Unable to add reverse proxy entry using API @id

Help
1

1. My Caddy version (caddy version):

2.0.0-rc.2

2. How I run Caddy:

using Docker Container base image 2.0.0-rc.2-alpine

a. System environment:

Docker

b. Command:

paste command here

c. Service/unit/compose file:

paste full file contents here

d. My complete Caddyfile or JSON config:

JSON Config:

> {
>     "admin": {
>       "listen": ":2019"
>     },
>     "apps": {
>       "http": {
>         "servers": {
>           "reverse_proxy_master": {
>             "listen": [
>               "0.0.0.0:443"
>             ],
>             "@id": "reverse_proxy_master",
>             "routes": [],
>             "experimental_http3": false
>           }
>         }
>       },
>       "tls": {
>         "automation": {
>           "policies": [
>             {
>               "issuer": {
>                 "ca": "https://acme-staging-v02.api.letsencrypt.org/directory",
>                 "module": "acme"
>               }
>             }
>           ]
>         }
>       }
>     }
>   }
  

paste config here, replacing this text
DO NOT REDACT anything except credentials

3. The problem I’m having:

Trying to add reverse proxy handler using IP:

http://:2019/id/reverse_proxy_master/route

Request:

> {
>     "@id":"zenssl.xyz",
>         "match": [
>             {
>                 "host": [
>                     "zenssl.xyz"
>                 ]
>             }
>         ],
>         "handle": [
>             {
>                 "handler": "subroute",
>                 "routes": [
>                     {
>                         "handle": [
>                             {
>                                 "handler": "reverse_proxy",
>                                 "transport" : {
>                                     "protocol": "http"
>                                 },
>                                 "headers": {
>                                     "request": {
>                                         "set": {
>                                             "Host": [
>                                                 "{http.request.host}"
>                                             ],
>                                             "X-Forwarded-For": [
>                                                 "{http.request.remote}"
>                                             ],
>                                             "X-Forwarded-Port": [
>                                                 "{http.request.port}"
>                                             ],
>                                             "X-Forwarded-Proto": [
>                                                 "{http.request.scheme}"
>                                             ],
>                                             "X-Real-Ip": [
>                                                 "{http.request.remote}"
>                                             ]
>                                         }
>                                     }
>                                 },
>                                 "upstreams": [
>                                     {
>                                         "dial": "166.62.10.36"
>                                     }
>                                 ]
>                             }
>                             
>                         ],
>                         "match": [
>                             {
>                                 "path": [
>                                     "/"
>                                 ]
>                             }
>                         ]
>                     }
>                 ]
>             }
>         ],
>         "terminal": false
> }

4. Error messages and/or full log output:

{
“error”: “loading new config: loading http app module: decoding module config: http: json: unknown field “route””
}

5. What I already tried:

6. Links to relevant resources:

2

After change endpoint to http://:2019/id/reverse_proxy_master/routes it worked.

But getting below error when opening site:

The web page at https://zenssl.xyz/ might be temporarily down or it may have moved permanently to a new web address.

ERR_HTTP2_PROTOCOL_ERROR

3

Tested with other website https://sslzen.info/ this load, but automatic https cert is not provisioned.

4

Logs: 2020/04/11 14:15:56 [INFO][cache:0xc000200820] Started certificate maintenance routine
2020/04/11 14:18:42 http: TLS handshake error from 159.89.152.193:53202: no certificate available for ‘sslzen.info’

5

This is my config mapping file:

> {
>     "admin": {
>         "listen": ":2019"
>     },
>     "apps": {
>         "http": {
>             "servers": {
>                 "reverse_proxy_master": {
>                     "@id": "reverse_proxy_master",
>                     "experimental_http3": false,
>                     "listen": [
>                         "0.0.0.0:443"
>                     ],
>                     "routes": [
>                         {
>                             "@id": "zenssl.xyz",
>                             "handle": [
>                                 {
>                                     "handler": "subroute",
>                                     "routes": [
>                                         {
>                                             "handle": [
>                                                 {
>                                                     "handler": "reverse_proxy",
>                                                     "headers": {
>                                                         "request": {
>                                                             "set": {
>                                                                 "Host": [
>                                                                     "{http.request.host}"
>                                                                 ],
>                                                                 "X-Forwarded-For": [
>                                                                     "{http.request.remote}"
>                                                                 ],
>                                                                 "X-Forwarded-Port": [
>                                                                     "{http.request.port}"
>                                                                 ],
>                                                                 "X-Forwarded-Proto": [
>                                                                     "{http.request.scheme}"
>                                                                 ],
>                                                                 "X-Real-Ip": [
>                                                                     "{http.request.remote}"
>                                                                 ]
>                                                             }
>                                                         }
>                                                     },
>                                                     "transport": {
>                                                         "protocol": "http"
>                                                     },
>                                                     "upstreams": [
>                                                         {
>                                                             "dial": "166.62.10.36"
>                                                         }
>                                                     ]
>                                                 }
>                                             ],
>                                             "match": [
>                                                 {
>                                                     "path": [
>                                                         "/"
>                                                     ]
>                                                 }
>                                             ]
>                                         }
>                                     ]
>                                 }
>                             ],
>                             "match": [
>                                 {
>                                     "host": [
>                                         "zenssl.xyz"
>                                     ]
>                                 }
>                             ],
>                             "terminal": false
>                         },
>                         {
>                             "@id": "sslzen.info",
>                             "handle": [
>                                 {
>                                     "handler": "subroute",
>                                     "routes": [
>                                         {
>                                             "handle": [
>                                                 {
>                                                     "handler": "reverse_proxy",
>                                                     "headers": {
>                                                         "request": {
>                                                             "set": {
>                                                                 "Host": [
>                                                                     "{http.request.host}"
>                                                                 ],
>                                                                 "X-Forwarded-For": [
>                                                                     "{http.request.remote}"
>                                                                 ],
>                                                                 "X-Forwarded-Port": [
>                                                                     "{http.request.port}"
>                                                                 ],
>                                                                 "X-Forwarded-Proto": [
>                                                                     "{http.request.scheme}"
>                                                                 ],
>                                                                 "X-Real-Ip": [
>                                                                     "{http.request.remote}"
>                                                                 ]
>                                                             }
>                                                         }
>                                                     },
>                                                     "transport": {
>                                                         "protocol": "http"
>                                                     },
>                                                     "upstreams": [
>                                                         {
>                                                             "dial": "43.255.154.44"
>                                                         }
>                                                     ]
>                                                 }
>                                             ],
>                                             "match": [
>                                                 {
>                                                     "path": [
>                                                         "/"
>                                                     ]
>                                                 }
>                                             ]
>                                         }
>                                     ]
>                                 }
>                             ],
>                             "match": [
>                                 {
>                                     "host": [
>                                         "sslzen.info"
>                                     ]
>                                 }
>                             ],
>                             "terminal": false
>                         }
>                     ]
>                 }
>             }
>         },
>         "tls": {
>             "automation": {
>                 "policies": [
>                     {
>                         "issuer": {
>                             "ca": "https://acme-staging-v02.api.letsencrypt.org/directory",
>                             "module": "acme"
>                         }
>                     }
>                 ]
>             }
>         }
>     }
> }
6

Please use ``` backticks before and after your config to format it, using > mucks up the formatting because it doesn’t preserve whitespace. It’s very hard to read otherwise!

8

@francislavoie any assistance?

9

@matt can you assist ?

10

I don’t use Docker so I don’t think I will be much help, sorry!

Can you simplify the problem down the bare minimum setup? Minimize the config, minimize the tooling (no Docker), etc, so that we can reproduce it easily? Give us good, specific reproduction steps and we’ll return with troubleshooting help. :slight_smile:

Also, full and complete log output would be useful (no redactions).

11

Hey Find,

below is my config with reverse proxy:

{

    "admin": {

        "listen": ":2019"

    },

    "apps": {

        "http": {

            "servers": {

                "reverse_proxy_master": {

                    "@id": "reverse_proxy_master",

                    "experimental_http3": false,

                    "listen": [

                        "0.0.0.0:443"

                    ],

                    "routes": [

                        {

                            "@id": "sslzen.info",

                            "handle": [

                                {

                                    "handler": "subroute",

                                    "routes": [

                                        {

                                            "handle": [

                                                {

                                                    "handler": "reverse_proxy",

                                                    "headers": {

                                                        "request": {

                                                            "set": {

                                                                "Host": [

                                                                    "{http.request.host}"

                                                                ],

                                                                "X-Forwarded-For": [

                                                                    "{http.request.remote}"

                                                                ],

                                                                "X-Forwarded-Port": [

                                                                    "{http.request.port}"

                                                                ],

                                                                "X-Forwarded-Proto": [

                                                                    "{http.request.scheme}"

                                                                ],

                                                                "X-Real-Ip": [

                                                                    "{http.request.remote}"

                                                                ]

                                                            }

                                                        }

                                                    },

                                                    "transport": {

                                                        "protocol": "http"

                                                    },

                                                    "upstreams": [

                                                        {

                                                            "dial": "43.255.154.44"

                                                        }

                                                    ]

                                                }

                                            ],

                                            "match": [

                                                {

                                                    "path": [

                                                        "/"

                                                    ]

                                                }

                                            ]

                                        }

                                    ]

                                }

                            ],

                            "match": [

                                {

                                    "host": [

                                        "sslzen.info"

                                    ]

                                }

                            ],

                            "terminal": false

                        }

                    ]

                }

            }

        },

        "tls": {

            "automation": {

                "policies": [

                    {

                        "issuer": {

                            "ca": "https://acme-staging-v02.api.letsencrypt.org/directory",

                            "module": "acme"

                        }

                    }

                ]

            }

        }

    }

}```

Below are logs from startup till failure:

2020/04/14 12:35:46.958 INFO no autosave file exists {“autosave_file”: “/config/caddy/autosave.json”}
2020/04/14 12:35:46.959 INFO using provided configuration {“config_file”: “config.json”, “config_adapter”: “”}
2020/04/14 12:35:46.960 INFO admin admin endpoint started {“address”: “:2019”, “enforce_origin”: false, “origins”: [“:2019”]}
2020/04/14 12:35:46.961 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {“server_name”: “reverse_proxy_master”, “https_port”: 443}
2020/04/14 12:35:46.961 INFO tls cleaned up storage units
2020/04/14 12:35:46.961 INFO autosaved config {“file”: “/config/caddy/autosave.json”}
2020/04/14 12:35:46.962 INFO serving initial configuration
2020/04/14 12:35:46 [INFO][cache:0xc00067e820] Started certificate maintenance routine
2020/04/14 12:36:01.168 INFO admin.api received request {“method”: “GET”, “uri”: “/config/”, “remote_addr”: “45.113.249.132:50189”, “headers”: {“Accept”:[“text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9”],“Accept-Encoding”:[“gzip, deflate”],“Accept-Language”:[“en-US,en;q=0.9”],“Connection”:[“keep-alive”],“Upgrade-Insecure-Requests”:[“1”],“User-Agent”:[“Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36”]}}
2020/04/14 12:36:01.629 INFO admin.api received request {“method”: “GET”, “uri”: “/favicon.ico”, “remote_addr”: “45.113.249.132:50189”, “headers”: {“Accept”:[“image/webp,image/apng,image/,/*;q=0.8”],“Accept-Encoding”:[“gzip, deflate”],“Accept-Language”:[“en-US,en;q=0.9”],“Connection”:[“keep-alive”],“Referer”:[“http://192.241.128.145:2019/config/"],“User-Agent”:["Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36”]}}

2020/04/14 12:37:43 [INFO][sslzen.info] Waiting on rate limiter…
2020/04/14 12:37:43 [INFO][sslzen.info] Done waiting
2020/04/14 12:37:43 [INFO] [sslzen.info] acme: Obtaining bundled SAN certificate given a CSR
2020/04/14 12:37:44 [INFO] [sslzen.info] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/49238932
2020/04/14 12:37:44 [INFO] [sslzen.info] acme: use tls-alpn-01 solver
2020/04/14 12:37:44 [INFO] [sslzen.info] acme: Trying to solve TLS-ALPN-01
2020/04/14 12:37:44 http: TLS handshake error from 127.0.0.1:36876: EOF
2020/04/14 12:37:44 [INFO][sslzen.info] Served key authentication certificate (TLS-ALPN challenge)
2020/04/14 12:37:44 [INFO][sslzen.info] Served key authentication certificate (TLS-ALPN challenge)
2020/04/14 12:37:45 [INFO][sslzen.info] Served key authentication certificate (TLS-ALPN challenge)
2020/04/14 12:37:45 [INFO][sslzen.info] Served key authentication certificate (TLS-ALPN challenge)
2020/04/14 12:37:48 [INFO] [sslzen.info] The server validated our request
2020/04/14 12:37:48 [INFO] [sslzen.info] acme: Validations succeeded; requesting certificates
2020/04/14 12:37:49 [INFO] [sslzen.info] Server responded with a certificate.
2020/04/14 12:37:49 [INFO][sslzen.info] Certificate obtained successfully
2020/04/14 12:37:49 [INFO][sslzen.info] Obtain: Releasing lock

2020/04/14 12:38:16 http: TLS handshake error from 45.113.249.132:50231: remote error: tls: unknown certificate
2020/04/14 12:38:21 http: TLS handshake error from 45.113.249.132:50237: remote error: tls: unknown certificate
2020/04/14 12:38:26 http: TLS handshake error from 66.249.64.104:49810: no certificate available for ‘correo.vanya.com.ua’
2020/04/14 12:38:30 http: TLS handshake error from 45.113.249.132:50239: remote error: tls: unknown certificate
2020/04/14 12:38:30 http: TLS handshake error from 45.113.249.132:50238: remote error: tls: unknown certificate
2020/04/14 12:38:30 http2: panic serving 45.113.249.132:50241: runtime error: invalid memory address or nil pointer dereference
goroutine 79 [running]:
net/http.(*http2serverConn).runHandler.func1(0xc0003dc358, 0xc0004ebf8e, 0xc00047b080)
net/http/h2_bundle.go:5713 +0x16b
panic(0x144d380, 0x2470800)
runtime/panic.go:969 +0x166
github.com/caddyserver/caddy/v2/modules/caddyhttp.(*Server).ServeHTTP(0xc00059f440, 0x192e1e0, 0xc0003dc358, 0xc0004c6c00)
github.com/caddyserver/caddy/v2@v2.0.0-rc.2/modules/caddyhttp/server.go:203 +0x932
net/http.serverHandler.ServeHTTP(0xc0000ea8c0, 0x192e1e0, 0xc0003dc358, 0xc0005b2700)
net/http/server.go:2807 +0xa3
net/http.initALPNRequest.ServeHTTP(0x19335a0, 0xc0002cea50, 0xc0000ee700, 0xc0000ea8c0, 0x192e1e0, 0xc0003dc358, 0xc0005b2700)
net/http/server.go:3381 +0x8d
net/http.(*http2serverConn).runHandler(0xc00047b080, 0xc0003dc358, 0xc0005b2700, 0xc0004b83e0)
net/http/h2_bundle.go:5720 +0x8b
created by net/http.(*http2serverConn).processHeaders
net/http/h2_bundle.go:5454 +0x4e1
2020/04/14 12:39:37 http: TLS handshake error from 45.113.249.132:50314: remote error: tls: unknown certificate
2020/04/14 12:39:37 http: TLS handshake error from 45.113.249.132:50315: remote error: tls: unknown certificate
2020/04/14 12:39:38 http2: panic serving 45.113.249.132:50316: runtime error: invalid memory address or nil pointer dereference
goroutine 96 [running]:
net/http.(*http2serverConn).runHandler.func1(0xc0003dc3a8, 0xc000067f8e, 0xc00047b680)
net/http/h2_bundle.go:5713 +0x16b
panic(0x144d380, 0x2470800)
runtime/panic.go:969 +0x166
github.com/caddyserver/caddy/v2/modules/caddyhttp.(*Server).ServeHTTP(0xc00059f440, 0x192e1e0, 0xc0003dc3a8, 0xc0002c2000)
github.com/caddyserver/caddy/v2@v2.0.0-rc.2/modules/caddyhttp/server.go:203 +0x932
net/http.serverHandler.ServeHTTP(0xc0000ea8c0, 0x192e1e0, 0xc0003dc3a8, 0xc0000d0e00)
net/http/server.go:2807 +0xa3
net/http.initALPNRequest.ServeHTTP(0x19335a0, 0xc00029d080, 0xc0001cc000, 0xc0000ea8c0, 0x192e1e0, 0xc0003dc3a8, 0xc0000d0e00)
net/http/server.go:3381 +0x8d
net/http.(*http2serverConn).runHandler(0xc00047b680, 0xc0003dc3a8, 0xc0000d0e00, 0xc0004b93a0)
net/http/h2_bundle.go:5720 +0x8b
created by net/http.(*http2serverConn).processHeaders
net/http/h2_bundle.go:5454 +0x4e1

12

@matt can you help now

13

Are you using the latest version? (rc3)

14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.