"99\""],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua-Mobile":["?1"],"Accept-Encoding":["gzip, deflate, br"]},"tls":{"resumed":false,"version":0,"cipher_suite":0,"proto":"","server_name":""}},"duration":0.000245053,"status":401,"err_id":"9c7i0nkb2","err_trace":"caddyauth.Authentication.ServeHTTP (caddyauth.go:88)"}

emilylange · October 1, 2022, 8:45pm

Hi,

could you please add the docs/caddyfile/options#log-credentials option to your Caddyfile like so:

{
	debug
	servers {
		log_credentials
	}
}

And then check whether you can see the same Authorization (request.headers.Authorization) header value in your logs across mobile and desktop?

Also, just as a sanity check to be sure deluge (and your other services?) don’t mess with that header when on mobile or whatever, could you try adding another server block that just uses a dummy respond instead of reverse_proxy:

test.example.com {
	import basic-auth
	respond "authorized :)"
}

And see if the issue persists for that server block too?
And try a private/incognito tab too, maybe?

rcunningham · October 2, 2022, 9:01pm

Thanks for the suggestions. I tried seemingly everything. I was also having trouble with my DDNS being flaky and I think I hit some rate limits with certificate generation. In the end the issue was very embarassing. I have a very long username which is stored in my phones keyboard and would autofill but add an extra whitespace character at the end. I guess the basic auth stuff doesn’t do any modifications to the input like trim trailing whitespace.

Anyway, after fixing the username issue in my phones keyboard I can now access all my sites and reverse proxies securely with basic auth over https from any device. First time using caddy and loving how everything just works.

francislavoie · October 2, 2022, 9:24pm

Hah! I’ve had that problem happen before. Silly mobile keyboards inserting spaces…

Glad you figured it out!

system · October 31, 2022, 11:51am

This topic was automatically closed after 30 days. New replies are no longer allowed.