Tri-state switch partially working

1. Caddy version (caddy version):

v2.4.0-beta.1.0.20210303171231-51f35ba03f78 h1:AoU1dxGv/75/Uw5LT+tNbVWvMPl6QSbCGkqeu/SQxJY=

2. How I run Caddy:

a. System environment:

FreeNAS 11.3 (a FreeBSD derivative)

b. Command:

service caddy start

c. Service/unit/compose file:

n/a

d. My complete Caddyfile or JSON config:

Caddyfile Excerpt 1:

udance.com.au www.udance.com.au {

  encode gzip
  import logging udance
  import authproxy /phpmyadmin*

  map {path} {backend} {online} {

#   PATH                BACKEND          ONLINE
#---------------------------------------------------------------
    ~^/tautulli.*       10.1.1.26:8181   yes
    ~^/transmission.*   10.1.1.28:9091   yes
    ~^/.*               10.1.1.55:80     split
  }

# Offline handling

  @offline expression `{online} == "no"`
  handle @offline {
    redir https://udance.statuspage.io temporary
  }

  @split {
    expression `{online} == "split"`
    not remote_ip 10.1.1.0/24 10.1.2.0/24
  }
  handle @split {
    redir https://udance.statuspage.io temporary
  }

  reverse_proxy {backend}
}

Caddyfile Excerpt 2

(online) {
  @offline expression `"{args.0}" == "no"`
  handle @offline {
    redir https://udance.statuspage.io temporary
  }

  @split {
    expression `"{args.0}" == "split"`
    not remote_ip 10.1.1.0/24 10.1.2.0/24
  }
  handle @split {
    redir https://udance.statuspage.io temporary
  }
}

www.xenografix.com.au, xenografix.com.au {
  encode gzip
  import authproxy /phpmyadmin*
  import logging xenografix

  import online split

  reverse_proxy http://10.1.1.52
}

For completeness, here’s the top of the Caddyfile referring to other snippets used::

{
  email basil.hendroff@udance.com.au
  acme_dns cloudflare [REDACTED]
#  debug
}

(authproxy) {
  basicauth {args.0} {
    admin [REDACTED]
  }
}

(logging) {
  log {
    format json
    output file /var/log/caddy/{args.0}.log {
      roll_keep 7
    }
  }
}

3. The problem I’m having:

What I’m trying to do is create a tri-state switch:

online = {yes|no|split}

yes = site is online
no = site is offline
split = site in online on the local network, but offline from the internet.

Excerpt 1 works as expected; udance.com.au is available on the local network, but redirects when accessed from the internet.

Excerpt 2, which implements similar filters isn’t working though with import online split behaving the same as import online no.

For the local test, I used Chrome on a Windows 10 laptop connected to the WLAN. For the remote test, I used Chrome on an Android phone to access the sites via the internet.

4. Error messages and/or full log output:

Note: Existing logs were renamed and then Caddy restarted to generate fresh logs.

Caddy startup - cat /var/log/caddy.log

{"level":"info","ts":1616267232.7871149,"msg":"using provided configuration","config_file":"/usr/local/www/Caddyfile","config_adapter":"caddyfile"}
[WARNING][caddyfile] /usr/local/www/Caddyfile:2: input is not formatted with 'caddy fmt'
{"level":"info","ts":1616267232.8046198,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1616267232.8054595,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0003b8000"}
{"level":"info","ts":1616267232.8057923,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies;adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1616267232.8058767,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}{"level":"info","ts":1616267245.6217442,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["www.xenografix.com.au","*.udance.com.au","caffigoalkeeping.com.au","readymcgetty.com.au","www.udance.com.au","xenografix.com.au","udance.com.au","www.caffigoalkeeping.com","caffigoalkeeping.com","www.caffigoalkeeping.com.au","www.readymcgetty.com.au"]}
{"level":"info","ts":1616267245.6490731,"logger":"tls","msg":"cleaned up storage units"}
{"level":"info","ts":1616267245.6790078,"msg":"autosaved config (load with --resume flag)","file":"/.config/caddy/autosave.json"}
{"level":"info","ts":1616267245.6790645,"msg":"serving initial configuration"}
Successfully started Caddy (pid=37423) - Caddy is running in the background

xenografix access log - cat/var/log/caddy/xenografix.log

{"level":"info","ts":1616267269.161587,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"162.158.2.216:46348","proto":"HTTP/1.1","method":"GET","host":"xenografix.com.au","uri":"/","headers":{"X-Forwarded-For":["124.171.242.68"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Sec-Ch-Ua-Mobile":["?0"],"Referer":["https://heimdall.udance.com.au/"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"Cookie":["__cfduid=de0759ee8c2360785ded23e4a3aa648271615617163"],"Cdn-Loop":["cloudflare"],"Cf-Ray":["633139bf781efe91-MEL"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36"],"Sec-Fetch-Mode":["navigate"],"Cf-Request-Id":["08f2a26bac0000fe914c14c000000001"],"Connection":["Keep-Alive"],"Cf-Ipcountry":["AU"],"X-Forwarded-Proto":["https"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"89\", \"Chromium\";v=\"89\", \";Not A Brand\";v=\"99\""],"Sec-Fetch-Site":["cross-site"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Accept-Encoding":["gzip"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Gpc":["1"],"Cf-Connecting-Ip":["124.171.242.68"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"xenografix.com.au"}},"common_log":"162.158.2.216 - - [21/Mar/2021:03:07:49 +0800] \"GET / HTTP/1.1\" 302 0","duration":0.00027509,"size":0,"status":302,"resp_headers":{"Server":["Caddy"],"Location":["https://udance.statuspage.io"],"Content-Type":[]}}
{"level":"info","ts":1616267296.0448396,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"162.158.165.236:10206","proto":"HTTP/1.1","method":"GET","host":"xenografix.com.au","uri":"/","headers":{"Sec-Ch-Ua-Mobile":["?1"],"Sec-Fetch-User":["?1"],"Connection":["Keep-Alive"],"Accept-Encoding":["gzip"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cookie":["__cfduid=d82e38c6d5080847a3ec13ba0c189d3431614608414"],"Cdn-Loop":["cloudflare"],"Cf-Request-Id":["08f2a2d49a00005641ec2aa000000001"],"Cf-Ray":["63313a675c3a5641-SIN"],"Save-Data":["on"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Mobile Safari/537.36"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Cf-Connecting-Ip":["49.196.25.226"],"Cf-Ipcountry":["AU"],"X-Forwarded-Proto":["https"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"X-Forwarded-For":["49.196.25.226"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"89\", \"Chromium\";v=\"89\", \";Not A Brand\";v=\"99\""],"Sec-Fetch-Mode":["navigate"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"xenografix.com.au"}},"common_log":"162.158.165.236 - -[21/Mar/2021:03:08:16 +0800] \"GET / HTTP/1.1\" 302 0","duration":0.000202319,"size":0,"status":302,"resp_headers":{"Server":["Caddy"],"Location":["https://udance.statuspage.io"],"Content-Type":[]}}
{"level":"info","ts":1616267340.206511,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"162.158.79.217:54200","proto":"HTTP/1.1","method":"HEAD","host":"xenografix.com.au","uri":"/","headers":{"Cf-Visitor":["{\"scheme\":\"https\"}"],"Connection":["Keep-Alive"],"Accept-Encoding":["gzip"],"Cf-Ipcountry":["US"],"Cf-Ray":["63313b780af52ab8-IAD"],"X-Forwarded-Proto":["https"],"Cf-Request-Id":["08f2a37f0800002ab8de18d000000001"],"X-Forwarded-For":["192.0.101.226"],"User-Agent":["jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"],"Cf-Connecting-Ip":["192.0.101.226"],"Cdn-Loop":["cloudflare"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"xenografix.com.au"}},"common_log":"162.158.79.217 - - [21/Mar/2021:03:09:00 +0800] \"HEAD / HTTP/1.1\" 302 0","duration":0.000292583,"size":0,"status":302,"resp_headers":{"Server":["Caddy"],"Location":["https://udance.statuspage.io"],"Content-Type":[]}}
{"level":"info","ts":1616267816.2887716,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"162.158.78.160:15970","proto":"HTTP/1.1","method":"HEAD","host":"xenografix.com.au","uri":"/","headers":{"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"User-Agent":["jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"],"Cf-Connecting-Ip":["192.0.101.226"],"Accept-Encoding":["gzip"],"Cf-Ipcountry":["US"],"Cf-Ray":["633147178d1a2769-IAD"],"Cf-Request-Id":["08f2aac2b400002769b503c000000001"],"Connection":["Keep-Alive"],"X-Forwarded-For":["192.0.101.226"],"Cdn-Loop":["cloudflare"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"xenografix.com.au"}},"common_log":"162.158.78.160 - - [21/Mar/2021:03:16:56 +0800] \"HEAD / HTTP/1.1\" 302 0","duration":0.000241915,"size":0,"status":302,"resp_headers":{"Server":["Caddy"],"Location":["https://udance.statuspage.io"],"Content-Type":[]}}
{"level":"info","ts":1616268300.7422915,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"172.69.63.19:20224","proto":"HTTP/1.1","method":"HEAD","host":"xenografix.com.au","uri":"/","headers":{"Cf-Ray":["633152eb5e3329ba-IAD"],"User-Agent":["jetmon/1.0(Jetpack Site Uptime Monitor by WordPress.com)"],"Cf-Connecting-Ip":["192.0.101.226"],"Cdn-Loop":["cloudflare"],"Connection":["Keep-Alive"],"Accept-Encoding":["gzip"],"X-Forwarded-For":["192.0.101.226"],"Cf-Request-Id":["08f2b22714000029ba042f3000000001"],"Cf-Ipcountry":["US"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"xenografix.com.au"}},"common_log":"172.69.63.19 - - [21/Mar/2021:03:25:00 +0800] \"HEAD / HTTP/1.1\" 302 0","duration":0.000147317,"size":0,"status":302,"resp_headers":{"Server":["Caddy"],"Location":["https://udance.statuspage.io"],"Content-Type":[]}}

udance access log - cat /var/log/caddy/udance.log

{"level":"info","ts":1616267260.6569395,"logger":"http.log.access.log3","msg":"handled request","request":{"remote_addr":"10.1.1.136:64606","proto":"HTTP/2.0","method":"GET","host":"udance.com.au","uri":"/","headers":{"Referer":["https://heimdall.udance.com.au/"],"Authorization":["Basic YWRtaW46OXpTeTIjckM3Nnkq"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"89\", \"Chromium\";v=\"89\", \";Not A Brand\";v=\"99\""],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36"],"Sec-Fetch-Mode":["navigate"],"Cookie":["tk_or=%22https%3A%2F%2Fheimdall.udance.com.au%2F%22; __cfduid=d53583b316fd49796179aa61c11c12eb31615662656;jetpack_sso_wpcom_name_01ad53d5bf4f84d52a16c29bd439eb90=Basil%20Hendroff; jetpack_sso_wpcom_gravatar_01ad53d5bf4f84d52a16c29bd439eb90=https%3A%2F%2Fsecure.gravatar.com%2Favatar%2Fa6745e3de67b8d1898c9baf02b351786%3Fs%3D144%26d%3Dmm%26r%3Dg;wp-settings-1=libraryContent%3Dbrowse; wp-settings-time-1=1616215887; mailchimp_landing_site=https%3A%2F%2Fudance.com.au%2Fwp-json%2Fjetpack%2Fv4%2Fjitm%3Fmessage_path%3Dwp%253Adashboard%253Aadmin_notices%26query%3D%26full_jp_logo_exists%3Dfalse%26_wpnonce%3D70e17c2ae7;tk_r3d=%22https%3A%2F%2Fheimdall.udance.com.au%2F%22; tk_lr=%22%22"],"Sec-Gpc":["1"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"Sec-Fetch-Site":["same-site"],"Sec-Fetch-Dest":["document"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"udance.com.au"}},"common_log":"10.1.1.136 - - [21/Mar/2021:03:07:40 +0800] \"GET / HTTP/2.0\" 200 8936","duration":0.966044241,"size":8936,"status":200,"resp_headers":{"Date":["Sat, 20 Mar 2021 19:07:40 GMT"],"Server":["Caddy","Caddy"],"Content-Encoding":["gzip"],"Content-Type":["text/html; charset=UTF-8"],"Vary":["Accept-Encoding, Cookie","Accept-Encoding"],"X-Powered-By":["PHP/7.4.15"],"Cache-Control":["max-age=3, must-revalidate"]}}
{"level":"info","ts":1616267266.4529192,"logger":"http.log.access.log3","msg":"handled request","request":{"remote_addr":"10.1.1.136:64606","proto":"HTTP/2.0","method":"POST","host":"udance.com.au","uri":"/?wc-ajax=get_refreshed_fragments","headers":{"Sec-Ch-Ua-Mobile":["?0"],"Origin":["https://udance.com.au"],"Sec-Gpc":["1"],"Sec-Fetch-Dest":["empty"],"Referer":["https://udance.com.au/"],"Accept":["*/*"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36"],"Sec-Fetch-Mode":["cors"],"Authorization":["Basic YWRtaW46OXpTeTIjckM3Nnkq"],"X-Requested-With":["XMLHttpRequest"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"Sec-Fetch-Site":["same-origin"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":["tk_or=%22https%3A%2F%2Fheimdall.udance.com.au%2F%22; __cfduid=d53583b316fd49796179aa61c11c12eb31615662656; jetpack_sso_wpcom_name_01ad53d5bf4f84d52a16c29bd439eb90=Basil%20Hendroff; jetpack_sso_wpcom_gravatar_01ad53d5bf4f84d52a16c29bd439eb90=https%3A%2F%2Fsecure.gravatar.com%2Favatar%2Fa6745e3de67b8d1898c9baf02b351786%3Fs%3D144%26d%3Dmm%26r%3Dg; wp-settings-1=libraryContent%3Dbrowse; wp-settings-time-1=1616215887; mailchimp_landing_site=https%3A%2F%2Fudance.com.au%2Fwp-json%2Fjetpack%2Fv4%2Fjitm%3Fmessage_path%3Dwp%253Adashboard%253Aadmin_notices%26query%3D%26full_jp_logo_exists%3Dfalse%26_wpnonce%3D70e17c2ae7; tk_r3d=%22https%3A%2F%2Fheimdall.udance.com.au%2F%22; tk_lr=%22https%3A%2F%2Fheimdall.udance.com.au%2F%22"],"Content-Length":["18"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"89\", \"Chromium\";v=\"89\", \";Not A Brand\";v=\"99\""],"Content-Type":["application/x-www-form-urlencoded; charset=UTF-8"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"udance.com.au"}},"common_log":"10.1.1.136 - - [21/Mar/2021:03:07:46 +0800] \"POST /?wc-ajax=get_refreshed_fragments HTTP/2.0\" 0 0","duration":5.013002729,"size":0,"status":0,"resp_headers":{"Server":["Caddy"]}}
{"level":"info","ts":1616267268.527062,"logger":"http.log.access.log3","msg":"handled request","request":{"remote_addr":"10.1.1.55:51867","proto":"HTTP/1.1","method":"POST","host":"udance.com.au","uri":"/wp-cron.php?doing_wp_cron=1616267268.3857491016387939453125","headers":{"User-Agent":["WordPress/5.7; https://udance.com.au"],"Accept":["*/*"],"Accept-Encoding":["deflate, gzip"],"Referer":["https://udance.com.au/wp-cron.php?doing_wp_cron=1616267268.3857491016387939453125"],"Connection":["close"],"Content-Length":["0"],"Content-Type":["application/x-www-form-urlencoded"]},"tls":{"resumed":false,"version":771,"cipher_suite":49196,"proto":"http/1.1","proto_mutual":true,"server_name":"udance.com.au"}},"common_log":"10.1.1.55 - - [21/Mar/2021:03:07:48 +0800] \"POST /wp-cron.php?doing_wp_cron=1616267268.3857491016387939453125HTTP/1.1\" 200 0","duration":0.101429248,"size":0,"status":200,"resp_headers":{"Server":["Caddy","Caddy"],"Content-Length":["0"],"Cache-Control":["no-cache, must-revalidate, max-age=0"],"Content-Type":["text/html; charset=UTF-8"],"Expires":["Wed, 11 Jan 1984 05:00:00 GMT"],"X-Powered-By":["PHP/7.4.15"],"Date":["Sat, 20 Mar 2021 19:07:48 GMT"]}}
{"level":"info","ts":1616267268.5517943,"logger":"http.log.access.log3","msg":"handled request","request":{"remote_addr":"10.1.1.136:64606","proto":"HTTP/2.0","method":"GET","host":"udance.com.au","uri":"/favicon.ico","headers":{"Cookie":["tk_or=%22https%3A%2F%2Fheimdall.udance.com.au%2F%22; __cfduid=d53583b316fd49796179aa61c11c12eb31615662656; jetpack_sso_wpcom_name_01ad53d5bf4f84d52a16c29bd439eb90=Basil%20Hendroff;jetpack_sso_wpcom_gravatar_01ad53d5bf4f84d52a16c29bd439eb90=https%3A%2F%2Fsecure.gravatar.com%2Favatar%2Fa6745e3de67b8d1898c9baf02b351786%3Fs%3D144%26d%3Dmm%26r%3Dg; wp-settings-1=libraryContent%3Dbrowse; wp-settings-time-1=1616215887; mailchimp_landing_site=https%3A%2F%2Fudance.com.au%2Fwp-json%2Fjetpack%2Fv4%2Fjitm%3Fmessage_path%3Dwp%253Adashboard%253Aadmin_notices%26query%3D%26full_jp_logo_exists%3Dfalse%26_wpnonce%3D70e17c2ae7; tk_r3d=%22https%3A%2F%2Fheimdall.udance.com.au%2F%22; tk_lr=%22https%3A%2F%2Fheimdall.udance.com.au%2F%22"],"Sec-Gpc":["1"],"Authorization":["Basic YWRtaW46OXpTeTIjckM3Nnkq"],"Sec-Ch-Ua-Mobile":["?0"],"Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"Sec-Fetch-Dest":["image"],"Referer":["https://udance.com.au/"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"89\", \"Chromium\";v=\"89\", \";Not A Brand\";v=\"99\""],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36"],"Sec-Fetch-Site":["same-origin"],"Sec-Fetch-Mode":["no-cors"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"udance.com.au"}},"common_log":"10.1.1.136 - - [21/Mar/2021:03:07:48 +0800] \"GET /favicon.ico HTTP/2.0\"302 0","duration":6.963537804,"size":0,"status":302,"resp_headers":{"Date":["Sat, 20 Mar 2021 19:07:48 GMT"],"Content-Length":["0"],"X-Redirect-By":["WordPress"],"Link":["<https://udance.com.au/wp-json/>; rel=\"https://api.w.org/\""],"X-Powered-By":["PHP/7.4.15"],"Server":["Caddy","Caddy"],"Content-Type":["text/html; charset=UTF-8"],"Location":["https://udance.com.au/wp-includes/images/w-logo-blue-white-bg.png"],"Status":["302 Found"],"Vary":["Accept-Encoding, Cookie"]}}
{"level":"info","ts":1616267268.6475754,"logger":"http.log.access.log3","msg":"handled request","request":{"remote_addr":"10.1.1.55:44343","proto":"HTTP/1.1","method":"POST","host":"udance.com.au","uri":"/wp-cron.php?doing_wp_cron=1616267268.3856561183929443359375","headers":{"Referer":["https://udance.com.au/wp-cron.php?doing_wp_cron=1616267268.3856561183929443359375"],"Connection":["close"],"Content-Length":["0"],"Content-Type":["application/x-www-form-urlencoded"],"User-Agent":["WordPress/5.7; https://udance.com.au"],"Accept":["*/*"],"Accept-Encoding":["deflate, gzip"]},"tls":{"resumed":false,"version":771,"cipher_suite":49196,"proto":"http/1.1","proto_mutual":true,"server_name":"udance.com.au"}},"common_log":"10.1.1.55 - - [21/Mar/2021:03:07:48 +0800] \"POST /wp-cron.php?doing_wp_cron=1616267268.3856561183929443359375 HTTP/1.1\" 200 0","duration":0.203968024,"size":0,"status":200,"resp_headers":{"Expires":["Wed, 11 Jan 198405:00:00 GMT"],"X-Powered-By":["PHP/7.4.15"],"Date":["Sat, 20 Mar 2021 19:07:48 GMT"],"Content-Length":["0"],"Server":["Caddy","Caddy"],"Cache-Control":["no-cache, must-revalidate, max-age=0"],"Content-Type":["text/html; charset=UTF-8"]}}
{"level":"info","ts":1616267283.5129042,"logger":"http.log.access.log3","msg":"handled request","request":{"remote_addr":"172.69.134.177:33176","proto":"HTTP/1.1","method":"GET","host":"udance.com.au","uri":"/","headers":{"X-Forwarded-Proto":["https"],"Sec-Ch-Ua-Mobile":["?1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Purpose":["prefetch"],"Sec-Fetch-Site":["none"],"Cf-Connecting-Ip":["49.196.25.226"],"Accept-Encoding":["gzip"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"89\", \"Chromium\";v=\"89\", \";Not A Brand\";v=\"99\""],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Cookie":["remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6Ill1eFAyM3BjbUxoNE5Bclo3THFSNGc9PSIsInZhbHVlIjoidmwwQ09wMlZ4UFhwUVFmZk91aWdya1cwaXdMaUp5akhYNmNrNmlscktCVkg3NzBTdUpEcEU2elZQR3plYUJCUlFBeDhOa1JETGtNUkN0V2ZlNDMydVdUdmFVV1NRK1dJK29rZEg2NU5sK2ZzdWJONVlJdGE5WTNYTnkwZnY5RzNoR1VzZVJjbk5xS0JDMFQyTUQ0SW5JaVo3cm82dHN0Y1wvZVM3VGF3dlVVVT0iLCJtYWMiOiI2Njk0ZWFmOGYwMDk2YmQ0NjdjZTg2NzVhNzJmNWRkMDI1YjRiNjU2ZmVmNGNiNjQ5ZjUwYWY4N2MyMTZhOGYwIn0%3D; tk_or=%22%22; tk_lr=%22%22; __cfduid=d83da845010722cacda30a640f07cc43e1615636239;tk_r3d=%22%22"],"Cdn-Loop":["cloudflare"],"Cf-Ray":["63313a1908ef18ca-SIN"],"Connection":["Keep-Alive"],"X-Forwarded-For":["49.196.25.226"],"User-Agent":["Mozilla/5.0 (Linux; Android 11; Pixel 3 XL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Mobile Safari/537.36"],"Sec-Fetch-User":["?1"],"Cf-Request-Id":["08f2a2a3a5000018caf0254000000001"],"Save-Data":["on"],"Sec-Fetch-Dest":["document"],"Accept-Language":["en-AU,en-GB;q=0.9,en-US;q=0.8,en;q=0.7"],"Cf-Ipcountry":["AU"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"udance.com.au"}},"common_log":"172.69.134.177 - - [21/Mar/2021:03:08:03 +0800] \"GET / HTTP/1.1\"302 0","duration":0.000246931,"size":0,"status":302,"resp_headers":{"Server":["Caddy"],"Location":["https://udance.statuspage.io"],"Content-Type":[]}}
{"level":"info","ts":1616267617.8977606,"logger":"http.log.access.log3","msg":"handled request","request":{"remote_addr":"162.158.62.75:47824","proto":"HTTP/1.1","method":"HEAD","host":"udance.com.au","uri":"/","headers":{"User-Agent":["jetmon/1.0 (Jetpack Site Uptime Monitor byWordPress.com)"],"Cf-Request-Id":["08f2a7bbb0000055666b3a5000000001"],"Connection":["Keep-Alive"],"Accept-Encoding":["gzip"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cf-Connecting-Ip":["192.0.102.40"],"Cdn-Loop":["cloudflare"],"Cf-Ipcountry":["US"],"X-Forwarded-For":["192.0.102.40"],"Cf-Ray":["6331423f78625566-EWR"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"udance.com.au"}},"common_log":"162.158.62.75 - - [21/Mar/2021:03:13:37 +0800] \"HEAD / HTTP/1.1\" 302 0","duration":0.000386336,"size":0,"status":302,"resp_headers":{"Server":["Caddy"],"Location":["https://udance.statuspage.io"],"Content-Type":[]}}
{"level":"info","ts":1616268098.9600768,"logger":"http.log.access.log3","msg":"handled request","request":{"remote_addr":"173.245.52.65:17154","proto":"HTTP/1.1","method":"HEAD","host":"udance.com.au","uri":"/","headers":{"Connection":["Keep-Alive"],"Accept-Encoding":["gzip"],"X-Forwarded-For":["192.0.102.40"],"Cf-Connecting-Ip":["192.0.102.40"],"Cdn-Loop":["cloudflare"],"Cf-Request-Id":["08f2af12ce0000f005c2220000000001"],"Cf-Ipcountry":["US"],"Cf-Ray":["63314dfe1bccf005-EWR"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"User-Agent":["jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"udance.com.au"}},"common_log":"173.245.52.65 - - [21/Mar/2021:03:21:38 +0800] \"HEAD / HTTP/1.1\" 302 0","duration":0.000291197,"size":0,"status":302,"resp_headers":{"Location":["https://udance.statuspage.io"],"Content-Type":[],"Server":["Caddy"]}}
{"level":"info","ts":1616268539.6450713,"logger":"http.log.access.log3","msg":"handled request","request":{"remote_addr":"162.158.62.229:39650","proto":"HTTP/1.1","method":"HEAD","host":"udance.com.au","uri":"/","headers":{"Connection":["Keep-Alive"],"Accept-Encoding":["gzip"],"Cf-Ipcountry":["US"],"X-Forwarded-For":["192.0.102.40"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"User-Agent":["jetmon/1.0(Jetpack Site Uptime Monitor by WordPress.com)"],"Cdn-Loop":["cloudflare"],"Cf-Request-Id":["08f2b5cc420000f03d021bc000000001"],"Cf-Ray":["633158c06c85f03d-EWR"],"X-Forwarded-Proto":["https"],"Cf-Connecting-Ip":["192.0.102.40"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"udance.com.au"}},"common_log":"162.158.62.229 - - [21/Mar/2021:03:28:59+0800] \"HEAD / HTTP/1.1\" 302 0","duration":0.000322037,"size":0,"status":302,"resp_headers":{"Server":["Caddy"],"Location":["https://udance.statuspage.io"],"Content-Type":[]}}
{"level":"info","ts":1616268678.8744345,"logger":"http.log.access.log3","msg":"handled request","request":{"remote_addr":"172.69.33.85:31366","proto":"HTTP/1.1","method":"POST","host":"udance.com.au","uri":"/wp-login.php","headers":{"Connection":["Keep-Alive"],"X-Forwarded-For":["69.12.66.251"],"Cf-Request-Id":["08f2b7ecb1000042b748b17000000001"],"Cf-Ipcountry":["US"],"User-Agent":["Mozilla/5.0 (Windows NT 6.1; WOW64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"],"Content-Type":["application/x-www-form-urlencoded"],"Cookie":["wordpress_test_cookie=WP+Cookie+check"],"Cf-Connecting-Ip":["69.12.66.251"],"Cdn-Loop":["cloudflare"],"Accept-Encoding":["gzip"],"Cf-Ray":["63315c278bf142b7-LAX"],"Content-Length":["94"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"udance.com.au"}},"common_log":"172.69.33.85 - -[21/Mar/2021:03:31:18 +0800] \"POST /wp-login.php HTTP/1.1\" 302 0","duration":0.000219143,"size":0,"status":302,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Location":["https://udance.statuspage.io"]}}
{"level":"info","ts":1616269022.8934393,"logger":"http.log.access.log3","msg":"handled request","request":{"remote_addr":"172.69.62.31:12640","proto":"HTTP/1.1","method":"HEAD","host":"udance.com.au","uri":"/","headers":{"Accept-Encoding":["gzip"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"User-Agent":["jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"],"Cdn-Loop":["cloudflare"],"Cf-Ipcountry":["US"],"X-Forwarded-For":["192.0.102.40"],"Cf-Ray":["6331648ccc8e3878-IAD"],"X-Forwarded-Proto":["https"],"Cf-Connecting-Ip":["192.0.102.40"],"Cf-Request-Id":["08f2bd2bfe00003878ef991000000001"],"Connection":["Keep-Alive"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"udance.com.au"}},"common_log":"172.69.62.31 - - [21/Mar/2021:03:37:02 +0800] \"HEAD / HTTP/1.1\" 302 0","duration":0.000232243,"size":0,"status":302,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Location":["https://udance.statuspage.io"]}}
{"level":"info","ts":1616269493.6135175,"logger":"http.log.access.log3","msg":"handled request","request":{"remote_addr":"173.245.54.211:26532","proto":"HTTP/1.1","method":"HEAD","host":"udance.com.au","uri":"/","headers":{"X-Forwarded-For":["192.0.102.40"],"Cf-Ray":["6331700ac93c3848-IAD"],"X-Forwarded-Proto":["https"],"Cf-Visitor":["{\"scheme\":\"https\"}"],"Cdn-Loop":["cloudflare"],"Cf-Request-Id":["08f2c45abf00003848c4be5000000001"],"Connection":["Keep-Alive"],"Accept-Encoding":["gzip"],"Cf-Ipcountry":["US"],"User-Agent":["jetmon/1.0 (Jetpack Site Uptime Monitor by WordPress.com)"],"Cf-Connecting-Ip":["192.0.102.40"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","proto_mutual":true,"server_name":"udance.com.au"}},"common_log":"173.245.54.211 - - [21/Mar/2021:03:44:53 +0800]\"HEAD / HTTP/1.1\" 302 0","duration":0.000325979,"size":0,"status":302,"resp_headers":{"Content-Type":[],"Server":["Caddy"],"Location":["https://udance.statuspage.io"]}}

5. What I already tried:

I’m not sure there’s anything wrong with the filters. What I did notice is that there’s evidence of local access in the udance access log, but none in the xenografix log. This, I’m not able to explain.

6. Links to relevant resources:

  1. Using Caddy for incident management in a home network

I’m confused. The caddy adapt output for your example with the import looks fine:

"expression": "\"split\" == \"no\""

...

"expression": "\"split\" == \"split\""

:thinking:

I know, right! It’s weird.

Here’s selected output from caddy adapt --pretty for Excerpt 2:

                                                {
                                                        "match": [
                                                                {
                                                                        "host": [
                                                                                "www.xenografix.com.au",
                                                                                "xenografix.com.au"
                                                                        ]
                                                                }
                                                        ],
                                                        "handle": [
                                                                {
                                                                        "handler": "subroute",
                                                                        "routes": [
                                                                                {
                                                                                        "handle": [
                                                                                                {
                                                                                                        "handler": "authentication",
                                                                                                        "providers": {
                                                                                                                "http_basic": {
                                                                                                                        "accounts": [
                                                                                                                                {
                                                                                                                                        "password": [REDACTED},
                                                                                                                                        "username": "admin"
                                                                                                                                }
                                                                                                                        ],
                                                                                                                        "hash": {
                                                                                                                                "algorithm": "bcrypt"
                                                                                                                        },
                                                                                                                        "hash_cache": {}
                                                                                                                }
                                                                                                        }
                                                                                                }
                                                                                        ],
                                                                                        "match": [
                                                                                                {
                                                                                                        "path": [
                                                                                                                "/phpmyadmin*"
                                                                                                        ]
                                                                                                }
                                                                                        ]
                                                                                },
                                                                                {
                                                                                        "handle": [
                                                                                                {
                                                                                                        "encodings": {
                                                                                                                "gzip": {}
                                                                                                        },
                                                                                                        "handler": "encode"
                                                                                                }
                                                                                        ]
                                                                                },
                                                                                {
                                                                                        "group": "group11",
                                                                                        "handle": [
                                                                                                {
                                                                                                        "handler": "subroute",
                                                                                                        "routes": [
                                                                                                                {
                                                                                                                        "handle": [
                                                                                                                                {
                                                                                                                                        "handler": "static_response",
                                                                                                                                        "headers": {
                                                                                                                                                "Location": [
                                                                                                                                                        "https://udance.statuspage.io"
                                                                                                                                                ]
                                                                                                                                        },
                                                                                                                                        "status_code": 302
                                                                                                                                }
                                                                                                                        ]
                                                                                                                }
                                                                                                        ]
                                                                                                }
                                                                                        ],
                                                                                        "match": [
                                                                                                {
                                                                                                        "expression": "\"split\" == \"no\""
                                                                                                }
                                                                                        ]
                                                                                },
                                                                                {
                                                                                        "group": "group11",
                                                                                        "handle": [
                                                                                                {
                                                                                                        "handler": "subroute",
                                                                                                        "routes": [
                                                                                                                {
                                                                                                                        "handle": [
                                                                                                                                {
                                                                                                                                        "handler": "static_response",
                                                                                                                                        "headers": {
                                                                                                                                                "Location": [
                                                                                                                                                        "https://udance.statuspage.io"
                                                                                                                                                ]
                                                                                                                                        },
                                                                                                                                        "status_code": 302
                                                                                                                                }
                                                                                                                        ]
                                                                                                                }
                                                                                                        ]
                                                                                                }
                                                                                        ],
                                                                                        "match": [
                                                                                                {
                                                                                                        "expression": "\"split\" == \"split\"",
                                                                                                        "not": [
                                                                                                                {
                                                                                                                        "remote_ip": {
                                                                                                                                "ranges": [
                                                                                                                                        "10.1.1.0/24",
                                                                                                                                        "10.1.2.0/24"
                                                                                                                                ]
                                                                                                                        }
                                                                                                                }
                                                                                                        ]
                                                                                                }
                                                                                        ]
                                                                                },
                                                                                {
                                                                                        "handle": [
                                                                                                {
                                                                                                        "handler": "reverse_proxy",
                                                                                                        "upstreams": [
                                                                                                                {
                                                                                                                        "dial": "10.1.1.52:80"
                                                                                                                }
                                                                                                        ]
                                                                                                }
                                                                                        ]
                                                                                }
                                                                        ]
                                                                }
                                                        ],
                                                        "terminal": true
                                                },

For comparison, here’s selected output from caddy adapt --pretty for Excerpt 1.

                                                {
                                                        "match": [
                                                                {
                                                                        "host": [
                                                                                "udance.com.au",
                                                                                "www.udance.com.au"
                                                                        ]
                                                                }
                                                        ],
                                                        "handle": [
                                                                {
                                                                        "handler": "subroute",
                                                                        "routes": [
                                                                                {
                                                                                        "handle": [
                                                                                                {
                                                                                                        "destinations": [
                                                                                                                "{backend}",
                                                                                                                "{online}"
                                                                                                        ],
                                                                                                        "handler": "map",
                                                                                                        "mappings": [
                                                                                                                {
                                                                                                                        "input_regexp": "^/tautulli.*",
                                                                                                                        "outputs": [
                                                                                                                                "10.1.1.26:8181",
                                                                                                                                "yes"
                                                                                                                        ]
                                                                                                                },
                                                                                                                {
                                                                                                                        "input_regexp": "^/transmission.*",
                                                                                                                        "outputs": [
                                                                                                                                "10.1.1.28:9091",
                                                                                                                                "yes"
                                                                                                                        ]
                                                                                                                },
                                                                                                                {
                                                                                                                        "input_regexp": "^/.*",
                                                                                                                        "outputs": [
                                                                                                                                "10.1.1.55:80",
                                                                                                                                "split"
                                                                                                                        ]
                                                                                                                }
                                                                                                        ],
                                                                                                        "source": "{http.request.uri.path}"
                                                                                                }
                                                                                        ]
                                                                                },
                                                                                {
                                                                                        "handle": [
                                                                                                {
                                                                                                        "handler": "authentication",
                                                                                                        "providers": {
                                                                                                                "http_basic": {
                                                                                                                        "accounts": [
                                                                                                                                {
                                                                                                                                        "password": [REDACTED],
                                                                                                                                        "username": "admin"
                                                                                                                                }
                                                                                                                        ],
                                                                                                                        "hash": {
                                                                                                                                "algorithm": "bcrypt"
                                                                                                                        },
                                                                                                                        "hash_cache": {}
                                                                                                                }
                                                                                                        }
                                                                                                }
                                                                                        ],
                                                                                        "match": [
                                                                                                {
                                                                                                        "path": [
                                                                                                                "/phpmyadmin*"
                                                                                                        ]
                                                                                                }
                                                                                        ]
                                                                                },
                                                                                {
                                                                                        "handle": [
                                                                                                {
                                                                                                        "encodings": {
                                                                                                                "gzip": {}
                                                                                                        },
                                                                                                        "handler": "encode"
                                                                                                }
                                                                                        ]
                                                                                },
                                                                                {
                                                                                        "group": "group13",
                                                                                        "handle": [
                                                                                                {
                                                                                                        "handler": "subroute",
                                                                                                        "routes": [
                                                                                                                {
                                                                                                                        "handle": [
                                                                                                                                {
                                                                                                                                        "handler": "static_response",
                                                                                                                                        "headers": {
                                                                                                                                                "Location": [
                                                                                                                                                        "https://udance.statuspage.io"
                                                                                                                                                ]
                                                                                                                                        },
                                                                                                                                        "status_code": 302
                                                                                                                                }
                                                                                                                        ]
                                                                                                                }
                                                                                                        ]
                                                                                                }
                                                                                        ],
                                                                                        "match": [
                                                                                                {
                                                                                                        "expression": "{online} == \"no\""
                                                                                                }
                                                                                        ]
                                                                                },
                                                                                {
                                                                                        "group": "group13",
                                                                                        "handle": [
                                                                                                {
                                                                                                        "handler": "subroute",
                                                                                                        "routes": [
                                                                                                                {
                                                                                                                        "handle": [
                                                                                                                                {
                                                                                                                                        "handler": "static_response",
                                                                                                                                        "headers": {
                                                                                                                                                "Location": [
                                                                                                                                                        "https://udance.statuspage.io"
                                                                                                                                                ]
                                                                                                                                        },
                                                                                                                                        "status_code": 302
                                                                                                                                }
                                                                                                                        ]
                                                                                                                }
                                                                                                        ]
                                                                                                }
                                                                                        ],
                                                                                        "match": [
                                                                                                {
                                                                                                        "expression": "{online} == \"split\"",
                                                                                                        "not": [
                                                                                                                {
                                                                                                                        "remote_ip": {
                                                                                                                                "ranges": [
                                                                                                                                        "10.1.1.0/24",
                                                                                                                                        "10.1.2.0/24"
                                                                                                                                ]
                                                                                                                        }
                                                                                                                }
                                                                                                        ]
                                                                                                }
                                                                                        ]
                                                                                },
                                                                                       "handle": [
                                                                                                {
                                                                                                        "handler": "reverse_proxy",
                                                                                                        "upstreams": [
                                                                                                                {
                                                                                                                        "dial": "{backend}"
                                                                                                                }
                                                                                                        ]
                                                                                                }
                                                                                        ]
                                                                                }
                                                                        ]
                                                                }
                                                        ],
                                                        "terminal": true
                                                },

Try to reduce the problem to as minimal of a config as you can to replicate the issue. If it can be shown to be a bug with a simple reproducible case, it’ll be easier to track down where the problem is.

I’ll have to try this overnight when there’ll be minimal local traffic.

In the interim, what I did was temporarily switch back to the official Caddy release and try the online snippet there, however, the problem persisted.

# caddy version
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=

This confirms that a bug hasn’t crept in since Caddy 2.3.0. So, this leaves three possibilities:

  1. A bug was always there. Unlikely, as someone would have stumbled across it already.
  2. I’m doing something stupid. Likely.
  3. There’s something else in the environment going on that I’m presently oblivious to. Possible.
1 Like

You don’t necessarily need to try it on your live server.

I’m not sure how I would test it otherwise? :thinking: I was thinking I’d switch out the current Caddyfile with a minimal Caddyfile on the live server. I just need to do this out-of-hours. The alternative would be to change the forwarding rule and internal DNS resolver to point to a test Caddy instance. This seems more of a hassle.

Looks like the third scenario is in play here. It has something to do with how Caddy and my WordPress instances interact together. The way I confirmed it was to try the online snippet with a non-WordPress instance and it worked first time.

What’s still not clear is why Caddy and WordPress work well together where the tri-state switch uses the map directive, but will falter when the tri-state switch is implemented using the online snippet.

It was scenario 2. I feel very sheepish atm.

The issue had to do with the split-DNS. The local DNS server resolved udance,com.au to the Caddy IP, but did not do so for other supported domains e.g. xenografix.com.au. When a local device attempted to contact one of those domains, the local DNS resolver, unable to resolve the domain name, would forward the request to an external upstream DNS server, which would then return the request back into the local network. Caddy would, correctly, see the request as originating externally. Therefore, for the split filter, Caddy would always redirect as it was being presented with remote addresses. Once I defined those domains in the local DNS server, the split filter began to work as expected as requests from local devices would be sent directly to Caddy and not routed out and and back into the network.

The issue remained dormant for a long time and under ordinary circumstances caused no visible problems. It took the remote_ip matcher to bring the problem to the fore.

2 Likes

Glad you figured it out :smiley:

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.