reverseproxy.statusError 502

1. The problem I’m having:

I am trying to run a qwik app on a subdomain (new.blue-borders.ch).

The app uses fastify to serve the built app and qwick also uses post requests to communicate with the server (db queries).

The new part in the caddyfile is:

new.blue-borders.ch {
  reverse_proxy * {
    to bb_app:3000
    header_down Access-Control-Allow-Origin *
    header_down Access-Control-Allow-Methods "HEAD, GET, POST, OPTIONS"
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
    header_up X-Forwarded-Port {http.request.port}
  }
}

I also added the new app entry into the docker-compose.yml:

version: '3.7'
services:
  (...others)
  caddy:
    build:
      context: ./caddy
    container_name: bb_caddy
    depends_on:
      - db
    restart: always
    # original image downgrades user but that seems not to work
    user: root
    ports:
      - '80:80'
      - '443:443'
    env_file:
      - ./.env
    volumes:
      - ./caddy/Caddyfile:/etc/caddy/Caddyfile
      - caddy_certs:/data
      - caddy_config:/config
  app:
    build:
      context: ./app
    container_name: bb_app
    restart: always
    env_file:
      - ./.env
    expose:
      - '3000'
    ports:
      - '3000:3000'
    depends_on:
      - db
    volumes:
      - app_data:/app_data
volumes:
  app_data:
  (...others)

It seems that the app has started up and is listening:

root@172-105-69-235:~/bb# docker logs bb_app
{"level":30,"time":1688061483144,"pid":1,"hostname":"f02a63bffd37","msg":"Server listening at http://127.0.0.1:3000"}

Certs have been created for new.blue-borders.ch.

2. Error messages and/or full log output:

But it seems that caddy is having a problem with the reverse proxy:


root@172-105-69-235:~/bb# docker logs bb_caddy

{"level":"error","ts":1688063187.6974585,"logger":"http.log.error","msg":"dial tcp 172.19.0.6:3000: connect: connection refused","request":{"remote_ip":"171.244.43.14","remote_port":"53756","proto":"HTTP/1.1","method":"GET","host":"new.blue-borders.ch","uri":"/robots.txt","headers":{"Accept":["*/*"],"Accept-Encoding":["gzip, deflate"],"User-Agent":["Mozilla/5.0 (Linux; Android 13; Pixel 6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Mobile Safari/537.36"],"Accept-Language":["ja,en-US;q=0.9,en;q=0.8"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"new.blue-borders.ch"}},"duration":0.007817105,"status":502,"err_id":"efcjcr7uh","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

a. System environment:

ubuntu virtual machine using docker.

b. Command:

See docker-compose.yml

c. Service/unit/compose file:

Running docker-compose in docker. This is the whole docker-compose.yml:

version: '3.7'
services:
  db:
    container_name: bb_db
    restart: always
    image: db
    build:
      context: ./db
    env_file:
      - ./.env
    ports:
      # make the Postgres database accessible from outside the Docker container on port 5432
      - '5432:5432'
    volumes:
      - db_data:/var/lib/postgresql/data
      - sik_data:/sik_data
    # hasura needs higher max_locks_per_transaction
    command: postgres -c max_locks_per_transaction=2000
    logging:
      options:
        max-size: '10m'
        max-file: '3'
  auth:
    build:
      context: ./auth
    container_name: bb_auth
    restart: always
    env_file:
      - ./.env
    expose:
      - '7000'
    ports:
      - '7000:7000'
    depends_on:
      - db
      - graphql
  graphql:
    image: 'hasura/graphql-engine:v2.28.1'
    container_name: bb_graphql
    ports:
      - '8080:8080'
    depends_on:
      - db
    restart: always
    env_file:
      - ./.env
    command:
      - graphql-engine
      - serve
  caddy:
    build:
      context: ./caddy
    container_name: bb_caddy
    depends_on:
      - db
    restart: always
    # original image downgrades user but that seems not to work
    # see: https://caddy.community/t/basic-docker-compose-setup-failing/6892/7?u=alexander_gabriel
    user: root
    ports:
      - '80:80'
      - '443:443'
    env_file:
      - ./.env
    volumes:
      - ./caddy/Caddyfile:/etc/caddy/Caddyfile
      - caddy_certs:/data
      - caddy_config:/config
  app:
    build:
      context: ./app
    container_name: bb_app
    restart: always
    env_file:
      - ./.env
    expose:
      - '3000'
    ports:
      - '3000:3000'
    depends_on:
      - db
    volumes:
      - app_data:/app_data
volumes:
  db_data:
  caddy_certs:
  caddy_config:
  sik_data:
  app_data:

Here is the Dockerfile for caddy:

FROM caddy:latest
COPY Caddyfile /etc/caddy/Caddyfile

d. My complete Caddy config:

# https://github.com/caddyserver/caddy-docker
{
	email alex.barbalex@gmail.com
	#acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
	#debug
}

api.blue-borders.ch {
	reverse_proxy * {
		to bb_graphql:8080
		header_down Access-Control-Allow-Origin *
		header_up Host {http.request.host}
		header_up X-Real-IP {http.request.remote}
		header_up X-Forwarded-Port {http.request.port}
	}
}

auth.blue-borders.ch {
	reverse_proxy * {
		to bb_auth:7000
		header_down Access-Control-Allow-Origin *
		header_down Access-Control-Allow-Methods "HEAD, GET, POST, OPTIONS"
		header_up Host {http.request.host}
		header_up X-Real-IP {http.request.remote}
		header_up X-Forwarded-Port {http.request.port}
	}
}

new.blue-borders.ch {
  reverse_proxy * {
    to bb_app:3000
    header_down Access-Control-Allow-Origin *
    header_down Access-Control-Allow-Methods "HEAD, GET, POST, OPTIONS"
    header_up Host {http.request.host}
    header_up X-Real-IP {http.request.remote}
    header_up X-Forwarded-Port {http.request.port}
  }
}

api.mediterranean-migration.com {
	reverse_proxy * {
		to bb_graphql:8080
		header_down Access-Control-Allow-Origin *
		header_up Host {http.request.host}
		header_up X-Real-IP {http.request.remote}
		header_up X-Forwarded-Port {http.request.port}
	}
}

auth.mediterranean-migration.com {
	reverse_proxy * {
		to bb_auth:7000
		header_down Access-Control-Allow-Origin *
		header_down Access-Control-Allow-Methods "HEAD, GET, POST, OPTIONS"
		header_up Host {http.request.host}
		header_up X-Real-IP {http.request.remote}
		header_up X-Forwarded-Port {http.request.port}
	}
}

5. Links to relevant resources:

Remove these, they’re not useful. Caddy sets the appropriate proxy headers by default.

If it’s listening for 127.0.0.1 then it won’t accept connections from outside of that container itself. 127.0.0.1 (or localhost) means “this same container” when in the context of Docker. Change it to 0.0.0.0 to accept connections from anywhere.

1 Like

Wow. That was great help and it solved the issue. Thanks so much!
(I sponsored the project)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.