Trusted certificates for local services using own public domain (wildcard)

Pheggas · November 23, 2024, 9:15pm

1. The problem I’m having:

Hello. I’ve been playing with Caddy for local domains for some time now. But certs for those domains are self-signed by caddy and so are untrusted by default by browsers on my local network. I would like to use my public domain, to generate wildcard certificate like *.internal.example.com (if this is even possible with Let’s Encrypt certs - if not, *.example.com is also okay) like shown in this post. As result, i should have trusted certificate on my local services using my public domain.

The only issue is, i don’t really know how to do it. It probably would be possible to generate wildcard cert using something like certbot or something else and then specify it in caddy config for that specific services but that has many moving parts and has potential to break at certain point.

My question is, can Caddy handle complex requests like i have? Is it built in or i need to do it via the description above?

2. Error messages and/or full log output:

None yet

3. Caddy version:

v2.8.4

4. How I installed and ran Caddy:

Using docker on the same server where i host everything else including all the services i want to secure.

Bruce5051 · November 23, 2024, 9:28pm

Hi @Pheggas,

Here shows what you are talking about DNS challenge text records - #3 by Osiris - Help - Let's Encrypt Community Support

Edit

Also see DNS-01 challenge of the Challenge Types - Let's Encrypt

francislavoie · November 23, 2024, 10:55pm

Yes it is. You can get wildcard certs at any depth, but you can’t have multi-level wilcards (like *.*.example.com or foo.*.example.com), it needs to start with exactly one *.

See Automatic HTTPS — Caddy Documentation, you need to solve the DNS challenge to get a wildcard cert. For that, you need to build Caddy with a DNS plugin for your DNS provider (Caddy writes a TXT record to your DNS to prove that you have control of the domain).

Pheggas · November 24, 2024, 9:14am

Thank you for links. I’ve been researching this topic and now i have the right direction.

Pheggas · November 24, 2024, 9:21am

Thank you. It helped me a lot. I just built docker image with porkbun module baked in. Now i would like to apply *.internal.example.com to my homarr service. So ideally if i enter homarr.interal.example.com it would forward me to my local service without exposing anything to public and also have trusted certificates by Let’s Encrypt. In the module’s documentation, there is defined something like:

# one site
tls {
	dns porkbun {
			api_key {env.PORKBUN_API_KEY}
			api_secret_key {env.PORKBUN_API_SECRET_KEY}
	}
}

So the final config should look like

{
    email redacted@example.com
}

immich.example.com {
  reverse_proxy 192.168.1.13:2283
}

homarr.internal.example.com {
  reverse_proxy 192.168.1.13:1111
  tls {
	  dns porkbun {
			  api_key {env.PORKBUN_API_KEY}
			  api_secret_key {env.PORKBUN_API_SECRET_KEY}
	  }
  }
}

If i understood that correctly.

Pheggas · November 24, 2024, 4:31pm

Update: I’ve noticed some important things listing through the google, which ended up editing the existing configuration to something like:

{
    email username@example.com
}

immich.example.com {
  reverse_proxy 192.168.1.13:2283
}

*.internal.example.com {
  tls {
    dns cloudflare {env.CLOUDFLARE_API_TOKEN}
  }

  @services host services.internal.example.com
  handle @services {
    reverse_proxy 192.168.1.13
  }
}

I absolutely forgot that as my domain provider is Porkbun, i actually transferred all the rights to Cloudflare a while ago so i could manage tunnels and direct accesses more easily and from one place and it was also necessary because of how cloudflare builds those tunnels.
Having dedicated entry for sub-sub domain where i also apply wildcard is not right usage, so i ended up specifying it directly inside the wildcard entry which should handle the services.internal.example.com by reverse-proxying it to that specified IP address.
Ended up changing the sub-sub-domain name to services instead of homarr as homarr is basically dashboard and shortcut for all those services.

After doing this, i get NXDOMAIN (so it appears the domain is not found) and i don’t really uderstand why. I continued with debugging by using dig command which resolved the services.internal.example.com to 192.168.1.13 which is right. There must be something up somewhere else down the line. Do anyone spot some obvious mistakes in the configuration?

Logs from the Caddy container:

{"level":"info","ts":1732466307.3599014,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
{"level":"info","ts":1732466307.3618736,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"warn","ts":1732466307.3618937,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1732466307.3627098,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1732466307.3629305,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0001d7500"}
{"level":"info","ts":1732466307.3629584,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1732466307.3629723,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"debug","ts":1732466307.3630028,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{"subjects":["immich.example.com"]},{"subjects":["*.internal.example.com"]},{}]}},"http":{"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.13:2283"}]}]}]}],"terminal":true},{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.13:80"}]}]}]}],"match":[{"host":["services.internal.example.com"]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
{"level":"info","ts":1732466307.3634171,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1732466307.3634994,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
{"level":"debug","ts":1732466307.3636656,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
{"level":"info","ts":1732466307.3636837,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"debug","ts":1732466307.3637197,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
{"level":"info","ts":1732466307.3637311,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1732466307.363735,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["immich.example.com","*.internal.example.com"]}
{"level":"debug","ts":1732466307.364,"logger":"tls","msg":"loading managed certificate","domain":"immich.example.com","expiration":1737813534,"issuer_key":"acme-v02.api.letsencrypt.org-directory","storage":"FileStorage:/data/caddy"}
{"level":"debug","ts":1732466307.364356,"logger":"tls.cache","msg":"added certificate to cache","subjects":["immich.example.com"],"expiration":1737813534,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"REDACTED","cache_size":1,"cache_capacity":10000}
{"level":"debug","ts":1732466307.3643966,"logger":"events","msg":"event","name":"cached_managed_cert","id":"f1db3e10-4ef3-428b-ba3c-ed3ed663c76f","origin":"tls","data":{"sans":["immich.example.com"]}}
{"level":"debug","ts":1732466307.3648167,"logger":"tls.cache","msg":"added certificate to cache","subjects":["*.internal.example.com"],"expiration":1740224879,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"REDACTED","cache_size":2,"cache_capacity":10000}
{"level":"debug","ts":1732466307.3648455,"logger":"events","msg":"event","name":"cached_managed_cert","id":"812719e2-4a28-4a6d-b197-72e458d58385","origin":"tls","data":{"sans":["*.internal.example.com"]}}
{"level":"info","ts":1732466307.3649552,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1732466307.3649654,"msg":"serving initial configuration"}
{"level":"info","ts":1732466307.3664086,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"ae54a2dc-338c-4779-998b-afda0d189301","try_again":1732552707.3664062,"try_again_in":86399.9999994}
{"level":"info","ts":1732466307.3664722,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"debug","ts":1732466361.0140278,"logger":"events","msg":"event","name":"tls_get_certificate","id":"afc04f07-02c9-4fa8-bfe3-cf0405899f11","origin":"tls","data":{"client_hello":{"CipherSuites":[47802,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"services.internal.example.com","SupportedCurves":[23130,4588,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[14906,772,771],"RemoteAddr":{"IP":"192.168.1.20","Port":34512,"Zone":""},"LocalAddr":{"IP":"192.168.96.2","Port":443,"Zone":""}}}}
{"level":"debug","ts":1732466361.014073,"logger":"tls.handshake","msg":"no matching certificates and no custom selection logic","identifier":"services.internal.example.com"}
{"level":"debug","ts":1732466361.014082,"logger":"tls.handshake","msg":"choosing certificate","identifier":"*.internal.example.com","num_choices":1}
{"level":"debug","ts":1732466361.0140955,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"*.internal.example.com","subjects":["*.internal.example.com"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"REDACTED"}
{"level":"debug","ts":1732466361.014104,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"192.168.1.20","remote_port":"34512","subjects":["*.internal.example.com"],"managed":true,"expiration":1740224879,"hash":"REDACTED"}
{"level":"debug","ts":1732466362.123472,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.1270604,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.00339328,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Mobile":["?0"],"X-Forwarded-Host":["services.internal.example.com"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"X-Forwarded-For":["192.168.1.20"],"Accept-Language":["en-US,en;q=0.9"],"Accept-Encoding":["gzip, deflate, br, zstd"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Upgrade-Insecure-Requests":["1"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Cookie":["REDACTED"],"Priority":["u=0, i"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"]},"status":308}
{"level":"debug","ts":1732466362.131779,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.1347985,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002837355,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br, zstd"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Cache-Control":["max-age=0"],"X-Forwarded-For":["192.168.1.20"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Priority":["u=0, i"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Mode":["navigate"],"Cookie":["REDACTED"],"X-Forwarded-Host":["services.internal.example.com"],"Sec-Fetch-Dest":["document"],"Accept-Language":["en-US,en;q=0.9"],"Sec-Fetch-Site":["none"],"Upgrade-Insecure-Requests":["1"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"]},"status":308}
{"level":"debug","ts":1732466362.1390257,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.1418464,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002584501,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Sec-Ch-Ua-Platform":["\"Linux\""],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Fetch-Site":["none"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Mode":["navigate"],"Sec-Ch-Ua-Mobile":["?0"],"Cookie":["REDACTED"],"Cache-Control":["max-age=0"],"Accept-Language":["en-US,en;q=0.9"],"Upgrade-Insecure-Requests":["1"],"X-Forwarded-Host":["services.internal.example.com"],"Priority":["u=0, i"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Accept-Encoding":["gzip, deflate, br, zstd"],"X-Forwarded-For":["192.168.1.20"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Content-Length":["0"],"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"]},"status":308}
{"level":"debug","ts":1732466362.1452703,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.1477916,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002350195,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Sec-Fetch-Dest":["document"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["services.internal.example.com"],"Upgrade-Insecure-Requests":["1"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept-Language":["en-US,en;q=0.9"],"Priority":["u=0, i"],"Sec-Fetch-Mode":["navigate"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Sec-Fetch-User":["?1"],"Sec-Ch-Ua-Mobile":["?0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Cache-Control":["max-age=0"],"Sec-Fetch-Site":["none"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"X-Forwarded-For":["192.168.1.20"],"Cookie":["REDACTED"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"]},"status":308}
{"level":"debug","ts":1732466362.1514044,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.1543994,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002852141,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Priority":["u=0, i"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Ch-Ua-Mobile":["?0"],"X-Forwarded-Host":["services.internal.example.com"],"Sec-Fetch-Mode":["navigate"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"X-Forwarded-For":["192.168.1.20"],"X-Forwarded-Proto":["https"],"Cookie":["REDACTED"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"],"Accept-Language":["en-US,en;q=0.9"],"Cache-Control":["max-age=0"],"Sec-Fetch-Site":["none"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"]},"status":308}
{"level":"debug","ts":1732466362.1576693,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.160373,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.00256368,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Upgrade-Insecure-Requests":["1"],"Sec-Ch-Ua-Mobile":["?0"],"Priority":["u=0, i"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Cache-Control":["max-age=0"],"Sec-Fetch-Dest":["document"],"Cookie":["REDACTED"],"X-Forwarded-For":["192.168.1.20"],"X-Forwarded-Host":["services.internal.example.com"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-US,en;q=0.9"],"Sec-Fetch-Site":["none"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Content-Length":["0"],"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"]},"status":308}
{"level":"debug","ts":1732466362.1641977,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.1666899,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002300806,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Sec-Fetch-User":["?1"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Accept-Encoding":["gzip, deflate, br, zstd"],"Cache-Control":["max-age=0"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Sec-Fetch-Mode":["navigate"],"Priority":["u=0, i"],"X-Forwarded-For":["192.168.1.20"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Accept-Language":["en-US,en;q=0.9"],"Cookie":["REDACTED"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["services.internal.example.com"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"]},"status":308}
{"level":"debug","ts":1732466362.1706831,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.1736572,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002835151,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Accept-Language":["en-US,en;q=0.9"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Ch-Ua-Platform":["\"Linux\""],"Cookie":["REDACTED"],"Cache-Control":["max-age=0"],"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"X-Forwarded-Proto":["https"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Priority":["u=0, i"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-For":["192.168.1.20"],"X-Forwarded-Host":["services.internal.example.com"],"Sec-Ch-Ua-Mobile":["?0"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"]},"status":308}
{"level":"debug","ts":1732466362.17698,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.1795676,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002459161,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"X-Forwarded-Proto":["https"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-Host":["services.internal.example.com"],"Sec-Fetch-Mode":["navigate"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Sec-Fetch-User":["?1"],"X-Forwarded-For":["192.168.1.20"],"Cache-Control":["max-age=0"],"Cookie":["REDACTED"],"Priority":["u=0, i"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"]},"status":308}
{"level":"debug","ts":1732466362.1833553,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.1857126,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002221694,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Cache-Control":["max-age=0"],"Sec-Fetch-Site":["none"],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-For":["192.168.1.20"],"Cookie":["REDACTED"],"Sec-Fetch-User":["?1"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Accept-Language":["en-US,en;q=0.9"],"Priority":["u=0, i"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"X-Forwarded-Proto":["https"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"X-Forwarded-Host":["services.internal.example.com"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"],"Location":["https://services.internal.example.com/"]},"status":308}
{"level":"debug","ts":1732466362.189267,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.191845,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002441187,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"X-Forwarded-For":["192.168.1.20"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Priority":["u=0, i"],"Cache-Control":["max-age=0"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-US,en;q=0.9"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua-Platform":["\"Linux\""],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["services.internal.example.com"],"Cookie":["REDACTED"],"Upgrade-Insecure-Requests":["1"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Site":["none"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Content-Length":["0"],"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"]},"status":308}
{"level":"debug","ts":1732466362.1957417,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.1981552,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002259927,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Cache-Control":["max-age=0"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Upgrade-Insecure-Requests":["1"],"X-Forwarded-For":["192.168.1.20"],"X-Forwarded-Host":["services.internal.example.com"],"Cookie":["REDACTED"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Fetch-Site":["none"],"X-Forwarded-Proto":["https"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Accept-Language":["en-US,en;q=0.9"],"Sec-Fetch-Dest":["document"],"Priority":["u=0, i"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"],"Location":["https://services.internal.example.com/"]},"status":308}
{"level":"debug","ts":1732466362.203452,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.207197,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.003608072,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"X-Forwarded-Host":["services.internal.example.com"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Mode":["navigate"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Priority":["u=0, i"],"Accept-Encoding":["gzip, deflate, br, zstd"],"X-Forwarded-For":["192.168.1.20"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Sec-Ch-Ua-Mobile":["?0"],"Cache-Control":["max-age=0"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-User":["?1"],"Cookie":["REDACTED"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept-Language":["en-US,en;q=0.9"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"]},"status":308}
{"level":"debug","ts":1732466362.2121248,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.2149415,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002582814,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Cache-Control":["max-age=0"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-Site":["none"],"X-Forwarded-Host":["services.internal.example.com"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"X-Forwarded-Proto":["https"],"Priority":["u=0, i"],"Accept-Language":["en-US,en;q=0.9"],"Cookie":["REDACTED"],"Upgrade-Insecure-Requests":["1"],"X-Forwarded-For":["192.168.1.20"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Accept-Encoding":["gzip, deflate, br, zstd"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"]},"status":308}
{"level":"debug","ts":1732466362.218575,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.221346,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002623248,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Sec-Fetch-User":["?1"],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-For":["192.168.1.20"],"X-Forwarded-Proto":["https"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua-Mobile":["?0"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Cache-Control":["max-age=0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Priority":["u=0, i"],"Sec-Fetch-Site":["none"],"Upgrade-Insecure-Requests":["1"],"X-Forwarded-Host":["services.internal.example.com"],"Cookie":["REDACTED"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"],"Location":["https://services.internal.example.com/"]},"status":308}
{"level":"debug","ts":1732466362.2265975,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.229581,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002799666,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Cookie":["REDACTED"],"Accept-Language":["en-US,en;q=0.9"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"X-Forwarded-Host":["services.internal.example.com"],"X-Forwarded-Proto":["https"],"Priority":["u=0, i"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Fetch-Dest":["document"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Mode":["navigate"],"Sec-Ch-Ua-Mobile":["?0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Ch-Ua-Platform":["\"Linux\""],"X-Forwarded-For":["192.168.1.20"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"],"Location":["https://services.internal.example.com/"]},"status":308}
{"level":"debug","ts":1732466362.2347925,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.2372348,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002206034,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Cache-Control":["max-age=0"],"Accept-Language":["en-US,en;q=0.9"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Site":["none"],"X-Forwarded-For":["192.168.1.20"],"Priority":["u=0, i"],"Cookie":["REDACTED"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Fetch-User":["?1"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua-Mobile":["?0"],"X-Forwarded-Host":["services.internal.example.com"],"Upgrade-Insecure-Requests":["1"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"]},"status":308}
{"level":"debug","ts":1732466362.24119,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.243659,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002315386,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Accept-Language":["en-US,en;q=0.9"],"X-Forwarded-Proto":["https"],"X-Forwarded-For":["192.168.1.20"],"Priority":["u=0, i"],"Cache-Control":["max-age=0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Ch-Ua-Mobile":["?0"],"Upgrade-Insecure-Requests":["1"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Site":["none"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Cookie":["REDACTED"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-Host":["services.internal.example.com"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"]},"status":308}
{"level":"debug","ts":1732466362.2481873,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.2507193,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.002397082,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Cookie":["REDACTED"],"Upgrade-Insecure-Requests":["1"],"Sec-Ch-Ua-Mobile":["?0"],"Priority":["u=0, i"],"Accept-Encoding":["gzip, deflate, br, zstd"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"X-Forwarded-For":["192.168.1.20"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Platform":["\"Linux\""],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["services.internal.example.com"],"Sec-Fetch-Dest":["document"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Fetch-User":["?1"],"Sec-Fetch-Mode":["navigate"],"Accept-Language":["en-US,en;q=0.9"],"Sec-Fetch-Site":["none"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"],"Location":["https://services.internal.example.com/"],"Server":["Caddy"]},"status":308}
{"level":"debug","ts":1732466362.2549567,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.13:80","total_upstreams":1}
{"level":"debug","ts":1732466362.2581434,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.13:80","duration":0.003016694,"request":{"remote_ip":"192.168.1.20","remote_port":"34512","client_ip":"192.168.1.20","proto":"HTTP/2.0","method":"GET","host":"services.internal.example.com","uri":"/","headers":{"Accept-Encoding":["gzip, deflate, br, zstd"],"Accept-Language":["en-US,en;q=0.9"],"Cookie":["REDACTED"],"Sec-Fetch-Dest":["document"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Mode":["navigate"],"Sec-Ch-Ua":["\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Ch-Ua-Mobile":["?0"],"X-Forwarded-For":["192.168.1.20"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"],"Sec-Ch-Ua-Platform":["\"Linux\""],"Cache-Control":["max-age=0"],"X-Forwarded-Host":["services.internal.example.com"],"Priority":["u=0, i"],"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"X-Forwarded-Proto":["https"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"services.internal.example.com"}},"headers":{"Location":["https://services.internal.example.com/"],"Server":["Caddy"],"Date":["Sun, 24 Nov 2024 16:39:22 GMT"],"Content-Length":["0"]},"status":308}

It seems like certificate for the wildcard entry has not been even acquired. Any help?

PS: I, if course entered the environment variable for the cloudflare API token so Caddy could edit the DNS entries.

Whitestrake · November 25, 2024, 12:11am

Can you do a curl -v services.internal.example.com and post the output? I want to rule out a browser-specific issue.

Are you sure that’s right? Don’t you want requests for that domain name to be handled by Caddy instead?

Pheggas · November 25, 2024, 5:25pm

Sure, here you go:

* Host services.internal.example.com:80 was resolved.
* IPv6: (none)
* IPv4: 192.168.1.13
*   Trying 192.168.1.13:80...
* Connected to services.internal.example.com (192.168.1.13) port 80
> GET / HTTP/1.1
> Host: services.internal.example.com
> User-Agent: curl/8.5.0
> Accept: */*
> 
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://services.internal.example.com/
< Server: Caddy
< Date: Mon, 25 Nov 2024 17:09:19 GMT
< Content-Length: 0
< 
* Closing connection

I think recap of my setup would be useful here. All the services i mentioned are hosted on one physical machine on my local network (192.168.1.13). So Caddy, Immich and also the Homarr service i want to access using internal subdomain. And i think this is the exact issue i’m currently having.

It should work like: Client (my PC) sends request to the physical machine (server where i host all mentioned services), to PiHole, which uses it’s local DNS feature to resolve DNS name. PiHole forwards the request to the same IP where it is sitting (192.168.1.13). Caddy acquires the request forwarded by PiHole, checks for URL (domain and path) if it is configured in Caddyfile, and if it is, then it forwards the request to that service (192.168.1.13:1111 [btw in this point i realised what i missed]).

Update: By the btw in this point i realised what i missed i realised i didn’t enter port to the services handler:
Was:

  handle @services {
    reverse_proxy 192.168.1.13

Fixed by:

  handle @services {
    reverse_proxy 192.168.1.13:1111 # <- Added port

So it works!!! Thank you @Bruce5051 , @francislavoie and @Whitestrake for being my debugging duckies .

francislavoie · November 26, 2024, 12:05am

You made an HTTP request, and Caddy responded with an HTTP->HTTPS redirect response. That looks fine. Make sure to include https:// in your curl command or add -L to follow the redirect.

system · December 26, 2024, 12:06am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.