Running Caddy alongside an existing web site

Help
21

Everything that’s relevant.

22

/etc/apache2/ports.conf

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 8081

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Caddyfile

www.MainSite.com {
  #encode gzip
 # Notifications redirected to the websockets server
  reverse_proxy 127.0.0.1:8081
  }

stg.MainSite.com {
  #encode gzip
 # Notifications redirected to the websockets server
  reverse_proxy 127.0.0.1:8086
}

/etc/apache2/sites-enabled/wordpress.conf

<Directory /var/www/wordpress/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
<VirtualHost *:8081>
    ServerName www.mainsite.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/wordpress/
    ErrorLog /var/log/apache2/wordpress/error.log
    CustomLog /var/log/apache2/wordpress/access.log combined
    <files xmlrpc.php>
    order allow,deny
    deny from all
    </files>
RewriteEngine on
RewriteCond %{SERVER_NAME} =256.256.205.256 [OR]
RewriteCond %{SERVER_NAME} =l*
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
23

You can probably remove or comment these out.

This seems like what would be triggering the infinite redirects. Remove or comment this out. Caddy does its own HTTP->HTTPS redirects, so you don’t need Apache to do them as well.

This comment does not seem relevant, you should probably remove it to avoid confusion.

1 Like
24

ok, thanks! will try and report back.

25

wordpress.conf

<Directory /var/www/wordpress/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
<VirtualHost *:8081>
    ServerName www.mainsite
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/wordpress/
    ErrorLog /var/log/apache2/wordpress/error.log
    CustomLog /var/log/apache2/wordpress/access.log combined
    <files xmlrpc.php>
    order allow,deny
    deny from all
    </files>
#RewriteEngine on
#RewriteCond %{SERVER_NAME} =* [OR]
#RewriteCond %{SERVER_NAME} =*
#RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

ERR_TOO_MANY_REDIRECTS

did everything you suggested, that’s what i get.

26

What are in Caddy’s logs? Turn on the debug global option to see additional details. Put this at the top of your Caddyfile:

{
	debug
}
27

so i add that to the caddy file and where can I see the logs?

28

journalctl -u caddy --no-pager | less

29

ran that after shutting down caddy and returning to normal says no entries.

30

Sorry missed you were on docker.

docker-compose logs caddy

31

ok that’s a giant file, what do i need from it exactly?

32

You can do docker-compose logs caddy | less then hit Shift+G to jump to the end of the logs.

Run a request, open the logs, jump to the bottom, and copy what was output from that request.

33 
],"X-Redirect-By":["WordPress"]},"status":302}
ESC[36mcaddy    |ESC[0m {"level":"debug","ts":1629819418.4368558,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:8081","request":{"remote_addr":"MyIP","proto":"HTTP/2.0","method":"GET","host":"www.MainSite.com","uri":"/wp-admin/admin.php?page=WordfenceWAF","headers":{"Accept-Language":["en-US,en;q=0.9,he;q=0.8"],"X-Forwarded-For":["MyIP"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua-Mobile":["?0"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"92\""],"Accept-Encoding":["gzip, deflate, br"],"X-Forwarded-Proto":["https"],"Dnt":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Cache-Control":["max-age=0"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36"],"Cookie":["wordpress_sec_c3722028744c5703c5622c21771d7db9=first+last%7C1631013464%7CZ81fh6wlRIKsWu5T6SFr6rGkPHA7sMEoI5hRcIlaw2D%7Cf3a677eedd2fa14d63a0204ebf7f5686cd1b75f04f75e498e1b2a1a1da43f474; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_c3722028744c5703c5622c21771d7db9=Michael+Sharvit%7C1631013464%7CZ81fh6wlRIKsWu5T6SFr6rGkPHA7sMEoI5hRcIlaw2D%7C1208ca8f1718f93ba19187a3f86e2ceaeeeba1f4579a3af53bcc495fc7a923de; wfwaf-authcookie-1a65aa3deeccb42607125e6c92b1975e=28%7Cadministrator%7Cmanage_options%2Cunfiltered_html%2Cedit_others_posts%2Cupload_files%2Cpublish_posts%2Cedit_posts%2Cread%7C9fece37449276107bca52ef376a4e8a49b841e3b841f7573ee1bb204c5fcdded; wp-settings-time-28=1629818914"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"www.MainSite.com"}},"headers":{"Content-Length":["0"],"Content-Type":["text/html; charset=UTF-8"],"Date":["Tue, 24 Aug 2021 15:36:58 GMT"],"Server":["Apache/2.4.38 (Debian)"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"],"Cache-Control":["no-cache, must-revalidate, max-age=0"],"X-Redirect-By":["WordPress"],"Location":["https://www.MainSite.com/wp-admin/admin.php?page=WordfenceWAF"]},"status":302}
ESC[36mcaddy    |ESC[0m {"level":"debug","ts":1629819418.6358159,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:8081","request":{"remote_addr":"MyIP","proto":"HTTP/2.0","method":"GET","host":"www.MainSite.com","uri":"/wp-admin/admin.php?page=WordfenceWAF","headers":{"Sec-Fetch-Site":["none"],"Sec-Fetch-Dest":["document"],"Cookie":["wordpress_sec_c3722028744c5703c5622c21771d7db9=Michael+Sharvit%7C1631013464%7CZ81fh6wlRIKsWu5T6SFr6rGkPHA7sMEoI5hRcIlaw2D%7Cf3a677eedd2fa14d63a0204ebf7f5686cd1b75f04f75e498e1b2a1a1da43f474; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_c3722028744c5703c5622c21771d7db9=Michael+Sharvit%7C1631013464%7CZ81fh6wlRIKsWu5T6SFr6rGkPHA7sMEoI5hRcIlaw2D%7C1208ca8f1718f93ba19187a3f86e2ceaeeeba1f4579a3af53bcc495fc7a923de; wfwaf-authcookie-1a65aa3deeccb42607125e6c92b1975e=28%7Cadministrator%7Cmanage_options%2Cunfiltered_html%2Cedit_others_posts%2Cupload_files%2Cpublish_posts%2Cedit_posts%2Cread%7C9fece37449276107bca52ef376a4e8a49b841e3b841f7573ee1bb204c5fcdded; wp-settings-time-28=1629818914"],"X-Forwarded-For":["MyIP"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"92\""],"Accept-Encoding":["gzip, deflate, br"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-User":["?1"],"Sec-Ch-Ua-Mobile":["?0"],"Dnt":["1"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36"],"Sec-Fetch-Mode":["navigate"],"Accept-Language":["en-US,en;q=0.9,he;q=0.8"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"www.MainSite.com"}},"headers":{"X-Redirect-By":["WordPress"],"Location":["https://www.MainSite.com/wp-admin/admin.php?page=WordfenceWAF"],"Content-Length":["0"],"Content-Type":["text/html; charset=UTF-8"],"Date":["Tue, 24 Aug 2021 15:36:58 GMT"],"Server":["Apache/2.4.38 (Debian)"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"],"Cache-Control":["no-cache, must-revalidate, max-age=0"]},"status":302}
ESC[36mcaddy    |ESC[0m {"level":"debug","ts":1629819418.8417907,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"127.0.0.1:8081","request":{"remote_addr":"MyIP","proto":"HTTP/2.0","method":"GET","host":"www.MainSite.com","uri":"/wp-admin/admin.php?page=WordfenceWAF","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-User":["?1"],"Cache-Control":["max-age=0"],"Dnt":["1"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["wordpress_sec_c3722028744c5703c5622c21771d7db9=Michael+Sharvit%7C1631013464%7CZ81fh6wlRIKsWu5T6SFr6rGkPHA7sMEoI5hRcIlaw2D%7Cf3a677eedd2fa14d63a0204ebf7f5686cd1b75f04f75e498e1b2a1a1da43f474; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_c3722028744c5703c5622c21771d7db9=Michael+Sharvit%7C1631013464%7CZ81fh6wlRIKsWu5T6SFr6rGkPHA7sMEoI5hRcIlaw2D%7C1208ca8f1718f93ba19187a3f86e2ceaeeeba1f4579a3af53bcc495fc7a923de; wfwaf-authcookie-1a65aa3deeccb42607125e6c92b1975e=28%7Cadministrator%7Cmanage_options%2Cunfiltered_html%2Cedit_others_posts%2Cupload_files%2Cpublish_posts%2Cedit_posts%2Cread%7C9fece37449276107bca52ef376a4e8a49b841e3b841f7573ee1bb204c5fcdded; wp-settings-time-28=1629818914"],"X-Forwarded-Proto":["https"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"Accept-Language":["en-US,en;q=0.9,he;q=0.8"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"92\""],"X-Forwarded-For":["MyIP"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"www.MainSite.com"}},"headers":{"Content-Length":["0"],"Content-Type":["text/html; charset=UTF-8"],"Date":["Tue, 24 Aug 2021 15:36:58 GMT"],"Server":["Apache/2.4.38 (Debian)"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"],"Cache-Control":["no-cache, must-revalidate, max-age=0"],"X-Redirect-By":["WordPress"],"Location":["https://www.MainSite.com/wp-admin/admin.php?page=WordfenceWAF"]},"status":302}
ESC[36mcaddy    |ESC[0m {"level":"debug","ts":1629819424.917994,"logger":"http.stdlib","msg":"http: TLS handshake error from IP:3390: no certificate available for 'MainSite.com'"}
ESC[36mcaddy    |ESC[0m {"level":"debug","ts":1629819425.046685,"logger":"http.stdlib","msg":"http: TLS handshake error from IP:58805: no certificate available for 'MainSite.com'"}

that’s what I got.

34

Okay, so what this tells me is that Wordpress itself is not correctly configured to handle being behind a proxy, and is serving redirects when it shouldn’t.

@basil since you’re essentially our resident WordPress expert, do you have a clue what setting would be causing these redirects?

1 Like
35

@scepterus Turn off the Wordfence plugin and try again. If that doesn’t get you anywhere, turn off all plugins and try again. Still not getting anywhere? Read on.

TLDR, As I indicated earlier, WP does not like being retrospectively placed behind a RP. You can end up going around in circles for a long time trying to fix it and not get anywhere. It’s a poorly written piece of software that doesn’t adhere to best practices. I use it. I love it, but I also understand its limitations and know when to hit Ctrl-Alt-Del (figuratively speaking)

Rather than trying to find the needle in a haystack of needles, my recommendation is as follows:

  1. Back up your WP site.
  2. Get your Caddy RP working.
  3. Build and test your staging WP site behind the RP. I assume you’ll be using the same image tag version that you are using for your main site i.e. with an Apache webserver. Make sure this is configured with unencrypted communication in mind i.e. it uses HTTP. The Caddy RP will handle TLS termination.
  4. Build another WP instance behind the RP.
  5. Restore your WP site from backup.

Notes:

  1. There are easy and difficult ways to approach moving WP. For a sense of the ‘hard way’, refer to
    Moving WordPress. My recommendation is that you choose the ‘easy way’ and use a reliable backup/restore plugin that will allow you to move the site later. I use the paid version of UpdraftPlus for this. You might be able to find a free plugin to do this, or, you can manually back up and restore, but you need to be prepared to update pointers in WP code and the SQL DB. Note that backing up and restoring a WP site is out-of-scope for the Caddy forum.
  2. Once you have everything working, you might like to consider building a staging WP site that uses the WP PHP-FPM image variant together with a Caddy web server in lieu of the WP Apache image variant.
3 Likes
36

First off, thank you for the in-depth answer. it’s good to know that the problem is WordPress and not something I missed in configuring caddy.

I thought the easy way to create a staging website would be a docker container but now I see it’s really not worth the hassle. I don’t want the main site in a container anyway since having to update the image manually would be a security risk with WordPress, assuming we miss an update or delay it.

I guess since there are no other easier ways to do this, I’d either do this on another server we have that’s running a functional docker and caddy config or bite the bullet and just duplicate the existing server and pay an extra 5$ a month.

Thanks again, as always you all were very helpful and I’ve learned a lot.
have a great day everyone!

2 Likes
37

This topic was automatically closed after 30 days. New replies are no longer allowed.