Using caddy as a proxy to Cockpit

teras · April 28, 2025, 5:29pm

1. The problem I’m having:

Hello community! I am trying to run cockpit behind caddy. I 've seen this post that mentions how to properly set it up.

The problem is that after 5’ the connection terminates.

2. Error messages and/or full log output:

What I see after 5’ in the cockpit interface is:

Disconnected
Server has closed the connection.

Reconnect

It looks like, the web socket times out after 5’ and is not kept alive. I tried to keep it alive with options like

            transport http {
                tls_insecure_skip_verify
                keepalive 2h
                keepalive_interval 30s
                keepalive_idle_conns 100
                keepalive_idle_conns_per_host 10
            }

but this didn’t work either. Is something else I should put there?

3. Caddy version:

v2.10.0

4. How I installed and ran Caddy:

deb [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main

deb-src [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main

a. System environment:

Run directly on the OS level.
Debian GNU/Linux trixie/sid

b. Command:

run through regular systemd mechanism inside the debian package

c. Service/unit/compose file:

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddy config:


my.domain {
    @allowed remote_ip my.external.ip
    handle @allowed {
        reverse_proxy my.internal.ip9090 {
            transport http {
                tls_insecure_skip_verify
                keepalive 2h
                keepalive_interval 30s
                keepalive_idle_conns 100
                keepalive_idle_conns_per_host 10
            }
        }
    }
    respond 404
}

Mohammed90 · May 3, 2025, 10:30pm

There’s no timeout for websockets

stream_timeout is a duration value after which streaming requests such as WebSockets will be forcibly closed at the end of the timeout. This essentially cancels connections if they stay open too long. A reasonable starting point might be 24h to cull connections older than a day. Default: no timeout.

Are you sure the termination of the connection is by Caddy and not by the network or upstream?

teras · May 3, 2025, 11:28pm

I am connecting practically on localhost. I alias my IP/port with a name, so that I can connect without having to remember the cockpit port. So it shouldn’t be a network issue.

Moreover, when I connect directly, i.e. using 192.168.1.7:9090 there’s no problem at all.

When I connect through caddy, it connects and after 5 minutes I need to force reload. When I reload I don’t need to re-login but still it is very annoying.

I can see that the default value of stream_timeout is “no timeout”. But this is not related, what other issue could it be?

Thank you for your attention btw.