Unable to get proxy working

James_Hewitt · November 20, 2018, 9:41pm

A while a go I started playing around with caddy, mainly to try to begin my learning of it however I put it aside as life got in the way. Now I am returning and I have been able to make some progress but I have hit another wall.
As a basic set up I have the following:

mydomain.co.uk, www.mydomain.co.uk {
    root /var/www
    gzip {
	ext .html .htm .php
	level 6
    }
    minify
    tls {
	dns godaddy
    }
}

And this works great, it serves up my very basic index.html file I have saved in /var/www. I’m now trying to add a proxy to sonarr which is hosted on another device running in a docker and with a web root of /sonarr. I have added this (after root and before gzip):

    proxy /sonarr 192.168.1.100:8989 {
				  transparent
				  }

Now a couple things happen, when I had accidentally typed in the wrong internal IP in the caddy file and try to reach mydomain.co.uk - mydomain Resources and Information. I get a 502 bad gateway error but after I corrected this mistake I now get a “This site can’t be reached error”. Both completely baffle me as I would at least assume I should be getting the error the other way round.

Hopefully someone can point out my obvious mistakes!

Whitestrake · November 20, 2018, 11:16pm

Hi @James_Hewitt,

First step would be to try figure out what Caddy sees when it tries to connect to the upstream server for you.

If you can run the command curl -IL http://192.168.1.100:8989/sonarr from the Caddy host, it’ll give us an idea of what response Caddy’s getting.

P.S. Just as a point of terminology - when we refer to the web root, we’re generally talking about the location on disk that site files should be served out of with respect to the URI of the request. Putting Sonarr under the subfolder /sonarr is universally referred to as a base path or base URL, and you’ll find a setting in Sonarr labeled as such to support this configuration.

James_Hewitt · November 21, 2018, 1:02am

Ah sorry, still learning! Think I said web root because my mind read something half related recently.

I can that command and I get

HTTP/1.1 200 OK
X-ApplicationVersion: 2.0.0.5252
X-UA-Compatible: IE=edge
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: text/html
Server: Mono-HTTPAPI/1.0
Date: Wed, 21 Nov 2018 00:59:24 GMT
Content-Length: 0
Keep-Alive: timeout=15,max=100

Whitestrake · November 21, 2018, 1:06am

No worries!

That looks like a good response from Sonarr. Next step would be to have a look at the details of Caddy’s response.

Try curl -IL -H "Host:mydomain.co.uk" https://localhost/, swapping mydomain.co.uk as appropriate to match the site label in your Caddyfile. You should get a similar response to the above.

James_Hewitt · November 21, 2018, 9:23am

Just ran that query and I got the following response:

curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error

I also tried running curl -IL -H "Host:mydomain.co.uk" https://192.168.1.30:8989/ just in case it helps because I didn’t really understand what the command was trying to do and got the following response:

curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Whitestrake · November 21, 2018, 10:24am

That’s, uhh, a strange bug. Is Caddy running on the standard ports?

Do you still get it if you try, say, curl -IL https://google.com/ ?

As for the command, going through it backwards real quick:

https://localhost/ - connect to yourself over standard HTTPS (implicit port 443)
-H "host:mydomain.co.uk" tell the server you want to access mydomain.co.uk (not localhost)
-IL fetch the server’s headers, not the content, and follow any redirects

I just realised it wouldn’t have worked, anyway, because curl will still expect a certificate that matches localhost.

The command that will work is: curl -IL https://mydomain.co.uk --resolve 'mydomain.co.uk:443:localhost'

That is assuming the SSL3 error doesn’t keep appearing.

James_Hewitt · November 21, 2018, 5:06pm

That last curl command appears to have worked. I now get:

HTTP/2 200
accept-ranges: bytes
content-type: text/html; charset=utf-8
etag: "piil60kv"
last-modified: Tue, 20 Nov 2018 22:58:48 GMT
server: Caddy
date: Wed, 21 Nov 2018 17:04:08 GMT

And as a side note, trying Google also appeared to work.

Whitestrake · November 21, 2018, 11:16pm

OK, one more slightly modified version to try: curl -IL https://mydomain.co.uk/sonarr --resolve 'mydomain.co.uk:443:localhost'

James_Hewitt · November 22, 2018, 10:40am

That seems to have returned a better result…

HTTP/2 200
cache-control: no-cache, no-store, must-revalidate
content-type: text/html
date: Thu, 22 Nov 2018 10:39:16 GMT
expires: 0
pragma: no-cache
server: Caddy
server: Mono-HTTPAPI/1.0
x-applicationversion: 2.0.0.5252
x-ua-compatible: IE=edge

Whitestrake · November 22, 2018, 12:31pm

server: Mono-HTTPAPI/1.0

Looks like Sonarr is responding fine. Does https://mydomain.co.uk/sonarr still give a status 502 or a “This site can’t be reached” error in your browser?

James_Hewitt · November 23, 2018, 7:33am

Can’t be reached. The error code is ERR_CONTENT_DECODING_FAILED

Whitestrake · November 23, 2018, 2:18pm

Content decoding… Hmm. Try disabling gzip, reloading Caddy, and refreshing?

James_Hewitt · November 23, 2018, 4:40pm

I disabled gzip but no change. I enabled it again and disabled minify and it worked! Should have checked that all first but had been following a set up guide so didn’t know how everything worked.

Thanks very much for your patience and help!

system · February 21, 2019, 4:40pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.