Trying to convert hudu NGINX config to Caddyfile

northport · February 18, 2024, 10:56pm

1. The problem I’m having:

Just pushing through the root location leaves me with a blank page.

2. Error messages and/or full log output:

https-proxy  | {"level":"info","ts":1708295674.1942203,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
https-proxy  | {"level":"warn","ts":1708295674.1954103,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
https-proxy  | {"level":"info","ts":1708295674.1980996,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//[::1]:2019","//127.0.0.1:2019","//localhost:2019"]}
https-proxy  | {"level":"info","ts":1708295674.1982856,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
https-proxy  | {"level":"info","ts":1708295674.1983066,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
https-proxy  | {"level":"info","ts":1708295674.2004554,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
https-proxy  | {"level":"info","ts":1708295674.2028117,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
https-proxy  | {"level":"info","ts":1708295674.2033901,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
https-proxy  | {"level":"info","ts":1708295674.2035475,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
https-proxy  | {"level":"info","ts":1708295674.203563,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["DOMAIN"]}
https-proxy  | {"level":"info","ts":1708295674.2086053,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000377600"}
https-proxy  | {"level":"warn","ts":1708295674.2256005,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"f2f8b102-998b-4a40-a0dc-d458df15f5ed","try_again":1708382074.2255976,"try_again_in":86399.999999219}
https-proxy  | {"level":"info","ts":1708295674.2257626,"logger":"tls","msg":"finished cleaning storage units"}
https-proxy  | {"level":"info","ts":1708295674.2258766,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
https-proxy  | {"level":"info","ts":1708295674.2258875,"msg":"serving initial configuration"}

3. Caddy version:

latest docker container

4. How I installed and ran Caddy:

via docker compose and a Caddyfile

a. System environment:

Docker on Ubuntu 22.04 LTS

b. NGINX file I’m trying to replicate:

## Version 2019/08/01 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default

# redirect all traffic to https
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name _;
  return 301 https://$host$request_uri;
}

server {
  server_name _;

  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  root   /var/www/hudu2/public;
  index  index.html;

  include /config/nginx/ssl.conf;

  # deny requests for files that should never be accessed
  location ~ /\. {
    deny all;
  }

  location ~* ^.+\.(rb|log)$ {
    deny all;
  }

  # send non-static file requests to the app server
  location / {
    try_files $uri @rails;
  }

  location @rails {
    include /config/nginx/proxy.conf;
    proxy_pass http://app:3000;
  }
}

# enable subdomain method reverse proxy confs
include /config/nginx/proxy-confs/*.subdomain.conf;
# enable proxy cache for auth
proxy_cache_path cache/ keys_zone=auth_cache:10m;

c. Service/unit/compose file:

version: '3.9'
services:
  https-proxy:
    image: caddy:latest
    container_name: https-proxy
    restart: unless-stopped
    volumes:
      - /home/USER/hudu/Caddyfile:/etc/caddy/Caddyfile
      - https_proxy:/data
    ports:
      - "80:80"
      - "443:443"
volumes:  
  https_proxy:

d. My complete Caddy config:

https://DOMAIN {
        root * /var/www/hudu2/public
}

5. Links to relevant resources:

Hudu setup guide

francislavoie · February 18, 2024, 11:14pm

root on its own only sets a variable. It doesn’t do anything else.

To serve static files, you need to add file_server.

See the docs, it explains all this.

northport · February 18, 2024, 11:31pm

I modified the config to:

https://domain {
  # Set the root directory for static files
        root * /var/www/hudu2/public
        file_server
  # Deny requests for hidden files and certain extensions
        @forbiddenFiles path_regexp forbidden \/\..*|^.+\.(rb|log)$
        respond @forbiddenFiles 403

  # Proxy non-static file requests to the app server
        reverse_proxy / http://app:3000 {
    # Include transport options as necessary, based on /config/nginx/proxy.conf
    # For example, to set header fields or other proxy settings
        header_up Connection $connection_upgrade
        header_up Early-Data $ssl_early_data
        header_up Host $host
        header_up Proxy ""
        header_up Upgrade $http_upgrade
        header_up X-Forwarded-For $proxy_add_x_forwarded_for
        header_up X-Forwarded-Host $host
        header_up X-Forwarded-Method $request_method
        header_up X-Forwarded-Port $server_port
        header_up X-Forwarded-Proto $scheme
        header_up X-Forwarded-Server $host
        header_up X-Forwarded-Ssl on
        header_up X-Forwarded-Uri $request_uri
        header_up X-Original-Method $request_method
        header_up X-Original-URL $scheme://$http_host$request_uri
        header_up X-Real-IP $remote_addr
        }
}

And I get the homepage but I get a 404 error when I go to /sign_up

Here was the nginx proxy.conf:

## Version 2023/02/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/proxy.conf.sample

# Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Proxy Connection Settings
proxy_buffers 32 4k;
proxy_connect_timeout 240;
proxy_headers_hash_bucket_size 128;
proxy_headers_hash_max_size 1024;
proxy_http_version 1.1;
proxy_read_timeout 240;
proxy_redirect http:// $scheme://;
proxy_send_timeout 240;

# Proxy Cache and Cookie Settings
proxy_cache_bypass $cookie_session;
#proxy_cookie_path / "/; Secure"; # enable at your own risk, may break certain apps
proxy_no_cache $cookie_session;

# Proxy Header Settings
proxy_set_header Connection $connection_upgrade;
proxy_set_header Early-Data $ssl_early_data;
proxy_set_header Host $host;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Method $request_method;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Original-Method $request_method;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;

francislavoie · February 18, 2024, 11:36pm

There’s… a lot wrong with that. Did you try using ChatGPT or something?

northport:

        header_up Connection $connection_upgrade
        header_up Early-Data $ssl_early_data
        header_up Host $host
        header_up Proxy ""
        header_up Upgrade $http_upgrade
        header_up X-Forwarded-For $proxy_add_x_forwarded_for
        header_up X-Forwarded-Host $host
        header_up X-Forwarded-Method $request_method
        header_up X-Forwarded-Port $server_port
        header_up X-Forwarded-Proto $scheme
        header_up X-Forwarded-Server $host
        header_up X-Forwarded-Ssl on
        header_up X-Forwarded-Uri $request_uri
        header_up X-Original-Method $request_method
        header_up X-Original-URL $scheme://$http_host$request_uri
        header_up X-Real-IP $remote_addr

Delete all of this. It’s not useful. Caddy sets proxy headers correctly, automatically.

See reverse_proxy (Caddyfile directive) — Caddy Documentation

You’re using a / matcher here. This means that only requests to exactly / will match. Probably not what you want.

Additionally, it doesn’t make sense to use both file_server and reverse_proxy in the same context. The routes overlap, only one of them can actually handle a request at a time.

I don’t know what exactly your goal is, so I can’t tell you what’s correct.

northport · February 20, 2024, 6:30am

This config got it to work:

https://DOMAIN {
  # Set the root directory for static files
        root * /var/www/hudu2/public
        file_server
  # Deny requests for hidden files and certain extensions
        @forbiddenFiles path_regexp forbidden \/\..*|^.+\.(rb|log)$
        respond @forbiddenFiles 403

  # Proxy non-static file requests to the app server
        reverse_proxy /* http://app:3000 {
    # Include transport options as necessary, based on /config/nginx/proxy.conf
    # For example, to set header fields or other proxy settings
        }
}

francislavoie · February 20, 2024, 11:55am

Okay well that still doesn’t really make sense because due to the directive order reverse_proxy will always run before file_server, so Caddy will never serve static files with that config.

Maybe you were looking for something more like this?

system · March 21, 2024, 11:56am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.