Sshwifty with a reverse proxy

Kraoc · December 22, 2022, 3:55pm

1. Output of `caddy version`:

v2.6.2

2. How I run Caddy:

a. System environment:

Docker / Portainer

b. Command:

Paste command here.

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. -->

d. My complete Caddy config:

# 2022-12-22

(headersGlobal) {
	X-Powered-By "Zogg"

	Host {host}
	X-Real-IP {host}
	X-Forwarded-For {host}

	-Server
	-Via
}

(headersSecurity) {
	Referrer-Policy "strict-origin-when-cross-origin"
	Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	X-Permitted-Cross-Domain-Policies: "none"
	X-Content-Type-Options "nosniff"
	X-Frame-Options "SAMEORIGIN"
	X-XSS-Protection 0
	Permissions-Policy "fullscreen=(*), display-capture=(self), accelerometer=(), battery=(), camera=(), autoplay=(self), vibrate=(self), geolocation=(self), midi=(self), notifications=(*), push=(*), microphone=(self), magnetometer=(self), gyroscope=(self), payment=(self)"
	Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss: https:"
}

(headersRobots) {
	X-Robots-Tag "none,noarchive,nosnippet,notranslate,noimageindex"
}

(headersCaching) {
	cache-Control "public, max-age=86400, s-maxage=86400, max-stale=3600, stale-while-revalidate=86400, stale-if-error=86400"
}

(common) {
	encode zstd gzip

	header {
		import headersGlobal
		import headersRobots
		import headersCaching
		import headersSecurity

		defer
	}
}

(pterodadctyl) {
	encode zstd gzip

	header {
		import headersGlobal
		import headersRobots
		import headersCaching
		import headersSecurity

		Sec-Fetch-Site "cross-site"
		X-Forwarded-Proto "https"
		Access-Control-Allow-Headers "*,Authorization"

		defer
	}
}

(reverseProxy) {
	trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 104.24.0.0/14 172.64.0.0/13 131.0.72.0/22 2400:cb00::/32 2606:4700::/32 2803:f800::/32 2405:b500::/32 2405:8100::/32 2a06:98c0::/29 2c0f:f248::/32
	transport http {
		resolvers 192.168.50.202
		keepalive_idle_conns 512
		keepalive_idle_conns_per_host 256
	}
}

{
	order cache before rewrite
	order rate_limit before basicauth

	log {
		level error
	}

	#debug
	#log {
	#	level debug
	#}

	cache {
		allowed_http_verbs GET HEAD OPTIONS

		api {
			souin {
				security
			}
		}

		cdn {
			api_key {env.CF_DNS_API_TOKEN}
			dynamic true
			email {env.CF_API_EMAIL}
			hostname zogg.fr
			provider cloudflare
			strategy soft
		}

		headers Content-Type Authorization

		key {
			disable_body
			disable_host
			disable_method
		}

		#log_level debug
		log_level error

		redis {
			url 192.168.50.202:6379
		}

		default_cache_control no-store
	}

	admin off

	acme_dns cloudflare {env.CF_DNS_API_TOKEN}
	email {env.CF_API_EMAIL}
}

#
# zogg.fr
#

*.zogg.fr {

	tls {
		dns cloudflare {env.CF_DNS_API_TOKEN}
		resolvers 1.1.1.1
	}

	header {
		Host {upstream_hostport}

		X-Forwarded-Proto {scheme}
		X-Forwarded-For {host}

		defer
	}

	rate_limit {
		zone dynamic {
			key {remote_host}
			window 10s
			events 256
		}
	}

	# Varnish
	#reverse_proxy 192.168.50.202:1080

	#
	# services
	#

		@drawio host drawio.zogg.fr
		handle @drawio {
			import common
			cache

			reverse_proxy 192.168.50.202:5022 {
				import reverseProxy
			}
		}

		@error host error.zogg.fr
		handle @error {
			import common
			cache

			#reverse_proxy 192.168.50.202:2080
			reverse_proxy 192.168.50.202:1080 {
				import reverseProxy
			}
		}

		@firefly host firefly.zogg.fr
		handle @firefly {
			import common
			reverse_proxy 192.168.50.202:6182 {
				import reverseProxy
			}
		}

		@grafana host grafana.zogg.fr
		handle @grafana {
			import common
			cache

			reverse_proxy 192.168.50.202:3000
		}

		@hastbin host hastbin.zogg.fr
		handle @hastbin {
			import common

			reverse_proxy 192.168.50.202:7777 {
				import reverseProxy
			}
		}

		@homelab host homelab.zogg.fr
		handle @homelab {
			import common

			reverse_proxy https://192.168.50.202:8006 {
				import reverseProxy
				transport http {
					tls
					tls_insecure_skip_verify
				}
			}
		}

		@infos host infos.zogg.fr
		handle @infos {
			import common

			handle {
				cache {
					regex {
						exclude .+ghost
					}
				}

				#reverse_proxy 192.168.50.202:3001
				reverse_proxy 192.168.50.202:1080 {
				import reverseProxy
			}
			}
		}

		@invidious host invidious.zogg.fr
		handle @invidious {
			import common

			reverse_proxy 192.168.50.202:4000
		}

		@matomo host matomo.zogg.fr
		handle @matomo {
			import common

			reverse_proxy 192.168.50.202:8597 {
				import reverseProxy
			}
		}

		@matrix host matrix.zogg.fr
		handle @matrix {
			import common

			header /.well-known/matrix/* Content-Type application/json
			header /.well-known/matrix/* Access-Control-Allow-Origin *

			respond /.well-known/matrix/server `{"m.server": "matrix.zogg.fr:443"}`
			respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.zogg.fr"}}`

			reverse_proxy /_matrix/* 192.168.50.202:8008 {
				import reverseProxy
			}
			reverse_proxy /_synapse/client/* 192.168.50.202:8008 {
				import reverseProxy
			}
		}
		@element host element.zogg.fr
		handle @element {
			import common

			reverse_proxy 192.168.50.202:7080 {
				import reverseProxy
			}
		}

		@n8n host n8n.zogg.fr
		handle @n8n {
			import common
			cache

			reverse_proxy 192.168.50.202:5678 {
				import reverseProxy
			}
		}

		@paperless host paperless.zogg.fr
		handle @paperless {
			import common
			cache

			reverse_proxy 192.168.50.202:8777 {
				import reverseProxy
			}
		}

		@photoprism host photoprism.zogg.fr
		handle @photoprism {
			import common
			cache

			#reverse_proxy 192.168.50.202:2342
			reverse_proxy 192.168.50.202:1080 {
				import reverseProxy
			}
		}

		@portainer host portainer.zogg.fr
		handle @portainer {
			import common

			reverse_proxy 192.168.50.202:9000 {
				import reverseProxy
			}
		}

		@psitransfer host psitransfer.zogg.fr
		handle @psitransfer {
			import common

			reverse_proxy 192.168.50.202:3377 {
				import reverseProxy
			}
		}

		@registry host registry.zogg.fr
		handle @registry {
			import common

			reverse_proxy https://192.168.50.202:5443 {
				import reverseProxy
				transport http {
					tls
					tls_insecure_skip_verify
				}
			}
		}

		@searxng host searxng.zogg.fr
		handle @searxng {
			import common

			reverse_proxy 192.168.50.202:8082 {
				import reverseProxy
			}
		}

		@services host services.zogg.fr
		handle @services {
			import common
			cache

			reverse_proxy 192.168.50.202:3552 {
				import reverseProxy
			}
		}

		@shlink host shlink.zogg.fr
		handle @shlink {
			import common
			cache

			reverse_proxy 192.168.50.202:5080 {
				import reverseProxy
			}
		}
		@l host l.zogg.fr
		handle @l {
			import common

			reverse_proxy 192.168.50.202:5081 {
				import reverseProxy
			}
		}

		@sshwifty host sshwifty.zogg.fr
		handle @sshwifty {
			import common

			handle_path /sshwifty/socket {
				reverse_proxy 192.168.50.202:8182 {
					import reverseProxy
				}
			}

			handle {
				reverse_proxy 192.168.50.202:8182 {
					import reverseProxy
				}
			}
		}

		@vaultwarden host vaultwarden.zogg.fr
		handle @vaultwarden {
			import common

			handle_path /notifications/hub {
				reverse_proxy 192.168.50.202:7001 {
				import reverseProxy
				}
			}

			handle {
				reverse_proxy 192.168.50.202:7000 {
				import reverseProxy
				}
			}
		}

		@wbo host wbo.zogg.fr
		handle @wbo {
			import common
			cache

			reverse_proxy 192.168.50.202:11000 {
				import reverseProxy
			}
		}

		@webpdf host webpdf.zogg.fr
		handle @webpdf {
			import common

			reverse_proxy 192.168.50.202:25568 {
				import reverseProxy
			}
		}

		@youtubedl host youtubedl.zogg.fr
		handle @youtubedl {
			import common

			reverse_proxy 192.168.50.202:8998 {
				import reverseProxy
			}
		}

	#
	# pannel
	#

		@clemambpap host clemambpap.zogg.fr
		handle @clemambpap {
			import common
			cache
			#reverse_proxy 192.168.50.203:2080
			reverse_proxy 192.168.50.202:1080 {
				import reverseProxy
			}
		}

		@node host node.zogg.fr
		handle @node {
			import pterodadctyl

			reverse_proxy 192.168.50.203:8181 {
				import reverseProxy
			}
		}

		@panel host panel.zogg.fr
		handle @panel {
			import pterodadctyl

			reverse_proxy 192.168.50.203:8001 {
				import reverseProxy
			}
		}

		@stats-clemambpap host stats-clemambpap.zogg.fr
		handle @stats-clemambpap {
			import common
			cache

			reverse_proxy 192.168.50.203:27062 {
				import reverseProxy
			}
		}

	# fallback
	handle {
		abort
	}
}

3. The problem I’m having:

Unable to log in Sshwifty and error in console.

4. Error messages and/or full log output:

Browser console log:

GET https://sshwifty.zogg.fr/sshwifty/socket/verify 403

5. What I already tried:

I’ve tried many settings in my config but I still get this issue.
I think something is broken in my setup…

6. Links to relevant resources:

francislavoie · December 22, 2022, 8:40pm

Those are request headers. It doesn’t make sense to put those in responses, as you’re doing now. Remove those.

Why are you turning off admin? It’s strongly recommended not to do so unless you have a good reason to, because otherwise it’s impossible to reload Caddy’s config gracefully. You’re forced to restart the process completely to change config, which incurs downtime.

This is also not a good idea. It’s important that you log info and warn level messages so you’re aware of what your server is doing. It makes it almost impossible to debug issues if you’re dropping important logs.

Same here – don’t write these headers to responses, it doesn’t make sense.

Those aren’t really what I’d call “logs”. This has no detail at all.

Path matching is exact, so this will only match exactly /sshwifty/socket. Is that your intent?

Also, handle_path strips the matched path segment from the request before handling. Are you sure that’s what you want to do?

Why do you have two handle blocks for this domain with identical proxies? What are you trying to do there?

Kraoc · December 23, 2022, 6:19am

GET https://sshwifty.zogg.fr/sshwifty/socket/verify 403
handle_path /sshwifty/socket {

What are you trying to do there?

Well… to make SShwifty working
I tried many things, settings to get it to work without success.
I read the forum and saw that handle_path may be one solution, but not.
I tried to upgrade headers with:

	@websockets {
		header Connection *Upgrade*
		header Upgrade    websocket
	}

But no success.

At last, I take your remarks and updated my caddyfile:

# 2022-12-23

(headersGlobal) {
	X-Powered-By "Zogg"
	-Server
	-Via
}

(headersSecurity) {
	Referrer-Policy "strict-origin-when-cross-origin"
	Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
	X-Permitted-Cross-Domain-Policies: "none"
	X-Content-Type-Options "nosniff"
	X-Frame-Options "SAMEORIGIN"
	X-XSS-Protection 0
	Permissions-Policy "fullscreen=(*), display-capture=(self), accelerometer=(), battery=(), camera=(), autoplay=(self), vibrate=(self), geolocation=(self), midi=(self), notifications=(*), push=(*), microphone=(self), magnetometer=(self), gyroscope=(self), payment=(self)"
	Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: wss: https:"
}

(headersRobots) {
	X-Robots-Tag "none,noarchive,nosnippet,notranslate,noimageindex"
}

(headersCaching) {
	cache-Control "public, max-age=86400, s-maxage=86400, max-stale=3600, stale-while-revalidate=86400, stale-if-error=86400"
}

(common) {
	encode zstd gzip
	header {
		import headersGlobal
		import headersRobots
		import headersCaching
		import headersSecurity
		defer
	}
}

(pterodadctyl) {
	encode zstd gzip
	header {
		import headersGlobal
		import headersRobots
		import headersCaching
		import headersSecurity
		Sec-Fetch-Site "cross-site"
		Access-Control-Allow-Headers "*,Authorization"
		defer
	}
}

(reverseProxy) {
	trusted_proxies 173.245.48.0/20 103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 141.101.64.0/18 108.162.192.0/18 190.93.240.0/20 188.114.96.0/20 197.234.240.0/22 198.41.128.0/17 162.158.0.0/15 104.16.0.0/13 104.24.0.0/14 172.64.0.0/13 131.0.72.0/22 2400:cb00::/32 2606:4700::/32 2803:f800::/32 2405:b500::/32 2405:8100::/32 2a06:98c0::/29 2c0f:f248::/32
	transport http {
		resolvers 192.168.50.202
		keepalive_idle_conns 512
		keepalive_idle_conns_per_host 256
	}
}

{
	order cache before rewrite
	order rate_limit before basicauth

	debug
	log {
		level debug
	}

	cache {
		allowed_http_verbs GET HEAD OPTIONS
		api {
			souin {
				security
			}
		}
		cdn {
			api_key {env.CF_DNS_API_TOKEN}
			dynamic true
			email {env.CF_API_EMAIL}
			hostname zogg.fr
			provider cloudflare
			strategy soft
		}
		headers Content-Type Authorization
		key {
			disable_body
			disable_host
			disable_method
		}
		#log_level debug
		log_level error
		redis {
			url 192.168.50.202:6379
		}
		default_cache_control no-store
	}
	acme_dns cloudflare {env.CF_DNS_API_TOKEN}
	email {env.CF_API_EMAIL}
}

#
# zogg.fr
#

*.zogg.fr {

	tls {
		dns cloudflare {env.CF_DNS_API_TOKEN}
		resolvers 1.1.1.1
	}

	rate_limit {
		zone dynamic {
			key {remote_host}
			window 10s
			events 256
		}
	}

	# Varnish
	#reverse_proxy 192.168.50.202:1080

	#
	# services
	#

		@drawio host drawio.zogg.fr
		handle @drawio {
			import common
			cache
			reverse_proxy 192.168.50.202:5022 {
				import reverseProxy
			}
		}

		@error host error.zogg.fr
		handle @error {
			import common
			cache
			#reverse_proxy 192.168.50.202:2080
			reverse_proxy 192.168.50.202:1080 {
				import reverseProxy
			}
		}

		@firefly host firefly.zogg.fr
		handle @firefly {
			import common
			reverse_proxy 192.168.50.202:6182 {
				import reverseProxy
			}
		}

		@grafana host grafana.zogg.fr
		handle @grafana {
			import common
			cache
			reverse_proxy 192.168.50.202:3000
		}

		@hastbin host hastbin.zogg.fr
		handle @hastbin {
			import common
			reverse_proxy 192.168.50.202:7777 {
				import reverseProxy
			}
		}

		@homelab host homelab.zogg.fr
		handle @homelab {
			import common
			reverse_proxy https://192.168.50.202:8006 {
				import reverseProxy
				transport http {
					tls
					tls_insecure_skip_verify
				}
			}
		}

		@infos host infos.zogg.fr
		handle @infos {
			import common
			handle {
				cache {
					regex {
						exclude .+ghost
					}
				}
				#reverse_proxy 192.168.50.202:3001
				reverse_proxy 192.168.50.202:1080 {
					import reverseProxy
				}
			}
		}

		@invidious host invidious.zogg.fr
		handle @invidious {
			import common
			reverse_proxy 192.168.50.202:4000
		}

		@matomo host matomo.zogg.fr
		handle @matomo {
			import common
			reverse_proxy 192.168.50.202:8597 {
				import reverseProxy
			}
		}

		@matrix host matrix.zogg.fr
		handle @matrix {
			import common
			header /.well-known/matrix/* Content-Type application/json
			header /.well-known/matrix/* Access-Control-Allow-Origin *
			respond /.well-known/matrix/server `{"m.server": "matrix.zogg.fr:443"}`
			respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.zogg.fr"}}`
			reverse_proxy /_matrix/* 192.168.50.202:8008 {
				import reverseProxy
			}
			reverse_proxy /_synapse/client/* 192.168.50.202:8008 {
				import reverseProxy
			}
		}
		@element host element.zogg.fr
		handle @element {
			import common
			reverse_proxy 192.168.50.202:7080 {
				import reverseProxy
			}
		}

		@n8n host n8n.zogg.fr
		handle @n8n {
			import common
			cache
			reverse_proxy 192.168.50.202:5678 {
				import reverseProxy
			}
		}

		@paperless host paperless.zogg.fr
		handle @paperless {
			import common
			cache
			reverse_proxy 192.168.50.202:8777 {
				import reverseProxy
			}
		}

		@photoprism host photoprism.zogg.fr
		handle @photoprism {
			import common
			cache
			#reverse_proxy 192.168.50.202:2342
			reverse_proxy 192.168.50.202:1080 {
				import reverseProxy
			}
		}

		@portainer host portainer.zogg.fr
		handle @portainer {
			import common
			reverse_proxy 192.168.50.202:9000 {
				import reverseProxy
			}
		}

		@psitransfer host psitransfer.zogg.fr
		handle @psitransfer {
			import common
			reverse_proxy 192.168.50.202:3377 {
				import reverseProxy
			}
		}

		@registry host registry.zogg.fr
		handle @registry {
			import common
			reverse_proxy https://192.168.50.202:5443 {
				import reverseProxy
				transport http {
					tls
					tls_insecure_skip_verify
				}
			}
		}

		@searxng host searxng.zogg.fr
		handle @searxng {
			import common
			reverse_proxy 192.168.50.202:8082 {
				import reverseProxy
			}
		}

		@services host services.zogg.fr
		handle @services {
			import common
			cache
			reverse_proxy 192.168.50.202:3552 {
				import reverseProxy
			}
		}

		@shlink host shlink.zogg.fr
		handle @shlink {
			import common
			cache
			reverse_proxy 192.168.50.202:5080 {
				import reverseProxy
			}
		}
		@l host l.zogg.fr
		handle @l {
			import common
			reverse_proxy 192.168.50.202:5081 {
				import reverseProxy
			}
		}

		@sshwifty host sshwifty.zogg.fr
		handle @sshwifty {
			import common
			reverse_proxy 192.168.50.202:8182 {
				import reverseProxy
			}
		}

		@vaultwarden host vaultwarden.zogg.fr
		handle @vaultwarden {
			import common
			handle_path /notifications/hub {
				reverse_proxy 192.168.50.202:7001 {
					import reverseProxy
				}
			}
			handle {
				reverse_proxy 192.168.50.202:7000 {
					import reverseProxy
				}
			}
		}

		@wbo host wbo.zogg.fr
		handle @wbo {
			import common
			cache
			reverse_proxy 192.168.50.202:11000 {
				import reverseProxy
			}
		}

		@webpdf host webpdf.zogg.fr
		handle @webpdf {
			import common
			reverse_proxy 192.168.50.202:25568 {
				import reverseProxy
			}
		}

		@youtubedl host youtubedl.zogg.fr
		handle @youtubedl {
			import common
			reverse_proxy 192.168.50.202:8998 {
				import reverseProxy
			}
		}

	#
	# pannel
	#

		@bluemap-clemambpap host bluemap-clemambpap.zogg.fr
		handle @bluemap-clemambpap {
			import common
			cache
			#reverse_proxy 192.168.50.203:2080
			reverse_proxy 192.168.50.202:1080 {
				import reverseProxy
			}
		}

		@node host node.zogg.fr
		handle @node {
			import pterodadctyl
			reverse_proxy 192.168.50.203:8181 {
				import reverseProxy
			}
		}

		@panel host panel.zogg.fr
		handle @panel {
			import pterodadctyl
			reverse_proxy 192.168.50.203:8001 {
				import reverseProxy
			}
		}

		@stats-clemambpap host stats-clemambpap.zogg.fr
		handle @stats-clemambpap {
			import common
			cache
			reverse_proxy 192.168.50.203:27062 {
				import reverseProxy
			}
		}

	#
	# fallback
	#

	handle {
		abort
	}
}

I raised log level to get more debugging.

The call that failed is:

2022/12/23 06:05:45.478 DEBUG http.handlers.reverse_proxy selected upstream {"dial": "192.168.50.202:8182", "total_upstreams": 1}
2022/12/23 06:05:45.479 DEBUG http.handlers.reverse_proxy upstream roundtrip {"upstream": "192.168.50.202:8182", "duration": 0.000421673, "request": {"remote_ip": "172.71.126.23", "remote_port": "49596", "proto": "HTTP/2.0", "method": "GET", "host": "sshwifty.zogg.fr", "uri": "/sshwifty/socket/verify", "headers": {"Cf-Visitor": ["{\"scheme\":\"https\"}"], "X-Forwarded-For": ["2a01:e0a:975:2b80:a1b7:b9e2:ed84:ab5c, 172.71.126.23"], "Sec-Fetch-Dest": ["empty"], "Cdn-Loop": ["cloudflare"], "Cookie": [], "Dnt": ["1"], "Accept-Encoding": ["gzip"], "X-Key": [""], "Accept": ["*/*"], "User-Agent": ["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"], "Cache-Control": ["no-cache"], "Sec-Fetch-Mode": ["cors"], "Priority": ["u=1"], "Sec-Ch-Ua-Mobile": ["?0"], "X-Forwarded-Proto": ["https"], "Pragma": ["no-cache"], "Sec-Ch-Ua": ["\"Not?A_Brand\";v=\"8\", \"Chromium\";v=\"108\", \"Google Chrome\";v=\"108\""], "X-Forwarded-Host": ["sshwifty.zogg.fr"], "Accept-Language": ["fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7"], "Cf-Ray": ["77dee8472817d3fc-CDG"], "Sec-Fetch-Site": ["same-origin"], "Referer": ["https://sshwifty.zogg.fr/"], "Cf-Ipcountry": ["FR"], "Sec-Ch-Ua-Platform": ["\"Linux\""], "Cf-Connecting-Ip": ["2a01:e0a:975:2b80:a1b7:b9e2:ed84:ab5c"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "h2", "server_name": "sshwifty.zogg.fr"}}, "headers": {"Pragma": ["no-store"], "Vary": ["Accept-Encoding"], "X-Key": ["EDmAxCO53HwgdvGeeB59CGLAtzq/g40Wzm3edEEvFZ5H7Toc32OwTbSDG3W8ME20Gx5Jo9JSChGxrgJy6Vw2HA=="], "Content-Length": ["1258"], "Date": ["Fri, 23 Dec 2022 06:05:45 UTC"], "Content-Type": ["text/html; charset=utf-8"], "Cache-Control": ["no-store"], "Content-Encoding": ["gzip"]}, "status": 403}
2022/12/23 06:05:45.525 DEBUG events event {"name": "tls_get_certificate", "id": "790811d4-096f-444a-b9aa-28c883d6df40", "origin": "tls", "data": {"client_hello":{"CipherSuites":[4866,4867,4865,49195,49196,49199,49200,49171,49192,156,157,47,53,10,255],"ServerName":"sshwifty.zogg.fr","SupportedCurves":[29,23,30,25,24],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,515,769,513,770,514,1026,1282,1538],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771,770,769],"Conn":{}}}}
2022/12/23 06:05:45.525 DEBUG tls.handshake no matching certificates and no custom selection logic {"identifier": "sshwifty.zogg.fr"}
2022/12/23 06:05:45.525 DEBUG tls.handshake choosing certificate {"identifier": "*.zogg.fr", "num_choices": 1}
2022/12/23 06:05:45.525 DEBUG tls.handshake default certificate selection results {"identifier": "*.zogg.fr", "subjects": ["*.zogg.fr"], "managed": true, "issuer_key": "acme-v02.api.letsencrypt.org-directory", "hash": "6ce9e9ab5ef53dc587fa7d3bae244ad8341837427574bb017ef34eaf4564c0d3"}
2022/12/23 06:05:45.525 DEBUG tls.handshake matched certificate in cache {"remote_ip": "172.71.126.14", "remote_port": "32912", "subjects": ["*.zogg.fr"], "managed": true, "expiration": "2023/03/04 08:46:38.000", "hash": "6ce9e9ab5ef53dc587fa7d3bae244ad8341837427574bb017ef34eaf4564c0d3"}
2022/12/23 06:05:45.568 DEBUG http.handlers.reverse_proxy selected upstream {"dial": "192.168.50.202:8182", "total_upstreams": 1}

And in sshwifty logs I get:

3/12/2022 7:05:45
[WRN] Fri, 23 Dec 2022 06:05:45 UTC Sshwifty > Server (0.0.0.0:8182) > Client (10.201.33.1:28991): Request ended with error: /sshwifty/socket/verify: HTTP Error (403): To use Websocket interface, a valid Auth Key must be provided

Kraoc · December 23, 2022, 6:20am

And my Traefik config which worked is:

traefik.yml

# 2022-11-30
#
# https://doc.traefik.io/traefik/getting-started/configuration-overview/
# https://github.com/traefik/traefik/blob/master/traefik.sample.yml
# https://www.benjaminrancourt.ca/a-complete-traefik-configuration/

#
# Global configuration
#
global:
  checkNewVersion: false
  sendAnonymousUsage: false

#
# API and dashboard configuration
#
api:
  dashboard: true
  debug: false
  insecure: false

#
# EntryPoints configuration
#
entryPoints:
  http:
    address: ":80"
    transport:
      respondingTimeouts:
        readTimeout: "120s"
        writeTimeout: "10s"
        idleTimeout: "360s"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
          permanent: true
    http2:
      # Specifies the number of concurrent streams per connection that each client is allowed to initiate
      maxConcurrentStreams: 1024
  #https:
  #  address: ":443"
  #  transport:
  #    respondingTimeouts:
  #      readTimeout: "120s"
  #      writeTimeout: "10s"
  #      idleTimeout: "360s"
  https:
    address: ":443"
    http3:
      advertisedPort: 443
    http:
      tls:
        certResolver: cloudflare
        domains:
          main: "zogg.fr"
          sans:
            - "*.zogg.fr"
    transport:
      respondingTimeouts:
        readTimeout: "120s"
        writeTimeout: "10s"
        idleTimeout: "360s"
  metrics:
    address: ":6082"
    http2:
      maxConcurrentStreams: 1024
  streaming:
    address: ":1704/udp"

#
# Configure transports
#
serversTransport:
  # Disables SSL certificate verification
  insecureSkipVerify: true
  # Define transports timeouts
  forwardingTimeouts:
    dialTimeout: "10s"
    responseHeaderTimeout: "60s"

#
# Docker configuration backend
#
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
    network: proxy
  file:
    filename: /config.yml

#
# Certificate Resolvers are responsible for retrieving certificates from an ACME server
#
certificatesResolvers:
  cloudflare:
    acme:
      email: cybridenet@gmail.com
      storage: acme.json
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

#
# Metrics backends
#
metrics:
  prometheus:
    addEntryPointsLabels: true
    addRoutersLabels: true
    addServicesLabels: true
    entryPoint: metrics
    buckets:
      - 0.1
      - 0.3
      - 1.2
      - 5.0

experimental:
  # Enables HTTP/3 protocol on the entryPoint
  http3: true
  # Enable local plugins
  localPlugins:
    geoblock:
      moduleName: github.com/PascalMinder/geoblock
    souin:
      moduleName: github.com/darkweak/souin
    simplecache:
      moduleName: github.com/traefik/plugin-simplecache
    fail2ban:
      moduleName: github.com/tomMoulard/fail2ban

#
# Traefik logs configuration
# Access logs configuration
#
accessLog: false
log:
  level: "error"

config.yml

# 2022-11-30

enabled: true

tls:
  options:
    default:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305  # TLS 1.2
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   # TLS 1.2
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305    # TLS 1.2
        - TLS_AES_256_GCM_SHA384                  # TLS 1.3
        - TLS_CHACHA20_POLY1305_SHA256            # TLS 1.3
        - TLS_FALLBACK_SCSV                       # TLS FALLBACK
      curvePreferences:
        - secp521r1
        - secp384r1
    modern:
      minVersion: VersionTLS13
  stores:
    default:
      defaultGeneratedCert:
        resolver: cloudflare
        domain:
          main: "zogg.fr"
          sans:
            - "*.zogg.fr"

http:

  #
  # ROUTERS
  #
  routers:

    ### Traefik specifics

    #traefik-http:
    #  service: api@internal

    #traefik-https:
    #  service: api@internal

    traefik:
      entryPoints:
        - http
      rule: Host(`traefik.zogg.fr`)
      middlewares:
        - traefik-https-redirect
      service: api@internal

    traefik-secure:
      entryPoints:
        - https
      rule: Host(`traefik.zogg.fr`)
      middlewares:
        - traefik-auth
      tls: {}
      service: api@internal

    ### Panel specifics

    panel:
      entryPoints:
        - https
      rule: Host(`panel.zogg.fr`)
      middlewares:
        - panel
      tls: {}
      service: panel

    node:
      entryPoints:
        - https
      rule: Host(`node.zogg.fr`)
      middlewares:
        - node
      tls: {}
      service: node

    maps-clemambpap:
      entryPoints:
        - https
      rule: Host(`maps-clemambpap.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: maps-clemambpap

    stats-clemambpap:
      entryPoints:
        - https
      rule: Host(`stats-clemambpap.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: stats-clemambpap

    ### Services specifics

    registry:
      entryPoints:
        - https
      rule: Host(`registry.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: registry

    homepage-services:
      entryPoints:
        - https
      rule: Host(`services.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: homepage-services

    vaultwarden:
      entryPoints:
        - https
      rule: Host(`vaultwarden.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: vaultwarden

    vaultwarden-ws:
      entryPoints:
        - https
      rule: Host(`vaultwarden.zogg.fr`) && Path(`/notifications/hub`)
      middlewares:
        - default
      tls: {}
      service: vaultwarden-ws

    portainer:
      entryPoints:
        - https
      rule: Host(`portainer.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: portainer

    sshwifty:
      entryPoints:
        - https
      rule: Host(`sshwifty.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: sshwifty

    grafana:
      entryPoints:
        - https
      rule: Host(`grafana.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: grafana

    shlink-web:
      entryPoints:
        - https
      rule: Host(`shlink.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: shlink-web

    shlink:
      entryPoints:
        - https
      rule: Host(`l.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: shlink

    ghost:
      entryPoints:
        - https
      rule: Host(`infos.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: ghost

    psitransfer:
      entryPoints:
        - https
      rule: Host(`psitransfer.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: psitransfer

    searxng:
      entryPoints:
        - https
      rule: Host(`searxng.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: searxng

    paperless:
      entryPoints:
        - https
      rule: Host(`paperless.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: paperless

    firefly:
      entryPoints:
        - https
      rule: Host(`firefly.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: firefly

    hastbin:
      entryPoints:
        - https
      rule: Host(`hastbin.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: hastbin

    drawio:
      entryPoints:
        - https
      rule: Host(`drawio.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: drawio

    webpdf:
      entryPoints:
        - https
      rule: Host(`webpdf.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: webpdf

    youtubedl:
      entryPoints:
        - https
      rule: Host(`youtubedl.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: youtubedl

    n8n:
      entryPoints:
        - https
      rule: Host(`n8n.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: n8n

    wbo:
      entryPoints:
        - https
      rule: Host(`wbo.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: wbo

    photoprism:
      entryPoints:
        - https
      rule: Host(`photoprism.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: photoprism

    invidious:
      entryPoints:
        - https
      rule: Host(`invidious.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: invidious

    matomo:
      entryPoints:
        - https
      rule: Host(`matomo.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: matomo

    homelab:
      entryPoints:
        - https
      rule: Host(`homelab.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: homelab

    ### Common specifics

    error:
      entryPoints:
        - https
      rule: Host(`error.zogg.fr`)
      middlewares:
        - default
      tls: {}
      service: error


  #
  # SERVICES
  #
  services:

    ### Panel specifics

    panel:
      loadBalancer:
        servers:
          - url: "http://192.168.50.203:8001"
          #- url: "http://192.168.50.202:1080"
        passHostHeader: true

    node:
      loadBalancer:
        servers:
          - url: "http://192.168.50.203:8181"
          #- url: "http://192.168.50.202:1080"
        passHostHeader: true

    maps-clemambpap:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.203:27061"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    stats-clemambpap:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.203:27062"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    ### Services specifics

    registry:
      loadBalancer:
        servers:
          - url: "https://192.168.50.202:5443"
          #- url: "http://192.168.50.202:1080"
        passHostHeader: true

    homepage-services:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:3552"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    vaultwarden:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:7000"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    vaultwarden-ws:
      loadBalancer:
        servers:
          - url: "http://192.168.50.202:7001"
          #- url: "http://192.168.50.202:1080"
        passHostHeader: true

    portainer:
      loadBalancer:
        servers:
          - url: "http://192.168.50.202:9000"
          #- url: "http://192.168.50.202:1080"
        passHostHeader: true

    sshwifty:
      loadBalancer:
        servers:
          - url: "https://192.168.50.202:8182"
          #- url: "http://192.168.50.202:1080"
        passHostHeader: true

    grafana:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:3000"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    shlink-web:
      loadBalancer:
        servers:
          - url: "http://192.168.50.202:5080"
          #- url: "http://192.168.50.202:1080"
        passHostHeader: true

    shlink:
      loadBalancer:
        servers:
          - url: "http://192.168.50.202:5081"
          #- url: "http://192.168.50.202:1080"
        passHostHeader: true

    ghost:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:3001"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    psitransfer:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:3377"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    searxng:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:8082"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    paperless:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:8777"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    firefly:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:6182"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    hastbin:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:7777"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    drawio:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:5022"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    webpdf:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:25568"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    youtubedl:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:8998"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    n8n:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:5678"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    wbo:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:11000"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    photoprism:
      loadBalancer:
        servers:
          #- url: "https://192.168.50.202:2342"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    invidious:
      loadBalancer:
        servers:
          #- url: "http://192.168.50.202:4000"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true

    matomo:
      loadBalancer:
        servers:
          - url: "http://192.168.50.202:8597"
          #- url: "http://192.168.50.202:1080"
        passHostHeader: true

    homelab:
      loadBalancer:
        servers:
          - url: "https://192.168.50.200:8006"
          #- url: "http://192.168.50.202:1080"
        passHostHeader: true

    ### Common specifics

    error:
      loadBalancer:
        servers:
          #- url: "https://192.168.50.202:2443"
          - url: "http://192.168.50.202:1080"
        passHostHeader: true



  #
  # MIDDLEWARES
  #
  middlewares:

    ### Traefik specifics

    traefik-https-redirect:
      redirectScheme:
        scheme: https

    traefik-auth:
      basicAuth:
        users: "daboss:$apr1$m1qp9GpD$C052tr0VpM8M0zo8QI.qQ1"

    sslheader:
      headers:
        customRequestHeaders:
          X-Forwarded-Proto: https

    wss:
      headers:
        customRequestHeaders:
          X-Forwarded-Proto: https

    https-redirectscheme:
      redirectScheme:
        scheme: https
        permanent: true


    ### Panel specifics

    cors-all:
      headers:
        customRequestHeaders:
          Access-Control-Allow-Origin: origin-list-or-null
          Sec-Fetch-Site: cross-site
          X-Forwarded-Proto: https
          Access-Control-Allow-Headers: "*, Authorization"
        customResponseHeaders:
          Access-Control-Allow-Origin: "*"
          Sec-Fetch-Site: cross-site
          X-Forwarded-Proto: https
          Access-Control-Allow-Headers: "*, Authorization"
        accessControlAllowMethods:
          - OPTIONS
          - POST
          - GET
          - PUT
          - DELETE
          - PATCH
        accessControlAllowHeaders:
          - "*, Authorization"
        accessControlExposeHeaders:
          - "*, Authorization"
        accessControlMaxAge: 100
        addVaryHeader: true
        accessControlAllowCredentials: true
        accessControlAllowOriginList:
          - "*"

    pterodadctyl:
      chain:
        middlewares:
          - default-whitelist
          - security-headers
          - default-csp
          - cors-all

    panel:
      chain:
        middlewares:
          - pterodadctyl
          - hsts-headers
          - inflight-req
          - rate-limit
          - retry-attempts
          - limit
          - compress-all

    node:
      chain:
        middlewares:
          - pterodadctyl

    ### Common

    default-whitelist:
      ipWhiteList:
        sourceRange:
          - "10.0.0.0/8"
          - "192.168.0.0/16"
          - "172.16.0.0/12"
          - "192.168.50.0/16"
          - "173.245.48.0/20"
          - "103.21.244.0/22"
          - "103.22.200.0/22"
          - "103.31.4.0/22"
          - "141.101.64.0/18"
          - "108.162.192.0/18"
          - "190.93.240.0/20"
          - "188.114.96.0/20"
          - "197.234.240.0/22"
          - "198.41.128.0/17"
          - "162.158.0.0/15"
          - "104.16.0.0/13"
          - "104.24.0.0/14"
          - "172.64.0.0/13"
          - "131.0.72.0/22"
          - "2400:cb00::/32"
          - "2606:4700::/32"
          - "2803:f800::/32"
          - "2405:b500::/32"
          - "2405:8100::/32"
          - "2a06:98c0::/29"
          - "2c0f:f248::/32"

    default-csp:
      headers:
        contentsecuritypolicy: "default-src 'self' data: wss: blob: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https:; img-src 'self' data: blob: https:;style-src 'self' 'unsafe-inline' https:; connect-src 'self' wss: https:; frame-src 'self' https:"

    security-headers:
      headers:
        customResponseHeaders:
          Permissions-Policy: vibrate=(self),geolocation=(self),midi=(self),notifications=(self),push=(self),microphone=(self),camera=(self),magnetometer=(self),gyroscope=(self),fullscreen=(self),payment=(self)
          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
          server: ""
          X-Forwarded-Proto: https
        sslProxyHeaders:
          X-Forwarded-Proto: https
        referrerPolicy: same-origin
        hostsProxyHeaders:
          - X-Forwarded-Host
        customRequestHeaders:
          X-Forwarded-Proto: https
        contentTypeNosniff: false

    ### Services specifics

    default-headers:
      headers:
        frameDeny: true
        browserXssFilter: false
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15552000
        customFrameOptionsValue: SAMEORIGIN

    hsts-headers:
      headers:
        frameDeny: true
        sslRedirect: true
        forceStsHeader: true
        customResponseHeaders:
          X-Permitted-Cross-Domain-Policies: none

    inflight-req:
      inFlightReq:
        amount: 1024

    rate-limit:
      rateLimit:
        average: 1024
        period: 1m
        burst: 2048

    retry-attempts:
      retry:
        attempts: 16
        initialInterval: 1000ms

    limit:
      buffering:
        maxRequestBodyBytes: 2000000
        memRequestBodyBytes: 2000000
        maxResponseBodyBytes: 2000000
        memResponseBodyBytes: 2000000
        retryExpression: "IsNetworkError() && Attempts() < 3"

    compress-all:
      compress:
        excludedContentTypes:
          - text/event-stream
        minResponseBodyBytes: 1024

    default:
      chain:
        middlewares:
          - default-whitelist
          - https-redirectscheme
          - default-headers
          - security-headers
          - default-csp
          - hsts-headers
          - inflight-req
          - rate-limit
          - retry-attempts
          - limit
          - compress-all

    ### Plugins specifics

    fail-ban:
      plugin:
        fail2ban:
          rules:
            bantime: 15m
            findtime: 10s
            maxretry: 512
            enabled: true

    geo-block:
      plugin:
        geoblock:
          allowLocalRequests: true
          logLocalRequests: false
          logAllowedRequests: false
          logApiRequests: false
          allowPrivate: true
          api: 'https://get.geojs.io/v1/ip/country/{ip}'
          apiTimeoutMs: 3600
          cacheSize: 64
          forceMonthlyUpdate: true
          allowUnknownCountries: true
          unknownCountryApiResponse: "nil"
          countries:
                #- AF # Afghanistan
                #- AL # Albania
                #- DZ # Algeria
                #- AS # American Samoa
                - AD # Andorra
                #- AO # Angola
                #- AI # Anguilla
                - AQ # Antarctica
                #- AG # Antigua and Barbuda
                - AR # Argentina
                #- AM # Armenia
                #- AW # Aruba
                - AU # Australia
                - AT # Austria
                #- AZ # Azerbaijan
                #- BS # Bahamas (the)
                #- BH # Bahrain
                #- BD # Bangladesh
                #- BB # Barbados
                #- BY # Belarus
                - BE # Belgium
                #- BZ # Belize
                #- BJ # Benin
                - BM # Bermuda
                #- BT # Bhutan
                #- BO # Bolivia (Plurinational State of)
                #- BQ # Bonaire, Sint Eustatius and Saba
                #- BA # Bosnia and Herzegovina
                #- BW # Botswana
                #- BV # Bouvet Island
                #- BR # Brazil
                #- IO # British Indian Ocean Territory (the)
                #- BN # Brunei Darussalam
                #- BG # Bulgaria
                #- BF # Burkina Faso
                #- BI # Burundi
                #- CV # Cabo Verde
                #- KH # Cambodia
                #- CM # Cameroon
                - CA # Canada
                #- KY # Cayman Islands (the)
                #- CF # Central African Republic (the)
                #- TD # Chad
                #- CL # Chile
                #- CN # China
                #- CX # Christmas Island
                #- CC # Cocos (Keeling) Islands (the)
                #- CO # Colombia
                #- KM # Comoros (the)
                #- CD # Congo (the Democratic Republic of the)
                #- CG # Congo (the)
                #- CK # Cook Islands (the)
                #- CR # Costa Rica
                #- HR # Croatia
                #- CU # Cuba
                #- CW # Curaçao
                #- CY # Cyprus
                #- CZ # Czechia
                #- CI # Côte d'Ivoire
                - DK # Denmark
                #- DJ # Djibouti
                #- DM # Dominica
                #- DO # Dominican Republic (the)
                #- EC # Ecuador
                #- EG # Egypt
                #- SV # El Salvador
                #- GQ # Equatorial Guinea
                #- ER # Eritrea
                #- EE # Estonia
                #- SZ # Eswatini
                #- ET # Ethiopia
                #- FK # Falkland Islands (the) [Malvinas]
                #- FO # Faroe Islands (the)
                #- FJ # Fiji
                - FI # Finland
                - FR # France
                #- GF # French Guiana
                #- PF # French Polynesia
                #- TF # French Southern Territories (the)
                #- GA # Gabon
                #- GM # Gambia (the)
                #- GE # Georgia
                - DE # Germany
                #- GH # Ghana
                #- GI # Gibraltar
                - GR # Greece
                #- GL # Greenland
                #- GD # Grenada
                - GP # Guadeloupe
                #- GU # Guam
                #- GT # Guatemala
                #- GG # Guernsey
                #- GN # Guinea
                #- GW # Guinea-Bissau
                #- GY # Guyana
                #- HT # Haiti
                #- HM # Heard Island and McDonald Islands
                #- VA # Holy See (the)
                #- HN # Honduras
                #- HK # Hong Kong
                #- HU # Hungary
                - IS # Iceland
                #- IN # India
                #- ID # Indonesia
                #- IR # Iran (Islamic Republic of)
                #- IQ # Iraq
                - IE # Ireland
                #- IM # Isle of Man
                #- IL # Israel
                - IT # Italy
                #- JM # Jamaica
                - JP # Japan
                #- JE # Jersey
                #- JO # Jordan
                #- KZ # Kazakhstan
                #- KE # Kenya
                #- KI # Kiribati
                #- KP # Korea (the Democratic People's Republic of)
                #- KR # Korea (the Republic of)
                #- KW # Kuwait
                #- KG # Kyrgyzstan
                #- LA # Lao People's Democratic Republic (the)
                #- LV # Latvia
                #- LB # Lebanon
                #- LS # Lesotho
                #- LR # Liberia
                #- LY # Libya
                - LI # Liechtenstein
                #- LT # Lithuania
                - LU # Luxembourg
                #- MO # Macao
                #- MG # Madagascar
                #- MW # Malawi
                #- MY # Malaysia
                #- MV # Maldives
                #- ML # Mali
                #- MT # Malta
                #- MH # Marshall Islands (the)
                - MQ # Martinique
                #- MR # Mauritania
                #- MU # Mauritius
                #- YT # Mayotte
                #- MX # Mexico
                #- FM # Micronesia (Federated States of)
                #- MD # Moldova (the Republic of)
                - MC # Monaco
                #- MN # Mongolia
                #- ME # Montenegro
                #- MS # Montserrat
                #- MA # Morocco
                #- MZ # Mozambique
                #- MM # Myanmar
                #- NA # Namibia
                #- NR # Nauru
                #- NP # Nepal
                - NL # Netherlands (the)
                #- NC # New Caledonia
                - NZ # New Zealand
                #- NI # Nicaragua
                #- NE # Niger (the)
                #- NG # Nigeria
                #- NU # Niue
                #- NF # Norfolk Island
                #- MP # Northern Mariana Islands (the)
                - NO # Norway
                #- OM # Oman
                #- PK # Pakistan
                #- PW # Palau
                #- PS # Palestine, State of
                #- PA # Panama
                #- PG # Papua New Guinea
                #- PY # Paraguay
                #- PE # Peru
                #- PH # Philippines (the)
                #- PN # Pitcairn
                #- PL # Poland
                - PT # Portugal
                #- PR # Puerto Rico
                #- QA # Qatar
                #- MK # Republic of North Macedonia
                #- RO # Romania
                #- RU # Russian Federation (the)
                #- RW # Rwanda
                - RE # Réunion
                - BL # Saint Barthélemy
                #- SH # Saint Helena, Ascension and Tristan da Cunha
                #- KN # Saint Kitts and Nevis
                #- LC # Saint Lucia
                - MF # Saint Martin (French part)
                - PM # Saint Pierre and Miquelon
                #- VC # Saint Vincent and the Grenadines
                #- WS # Samoa
                #- SM # San Marino
                #- ST # Sao Tome and Principe
                #- SA # Saudi Arabia
                #- SN # Senegal
                #- RS # Serbia
                #- SC # Seychelles
                #- SL # Sierra Leone
                #- SG # Singapore
                #- SX # Sint Maarten (Dutch part)
                #- SK # Slovakia
                #- SI # Slovenia
                #- SB # Solomon Islands
                #- SO # Somalia
                #- ZA # South Africa
                #- GS # South Georgia and the South Sandwich Islands
                #- SS # South Sudan
                - ES # Spain
                #- LK # Sri Lanka
                #- SD # Sudan (the)
                #- SR # Suriname
                #- SJ # Svalbard and Jan Mayen
                - SE # Sweden
                - CH # Switzerland
                #- SY # Syrian Arab Republic
                #- TW # Taiwan (Province of China)
                #- TJ # Tajikistan
                #- TZ # Tanzania, United Republic of
                #- TH # Thailand
                #- TL # Timor-Leste
                #- TG # Togo
                #- TK # Tokelau
                #- TO # Tonga
                #- TT # Trinidad and Tobago
                #- TN # Tunisia
                #- TR # Turkey
                #- TM # Turkmenistan
                #- TC # Turks and Caicos Islands (the)
                #- TV # Tuvalu
                #- UG # Uganda
                #- UA # Ukraine
                #- AE # United Arab Emirates (the)
                - GB # United Kingdom of Great Britain and Northern Ireland (the)
                #- UM # United States Minor Outlying Islands (the)
                - US # United States of America (the)
                #- UY # Uruguay
                #- UZ # Uzbekistan
                #- VU # Vanuatu
                #- VE # Venezuela (Bolivarian Republic of)
                #- VN # Viet Nam
                #- VG # Virgin Islands (British)
                #- VI # Virgin Islands (U.S.)
                #- WF # Wallis and Futuna
                #- EH # Western Sahara
                #- YE # Yemen
                #- ZM # Zambia
                #- ZW # Zimbabwe
                #- AX # Åland Islands

    cache-simple:
      plugin:
        simplecache:
          path: /cache
          maxExpiry: 300
          cleanup: 600
          addStatusHeader: true

    http-cache:
      plugin:
        souin:
          api:
            prometheus: {}
            souin: {}
          default_cache:
            ttl: 10s

francislavoie · December 26, 2022, 10:02pm

You’ll have to ask the SShwifty people for help. Everything I’m seeing from Caddy looks to be working as intended.

system · January 21, 2023, 3:56pm

This topic was automatically closed after 30 days. New replies are no longer allowed.