Stripping a slash prefix with reverse_proxy

yshalsager · November 7, 2024, 7:06am

1. The problem I’m having:

I am trying to make a config that acts as dynamic CORS proxy like corsanywhere based on this Caddy as a CORS proxy

I am aware of this reply on a similar thread, but it didn’t help, unfortunately.

For some reason, I am getting HTTP 502 code, I assume this because of Caddy adding a slash before the URL as I saw in logs.

I tried logging using respond "Original URI: {http.request.uri} Original Path: {http.request.uri.path} Rewritten to: {uri}" 200

Got Original URI: https:/archive.org/robots.txt Original Path: https:/archive.org/robots.txt Rewritten to: https:/archive.org/robots.txt

I also tried adding https:// before {uri} but got

Error: adapting config using caddyfile: parsing caddyfile tokens for 'reverse_proxy': parsing upstream 'https://{http.request.uri}': due to parsing difficulties, placeholders are not allowed when an upstream address contains a scheme, at Caddyfile:59

2. Error messages and/or full log output:

{"level":"debug","ts":1730962007.8934832,"logger":"http.handlers.rewrite","msg":"rewrote request","request":{"remote_ip":"xxxxx","remote_port":"15428","client_ip":"xxxxxx","proto":"HTTP/2.0","method":"GET","host":"api.example.app","uri":"/https://archive.org/robots.txt","headers":{"Cf-Connecting-Ip":["xxxxx"],"X-Forwarded-For":["xxxxx"],"User-Agent":["curl/8.5.0"],"Accept-Encoding":["gzip, br"],"X-Forwarded-Proto":["https"],"Cdn-Loop":["cloudflare; loops=1"],"Cf-Ipcountry":["xxxx"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept":["*/*"],"Cf-Ray":["xxxxxx-xxxx"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"api.example.app"}},"method":"GET","uri":"https:/archive.org/robots.txt"}
{"level":"debug","ts":1730962007.8936129,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"archive.org/robots.txt:0","total_upstreams":1}
{"level":"debug","ts":1730962007.8938036,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"{http.request.uri}","duration":0.000146441,"request":{"remote_ip":"xxxxx","remote_port":"15428","client_ip":"xxxxx","proto":"HTTP/2.0","method":"GET","host":"archive.org/robots.txt:0","uri":"https:/archive.org/robots.txt","headers":{"Cdn-Loop":["cloudflare; loops=1"],"Cf-Ray":["8deb5e4528922be9-FRA"],"Cf-Connecting-Ip":["xxxxxx"],"Accept-Encoding":["gzip, br"],"Cf-Ipcountry":["DE"],"Accept":["*/*"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"User-Agent":["curl/8.5.0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"api.example.app"}},"error":"dial tcp: lookup archive.org/robots.txt: no such host"}
{"level":"error","ts":1730962007.893925,"logger":"http.log.error.log1","msg":"dial tcp: lookup archive.org/robots.txt: no such host","request":{"remote_ip":"xxxxx","remote_port":"15428","client_ip":"xxxxxx","proto":"HTTP/2.0","method":"GET","host":"api.example.app","uri":"/https://archive.org/robots.txt","headers":{"Cf-Visitor":["{\"scheme\":\"https\"}"],"Accept":["*/*"],"Cf-Ray":["xxxxx-xxxx"],"User-Agent":["curl/8.5.0"],"Accept-Encoding":["gzip, br"],"X-Forwarded-Proto":["https"],"Cdn-Loop":["cloudflare; loops=1"],"Cf-Ipcountry":["xxx"],"X-Forwarded-For":["xxxxx"],"Cf-Connecting-Ip":["xxxxx"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"api.example.app"}},"duration":0.000509643,"status":502,"err_id":"c97vn8it4","err_trace":"reverseproxy.statusError (reverseproxy.go:1267)"}

3. Caddy version:

v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

4. How I installed and ran Caddy:

a. System environment:

Linu 5.15.0-94-generic #104-Ubuntu SMP Tue Jan 9 15:26:57 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux

b. Command:

/usr/bin/caddy run --environ --config /srv/conf/Caddyfile

c. Service/unit/compose file:

# /lib/systemd/system/caddy.service
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /srv/conf/Caddyfile
ExecReload=/usr/bin/caddy reload --config /srv/conf/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576:1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
StandardOutput=append:/var/log/caddy/caddy.log
StandardError=append:/var/log/caddy/caddy-error.log

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:

(cors) {
        header {
                Access-Control-Allow-Origin "{http.request.header.Origin}"
                Access-Control-Allow-Credentials true
                Access-Control-Allow-Methods *
                Access-Control-Allow-Headers DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
        }
        @options {
                method OPTIONS
        }
        @not-options {
                not method OPTIONS
        }
}

https://api.example.app {
    log {
        output file /var/log/caddy/faidah.log
        level DEBUG
    }

    respond @options 204
    uri replace "https://api.example.app/" ""
    uri strip_prefix /
    #respond "Original URI: {http.request.uri} Original Path: {http.request.uri.path} Rewritten to: {uri}" 200
    reverse_proxy {uri} {
        header_up Host {upstream_hostport}
        header_up -X-Forwarded-Host
        header_up -X-forwarded-For
        header_up -X-forwarded-Proto
        header_down -Access-Control-Allow-Origin
        transport http {
            tls_insecure_skip_verify
        }
    }

    import cors
}

5. Links to relevant resources:

Caddy as a CORS proxy

francislavoie · November 7, 2024, 9:39am

I think you want a forward proxy GitHub - caddyserver/forwardproxy: Forward proxy plugin for the Caddy web server not a reverse proxy

system · December 7, 2024, 9:39am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.