caddy reverse-proxy --debug --from 10.128.0.48:9002 --to 127.0.0.1:9001
initially tried to proxy from the same port: caddy reverse-proxy --debug --from 10.128.0.48:9001 --to 127.0.0.1:9001
a. System environment:
Ubuntu 20.04.5 LTS
b. Command:
# ip -c -br -4 a l dev eth0
eth0 UP 10.128.0.48/24
# lsof -Pni :9001,9002
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 1614549 root 4u IPv4 19798428 0t0 TCP 127.0.0.1:9001 (LISTEN)
c. Service/unit/compose file:
Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. -->
d. My complete Caddy config:
None
3. The problem Iâm having:
In case of proxying 10.128.0.48:9002 to 127.0.0.1:9001 Caddy tries to bind to 80 by some reason what is confusing behavior from the userâs point of view
In case of proxying 10.128.0.48:9001 to 127.0.0.1:9001 âbind: address already in useâ is even more confusing, seems Caddy is trying to bind to 0.0.0.0 instead
4. Error messages and/or full log output:
# caddy reverse-proxy --debug --from 10.128.0.48:9002 --to 127.0.0.1:9001
2022/12/24 16:40:56.752 WARN admin admin endpoint disabled
2022/12/24 16:40:56.752 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "proxy"}
2022/12/24 16:40:56.752 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc00048d260"}
2022/12/24 16:40:56.753 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2022/12/24 16:40:56.753 INFO tls finished cleaning storage units
2022/12/24 16:40:56.767 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"}
2022/12/24 16:40:56.767 INFO http enabling HTTP/3 listener {"addr": ":9002"}
2022/12/24 16:40:56.767 INFO failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2022/12/24 16:40:56.767 DEBUG http starting server loop {"address": "[::]:9002", "tls": true, "http3": true}
2022/12/24 16:40:56.767 INFO http.log server running {"name": "proxy", "protocols": ["h1", "h2", "h3"]}
2022/12/24 16:40:56.767 INFO tls.cache.maintenance stopped background certificate maintenance {"cache": "0xc00048d260"}
Error: loading new config: http app module: start: listening on :80: listen tcp :80: bind: address already in use
And for the same port:
# caddy reverse-proxy --debug --from 10.128.0.48:9001 --to 127.0.0.1:9001
2022/12/24 16:44:39.546 WARN admin admin endpoint disabled
2022/12/24 16:44:39.546 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "proxy"}
2022/12/24 16:44:39.548 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0005f63f0"}
2022/12/24 16:44:39.548 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2022/12/24 16:44:39.548 INFO tls finished cleaning storage units
2022/12/24 16:44:39.562 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"}
2022/12/24 16:44:39.562 INFO tls.cache.maintenance stopped background certificate maintenance {"cache": "0xc0005f63f0"}
Error: loading new config: http app module: start: listening on :9001: listen tcp :9001: bind: address already in use
Hello @francislavoie
Thanks a lot for the explanation!
This statement seems a bit confusing:
Perhaps you mean itâs not about what I want, but about what I have to do (so this is the only option)?
Because in this scenario I donât care about bind, I just want to make it work out-of-the-box ÂŻ_(ă)_/ÂŻ
Let me try to summarize: if you proxy to the same port on the localhost - you MUST use bind to specific interface and you MUST use Caddyfile
Correct?
If yes - I believe that should be added in documentation, coz current behaviour is really confusing
Thanks for the clarification!
Is there any chance that adding --bind to reverse-proxy cli feature can be considered as a future improvement (someday somehow)? @emilylange@francislavoie
But I strongly recommend using a Caddyfile if you plan to leave the proxy running long-term, itâs a much better way to keep it running because you have a file that keeps your config so you donât need to remember the exact arguments to use for the command to run it, and you can use systemd to keep Caddy running if you reboot your server.
The CLI commands are really just meant for quick-and-dirty use when testing stuff or to proxy a development server. If youâre doing anything more complex than that, a config file is the way to go.
Yes @francislavoie that was exactly for testing.
I was thinking âwhy spend time for writing 20 lines of nginx.conf if I can do it as usual just in 1 command with Caddyâ.
And got stuck.
And had to get back to nginx.conf
So I will submit feature request if you donât mind.
Frankly speaking all 3 parts could be improved:
documentation
diagnostic message (I believe Caddy could try to give us a hint for such scenario, not just âaddress already in useâ)
Well, that message is accurate. You canât listen to port 9001 when you already have a service using that port. That message is coming from the kernel (or if not, the Go stdlib, anyway).
Using bind would allow you to specify the interface (i.e. the IP address) to bind to, and that might work if your other service is also binding to a specific interface (i.e. not 0.0.0.0, which means âall IPv4 interfacesâ).
Otherwise, you should just use a different port number.
I got your point
But the fact that some message comes from kernel doesnât make user interaction perfect by default and it doesnât mean things canât be done better.
Recently I was debugging Wireguard and also got that âaddress already in useâ.
I re-checked my setup dozen times (I have a lot of network interfaces and a lot of suntetworks in use and some IP conflict was somehow possible) so I really was confused because found nothing.
And only after some time I realized that it was not about (IP) address conflict but about port conflict.
So this kernel message is far from perfect, believe me
Well a source address includes the port. The message is accurate. You made the assumption that the address does not include the port, which is incorrect.
Sorry for bothering you again @francislavoie , I met almost the same issue, and donât want to duplicate request.
So here is the case - just for test I need simplest reverse proxy, plain HTTP.
Based on your previous advice I used HTTP prefixes, but got the same unexpected result as in my 1st scenario :
$ caddy reverse-proxy --from http://10.128.0.48:12080 --to http://127.0.0.1:42249
2023/01/19 19:58:59.063 WARN admin admin endpoint disabled
2023/01/19 19:58:59.063 INFO http enabling automatic HTTP->HTTPS redirects {âserver_nameâ: âproxyâ}
2023/01/19 19:58:59.064 INFO tls.cache.maintenance started background certificate maintenance {âcacheâ: â0xc0003fd030â}
2023/01/19 19:58:59.064 INFO tls cleaning storage unit {âdescriptionâ: âFileStorage:/root/.local/share/caddyâ}
2023/01/19 19:58:59.065 INFO tls finished cleaning storage units
2023/01/19 19:58:59.087 INFO pki.ca.local root certificate is already trusted by system {âpathâ: âstorage:pki/authorities/local/root.crtâ}
2023/01/19 19:58:59.087 INFO http enabling HTTP/3 listener {âaddrâ: â:12080â}
2023/01/19 19:58:59.087 INFO failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See UDP Receive Buffer Size ¡ quic-go/quic-go Wiki ¡ GitHub for details.
2023/01/19 19:58:59.087 INFO http.log server running {ânameâ: âproxyâ, âprotocolsâ: [âh1â, âh2â, âh3â]}
2023/01/19 19:58:59.087 INFO tls.cache.maintenance stopped background certificate maintenance {âcacheâ: â0xc0003fd030â}
Error: loading new config: http app module: start: listening on :80: listen tcp :80: bind: address already in use
Is there some simple way(one-liner in CLI would be perfect) to disable all those great automatic features and just get the simplest reverse proxy?
Thanks in advance!
: