[Solved] `adb reverse` for Android to a localhost Caddy proxing a web app not working, works on desktop

Help
1

Hi :slight_smile: I think this is a Caddy-related misconfiguration on my end or something silly. I tried to provide as much info as I can.

1. Output of caddy version:

v2.5.2 h1:eCJdLyEyAGzuQTa5Mh3gETnYWDClo1LjtQm2q9RNZrs=

2. How I run Caddy:

As a development server reverse proxy on WSL in localhost, to expose some services under SSL while developing.

caddy run --config ./dev/Caddyfile

a. System environment:

I’m running Caddy on WSL 2 under Windows 11. Android version on phone is 12 and using latest Chrome on both machines. Problem experienced with Firefox Android too. Android connected through USB cable.

b. Command:

(Mentioned above, app and adb commands following)

c. Service/unit/compose file:

d. My complete Caddy config:

{
	http_port 4432
	https_port 4433
	local_certs
}

localhost:4433

reverse_proxy /* localhost:8080
reverse_proxy /game/* localhost:3000
reverse_proxy /auth/* localhost:3000

Both /game and /auth routes are intended to be routed to port 3000 (aside: do you have a nicer syntax or that?)

3. The problem I’m having:

I’m trying to reach my localhost development web app under HTTPS through Caddy. It works on my desktop but not with Android using adb reverse tcp:4433 tcp:4433. I think Caddy is the culprit because when I adb reverse tcp:8080 tcp:8080 which leads directly to one of the proxied apps, I do see it in the mobile browser just fine. I guess it’s some configuration thing with the SSL traffic.

I wish I could use curl on adb shell to get an exact message, but searching online it does not seem very trivial, so I tried nc localhost 4433 and also nc localhost 8080. The former returns rather quickly and the latter hangs up (saw the this netcat nc tip somewhere). Do you have a tip to give here to assist in debugging?

4. Error messages and/or full log output:

These logs are with the debug directive added to the above settings

caddy run --config ./dev/Caddyfile
2022/08/16 14:59:27.202 INFO    using provided configuration    {"config_file": "./dev/Caddyfile", "config_adapter": ""}
2022/08/16 14:59:27.204 INFO    admin   admin endpoint started  {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["//127.0.0.1:2019", "//localhost:2019", "//[::1]:2019"]}
2022/08/16 14:59:27.205 INFO    tls.cache.maintenance   started background certificate maintenance   {"cache": "0xc000416150"}
2022/08/16 14:59:27.205 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2022/08/16 14:59:27.218 INFO    pki.ca.local    root certificate is already trusted by system   {"path": "storage:pki/authorities/local/root.crt"}
2022/08/16 14:59:27.218 DEBUG   http    starting server loop    {"address": "[::]:4433", "http3": false, "tls": true}
2022/08/16 14:59:27.218 DEBUG   http    starting server loop    {"address": "[::]:4432", "http3": false, "tls": false}
2022/08/16 14:59:27.218 INFO    http    enabling automatic TLS certificate management   {"domains": ["localhost"]}
2022/08/16 14:59:27.218 INFO    tls     cleaning storage unit   {"description": "FileStorage:/home/amir/.local/share/caddy"}
2022/08/16 14:59:27.219 INFO    tls     finished cleaning storage units
2022/08/16 14:59:27.219 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [localhost]: no OCSP server specified in certificate", "identifiers": ["localhost"]}
2022/08/16 14:59:27.219 DEBUG   tls.cache       added certificate to cache      {"subjects": ["localhost"], "expiration": "2022/08/17 02:15:22.000", "managed": true, "issuer_key": "local", "hash": "5cbfe053d7be0c7ab253a59be76160395a965fe2b34dda02f3ade0d79d0e82e0", "cache_size": 1, "cache_capacity": 10000}
2022/08/16 14:59:27.220 INFO    autosaved config (load with --resume flag)      {"file": "/home/amir/.config/caddy/autosave.json"}
2022/08/16 14:59:27.220 INFO    serving initial configuration

5. What I already tried:

  1. running adb usb and then reopening the ports with adb reverse tcp:4433 tcp:4433
  2. Just mentioning this setup works for the desktop machine through browser at https://localhost:4433 - :white_check_mark:
  3. regular traffic through port 8080 is working nicely with Android
  4. tried seeing access logs with stdout or file for caddy by following log (Caddyfile directive) — Caddy Documentation but I didn’t manage to see access logs, even from desktop - which works, so it’s strange
  5. I tried a port different than 4433 which didn’t seem to make a difference, even port 443 with sudo caddy run ... (works desktop, not mobile)
  6. I tried closing Android Chrome and reopning it. Tried Android Firefox too. Same results.
  7. Tried using localhost:4432 as it’s the http port in my Caddy config, didn’t forget to adb reverse this port. Similar results (attached screenshots).

Here are screenshots of the error messages for both ports (empty response and connection closed :thinking: )
edit: I can’t post multiple media items as a new user so instead I’ll mentioned that 4432 port said ERR_EMPTY_RESPONSE

screencap 4433
screencap 44331080×2280 122 KB

Again, mentioning that localhost:8080 on Android works so the adb reverse is not faulty

6. Links to relevant resources:

  1. 44997 - chromium - An open-source project to help move the web forward. - Monorail - failure to use SSL port other than 443, doesn’t seem to be the my problem thoughr
2

Yeah, write it like this:

localhost:4433 {
	@game-auth path /game* /auth*
	handle @game-auth {
		reverse_proxy localhost:3000
	}

	handle {
		reverse_proxy localhost:8080
	}
}

Are the port 3000 and 8080 apps also running in WSL? It might be a Windows firewall thing.

You could try a Caddy build for Windows instead of the Linux/WSL one, it might behave better for you.

Try adding the debug global option in your Caddyfile to see if your logs show anything useful (probably won’t if the connection is closed, which likely means it never reaches Caddy).

2 Likes
3

Hey there, thanks for the response!

I installed a Windows version of Caddy (using scoop :person_shrugging: ). When I ran it for the first time using caddy run --config caddyfile.txt --adapter caddyfile it did prompt me for a firewall permission exception and I allowed it. Now it works with the Android device!

I don’t recall whether I had the same dialog when I ran Caddy from WSL for the first time, but it was indeed a local firewall issue. Good thinking with running the Windows version.

Thanks.

1 Like
4

This topic was automatically closed after 30 days. New replies are no longer allowed.