Trouble with reverse proxy

Help
1

1. Output of caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

a. System environment:

Ubuntu Server 22.04.1 LTS

b. Command:

sudo service caddy [start/stop/restart/status]

or

sudo systemctl [start/stop/restart/status] caddy

I tried both

c. Service/unit/compose file:

/etc/caddy/Caddyfile

d. My complete Caddy config:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.

proxmox.mlarboul.eu {
        # Set this path to your site's directory.
        root * /usr/share/caddy

        # Enable the static file server.
        file_server

        # Another common task is to set up a reverse proxy:
        reverse_proxy 192.168.0.21:8006
}

truenas.mlarboul.eu {
        # Set this path to your site's directory.
        root * /usr/share/caddy

        # Enable the static file server.
        file_server

        # Another common task is to set up a reverse proxy:
        reverse_proxy 192.168.0.150
}

cloud.mlarboul.eu {
        # Set this path to your site's directory.
        root * /usr/share/caddy

        # Enable the static file server.
        file_server

        # Another common task is to set up a reverse proxy:
        reverse_proxy 192.168.0.14
}


# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

3. The problem I’m having:

So I am very new to the world of self hosting. A friend told me this afternoon about caddy and how convenient it was compare to nginx especially for the ssl certificate part.
So I decided to try.
I would like to expose 3 applications interfaces: Proxmox, Nextcloud and Truenas.
Those services use to be reachable with Nginx, but not operational due to SSL.

For now, only Truenas is reachable (and working perfectly). But for Proxmox and Nextcloud, it seems that the page isn’t working.

4. Error messages and/or full log output:

Nextcloud error message from Brave and Firefox browser:

This page isn’t working
cloud.mlarboul.eu redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS

Proxmox error message from curl -v https://cloud.mlarboul.eu command:

*   Trying 80.236.34.5:443...
* Connected to cloud.mlarboul.eu (80.236.34.5) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=cloud.mlarboul.eu
*  start date: Oct 20 15:35:31 2022 GMT
*  expire date: Jan 18 15:35:30 2023 GMT
*  subjectAltName: host "cloud.mlarboul.eu" matched cert's "cloud.mlarboul.eu"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55fb7f390e00)
> GET / HTTP/2
> Host: cloud.mlarboul.eu
> user-agent: curl/7.79.1
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 301 
< alt-svc: h3=":443"; ma=2592000
< content-type: text/html
< date: Thu, 20 Oct 2022 19:09:50 GMT
< location: https://cloud.mlarboul.eu:443/
< server: Caddy
< server: nginx
< content-length: 162
< 
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host cloud.mlarboul.eu left intact

Proxmox error message from Brave and Firefox browser:

This page isn’t working
proxmox.mlarboul.eu is currently unable to handle this request.
HTTP ERROR 502

Proxmox error message from curl -v https://proxmox.mlarboul.eu command:

*   Trying 80.236.34.5:443...
* Connected to proxmox.mlarboul.eu (80.236.34.5) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=proxmox.mlarboul.eu
*  start date: Oct 20 15:45:32 2022 GMT
*  expire date: Jan 18 15:45:31 2023 GMT
*  subjectAltName: host "proxmox.mlarboul.eu" matched cert's "proxmox.mlarboul.eu"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55a58484ae00)
> GET / HTTP/2
> Host: proxmox.mlarboul.eu
> user-agent: curl/7.79.1
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 502 
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< content-length: 0
< date: Thu, 20 Oct 2022 19:05:05 GMT
< 
* Connection #0 to host proxmox.mlarboul.eu left intact

5. What I already tried:

Domain names are correct because if I change the IP address of the reverse proxy using Truenas IP, it works perfectly…
And as I said I am very new, so I haven’t try a lot of things…

2

Obviously caddy is working like a charm but I jsut don’t know how ton configure it properly.

This config makes proxmox, truenas and nextcloud work perfectly

proxmox.mlarboul.eu {
        reverse_proxy 192.168.0.21:8006 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}

truenas.mlarboul.eu {
        # Another common task is to set up a reverse proxy:
        reverse_proxy 192.168.0.150
}

cloud.mlarboul.eu {
        reverse_proxy 192.168.0.16:443 {
                transport http {
                        tls_insecure_skip_verify
                }
        }
}
3

You shouldn’t have both root+file_server AND reverse_proxy in the same site, if you’re just trying to proxy to another server.

Remove the root and file_server stuff. That’s just an example config, and you’re meant to replace it with either your own static site’s location, or with a proxy, but not keep both.

Looks like Caddy is working correctly, and proxying to your Nginx app. But Nginx (or the underlying app behind Nginx) is triggering a redirect because it thinks it’s not being served over HTTPS.

This isn’t a problem with Caddy. You’ll need to dig into your app’s configuration to figure out what’s going on there.

Enabling this makes Caddy proxy over HTTPS instead of HTTP, and throws away all security. There’s no benefit to this. It just adds overhead to every request by making an additional TLS handshake to your backend. You can remove this config and proxy to your backend’s HTTP port instead of the HTTPS port.

1 Like
4

This topic was automatically closed after 30 days. New replies are no longer allowed.