Using a different port for an additional proxy server

Help
#1

1. Caddy version (caddy version):

v2.4.3

2. How I run Caddy:

a. System environment:

Debian GNU/Linux 10, systemd

b. Command:

Paste command here.

c. Service/unit/compose file:

# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

(common) {
	header / {
		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
		X-Xss-Protection "1; mode=block"
		X-Content-Type-Options "nosniff"
		X-Frame-Options "DENY"
		Content-Security-Policy "upgrade-insecure-requests"
		Referrer-Policy "strict-origin-when-cross-origin"
		Cache-Control "public, max-age=15, must-revalidate"
		Feature-Policy "accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'self'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture *; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'"
	}
	encode gzip
}

www.bobc.uni-bonn.de {
	root * /var/www/wikindx
	file_server
	import common
	log {
		output file /var/log/caddy/access.log
	}
	php_fastcgi unix//run/php/php7.3-fpm.sock
}

www.bobc.uni-bonn.de/adminer* {
	#	root * /usr/share/adminer/adminer
	root * /usr/share/adminer
	file_server
	import common
	log {
		output file /var/log/caddy/access.log
	}
	php_fastcgi unix//run/php/php7.3-fpm.sock
}

http://production.germanistik.uni-bonn.de:2021 {
	reverse_proxy localhost:3000
}

3. The problem I’m having:

I’m trying to run Umami, a web analyzer running as a node.js server as a proxy in my Caddyserver. Umami is running at http://localhost:3000, the main site is running fine, Adminer, too. But I can’t get the reverse proxy working.

4. Error messages and/or full log output:

No error logs, the proxy address gets a timeout

5. What I already tried:

I tried both the attempt shown in the Caddyfile, as well as http://www.bobc.unibonn.de:2021 as the URL

6. Links to relevant resources:

#2

Using / as your matcher will only match requests to exactly /. You probably want to remove the / so that it applies to all requests. See the request matcher docs:

You can simplify all this by using a single site block:

www.bobc.uni-bonn.de {
	root * /var/www/wikindx
	root /adminer* /usr/share/adminer

	import common

	php_fastcgi unix//run/php/php7.3-fpm.sock
	file_server
	
	log {
		output file /var/log/caddy/access.log
	}
}

Are you sure there’s no logs? Caddy will write an error message to logs if it fails to connect to your proxy upstream.

Run journalctl -u caddy --no-pager | less to find your logs. Hit Shift+G to jump to the bottom to see the most recent logs.

What do you see if you make the request with curl -v http://production.germanistik.uni-bonn.de:2021?

#3

Thanks for these great hints, that simplifies the Caddyfile a lot!

The logs from the journalctl command stop after Caddy has started. I added a log directive to the reverse-proxy directive but got nothing after putting the URL in my browser.

The curl command gives a lot of direct output:

* Expire in 0 ms for 6 (transfer 0x5604dcec8e20)
* Expire in 1 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 1 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 1 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 1 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 1 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 1 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 1 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 1 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
* Expire in 0 ms for 1 (transfer 0x5604dcec8e20)
*   Trying 131.220.93.76...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5604dcec8e20)
* Connected to production.germanistik.uni-bonn.de (131.220.93.76) port 2021 (#0)
> GET / HTTP/1.1
> Host: production.germanistik.uni-bonn.de:2021
> User-Agent: curl/7.64.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
< Date: Mon, 26 Jul 2021 23:21:33 GMT
< Etag: "b67-1K60jeYDjII+5TAdQGYaHGybBy4"
< Server: Caddy
< Vary: Accept-Encoding
< X-Powered-By: Next.js
< Transfer-Encoding: chunked
< 
<!DOCTYPE html><html><head><meta charSet="utf-8"/><link rel="icon" href="/favicon.ico"/><link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"/><link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"/><link rel="manifest" href="/site.webmanifest"/><link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"/><meta name="msapplication-TileColor" content="#da532c"/><meta name="theme-color" content="#ffffff"/><meta name="viewport" content="width=device-width, initial-scale=1"/><meta name="next-head-count" content="10"/><link rel="preload" href="/_next/static/css/25adb5e26976efabfed6.css" as="style"/><link rel="stylesheet" href="/_next/static/css/25adb5e26976efabfed6.css" data-n-g=""/><noscript data-n-css=""></noscript><link rel="preload" href="/_next/static/chunks/webpack-50bee04d1dc61f8adf5b.js" as="script"/><link rel="preload" href="/_next/static/chunks/framework.6fff953eb0f638171baa.js" as="script"/><link rel="preload" href="/_next/static/chunks/commons.699dc7725c4ffa5b6d2c.js" as="script"/><link rel="preload" href="/_next/static/chunks/main-5ff3205d3e3be766ed2d.js" as="script"/><link rel="preload" href="/_next/static/chunks/79da0455c8b3e567442e3b7dcf3faf24cc347e75.2cbed7047107a95a8790.js" as="script"/><link rel="preload" href="/_next/static/chunks/f19fd3195dd04850b965ac06991a07274f604423.7a0274925ea5c4511fea.js" as="script"/><link rel="preload" href="/_next/static/chunks/pages/_app-6d21a792c0f2ca2d7cd3.js" as="script"/><link rel="preload" href="/_next/static/chunks/pages/index-060f525e3b4a9bbbcd2b.js" as="script"/></head><body><div id="__next"></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{}},"page":"/","query":{},"buildId":"ya1WSBTQLRdzMVvqaQWWw","nextExport":true,"autoExport":true,"isFallback":false}</script><script nomodule="" src="/_next/static/chunks/polyfills-3fa9f7fa683372911569.js"></script><script src="/_next/static/chunks/webpack-50bee04d1dc61f8adf5b.js* Connection #0 to host production.germanistik.uni-bonn.de left intact
" async=""></script><script src="/_next/static/chunks/framework.6fff953eb0f638171baa.js" async=""></script><script src="/_next/static/chunks/commons.699dc7725c4ffa5b6d2c.js" async=""></script><script src="/_next/static/chunks/main-5ff3205d3e3be766ed2d.js" async=""></script><script src="/_next/static/chunks/79da0455c8b3e567442e3b7dcf3faf24cc347e75.2cbed7047107a95a8790.js" async=""></script><script src="/_next/static/chunks/f19fd3195dd04850b965ac06991a07274f604423.7a0274925ea5c4511fea.js" async=""></script><script src="/_next/static/chunks/pages/_app-6d21a792c0f2ca2d7cd3.js" async=""></script><script src="/_next/static/chunks/pages/index-060f525e3b4a9bbbcd2b.js" async=""></script><script src="/_next/static/ya1WSBTQLRdzMVvqaQWWw/_buildManifest.js" async=""></script><script src="/_next/static/ya1WSBTQLRdzMVvqaQWWw/_ssgManifest.js" async=""></script></body></html>

In the logs, I got:

{"level":"info","ts":1627341036.6689262,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_addr":"131.220.93.76:58430","proto":"HTTP/1.1","method":"GET","host":"production.germanistik.uni-bonn.de:2021","uri":"/","headers":{"User-Agent":["curl/7.64.0"],"Accept":["*/*"]}},"common_log":"131.220.93.76 - - [27/Jul/2021:01:10:36 +0200] \"GET / HTTP/1.1\" 200 2919","duration":0.007108118,"size":2919,"status":200,"resp_headers":{"Date":["Mon, 26 Jul 2021 23:10:36 GMT"],"X-Powered-By":["Next.js"],"Content-Type":["text/html; charset=utf-8"],"Server":["Caddy"],"Etag":["\"b67-1K60jeYDjII+5TAdQGYaHGybBy4\""],"Vary":["Accept-Encoding"]}}
#4

Seems like it’s working then? I’m not seeing any evidence of a problem.

#5

But that’s only with curl. When I put the URL in the browser, Firefox gets a timeout (Opera too, Brave too): Website not reachable (or something like that, in German), ERR_CONNECTION_TIMED_OUT

#6

Are you running curl from the same machine you’re running your browser?

Have you cleared any DNS caches?

#7

:hot_face: Sorry folks, a simple firewall problem, the port was blocked. No problem now …

2 Likes
#8

This topic was automatically closed after 30 days. New replies are no longer allowed.