Thanks francis. There appears to be an error in the logs. Could you please assist me?
1. Curl -v output:
idfyinfra@LA-255:~$ curl -v https://firewall.localhost
* Trying ::1:443...
* Connected to firewall.localhost (::1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: [NONE]
* start date: Jul 14 04:44:54 2023 GMT
* expire date: Jul 14 16:44:54 2023 GMT
* subjectAltName: host "firewall.localhost" matched cert's "firewall.localhost"
* issuer: CN=Caddy Local Authority - ECC Intermediate
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55b72e19de90)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: firewall.localhost
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 502
< alt-svc: h3=":443"; ma=2592000
< server: Caddy
< content-length: 0
< date: Fri, 14 Jul 2023 07:58:52 GMT
<
* Connection #0 to host firewall.localhost left intact
2. journalctl output:
Jul 14 13:32:52 LA-255 caddy[4549]: {"level":"debug","ts":1689321772.7606726,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.20.10:443","total_upstreams":1}
Jul 14 13:32:52 LA-255 caddy[4549]: {"level":"debug","ts":1689321772.798875,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.20.10:443","duration":0.038129803,"request":{"remote_ip":"127.0.0.1","remote_port":"48512","proto":"HTTP/2.0","method":"GET","host":"southcisco.localhost","uri":"/","headers":{"X-Forwarded-Host":["southcisco.localhost"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"X-Forwarded-Proto":["https"],"Upgrade-Insecure-Requests":["1"],"X-Forwarded-For":["127.0.0.1"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Te":["trailers"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"southcisco.localhost"}},"error":"EOF"}
Jul 14 13:32:52 LA-255 caddy[4549]: {"level":"error","ts":1689321772.7989633,"logger":"http.log.error","msg":"EOF","request":{"remote_ip":"127.0.0.1","remote_port":"48512","proto":"HTTP/2.0","method":"GET","host":"southcisco.localhost","uri":"/","headers":{"Sec-Fetch-Mode":["navigate"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Te":["trailers"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"southcisco.localhost"}},"duration":0.038306246,"status":502,"err_id":"31v31v18p","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}
Jul 14 13:32:58 LA-255 caddy[4549]: {"level":"debug","ts":1689321778.605507,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"10.10.10.1:17322","total_upstreams":1}
Jul 14 13:32:58 LA-255 caddy[4549]: {"level":"debug","ts":1689321778.6197236,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"10.10.10.1:17322","duration":0.014158445,"request":{"remote_ip":"127.0.0.1","remote_port":"48522","proto":"HTTP/2.0","method":"GET","host":"firewall.localhost","uri":"/","headers":{"Sec-Fetch-Site":["none"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Cookie":[],"Sec-Fetch-Dest":["document"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["firewall.localhost"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br"],"Te":["trailers"],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-For":["127.0.0.1"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-User":["?1"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"firewall.localhost"}},"error":"EOF"}
Jul 14 13:32:58 LA-255 caddy[4549]: {"level":"error","ts":1689321778.6198046,"logger":"http.log.error","msg":"EOF","request":{"remote_ip":"127.0.0.1","remote_port":"48522","proto":"HTTP/2.0","method":"GET","host":"firewall.localhost","uri":"/","headers":{"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br"],"Cookie":[],"Sec-Fetch-Dest":["document"],"Sec-Fetch-Mode":["navigate"],"User-Agent":["Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0"],"Accept-Language":["en-US,en;q=0.5"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Te":["trailers"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"firewall.localhost"}},"duration":0.014314546,"status":502,"err_id":"rv47y2bve","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}