Using Caddy to reverse proxy SOAP Service

ndolph · January 28, 2021, 9:37pm

Before I get too far into this, I need to know if I’m missing passing something through. My Caddyfile is quite small and posted below. Domains have been redacted due to security reasons as we don’t have the backend system fully locked down yet.

We are attempting to reverse proxy into a Dynamics NAV 2018 SOAP Service. The reverse proxy works great for small tasks but when a big task is thrown at it we end up with 400 errors that stop everything. I’ve also noticed an alarming amount of 401 errors in the logs… I’m wondering if there is something I’m not passing properly… any help would be great, I can’t seem to find anything on this and I’ve been battling it for about two weeks now.

1. Caddy version (`caddy version`): v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=

2. How I run Caddy:

Using a Caddyfile →

a. System environment:

Ubuntu & Microsoft Dynamics NAV 2018 Web Service

b. Command:

service caddy start

c. Service/unit/compose file:

N/A

d. My complete Caddyfile or JSON config:

nav.domain.com:7057 {
        reverse_proxy nav.server.public.ip:8005
        log {
                output file /var/log/access.log {
                        level error
                        roll_size 1gb
                        roll_keep 5
                        roll_keep_for 720h
                }
        }
}

3. The problem I’m having:

Lots of 401 errors in the log, and occasionally a 400 error. The 400 error is a show stopper but the 401 errors don’t seem to do a lot? I don’t know if they go hand in hand or what but I must be missing SOMETHING…

4. Error messages and/or full log output:

{"level":"error","ts":1611852578.563241,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"23.96.235.205:59217","proto":"HTTP/1.1","method":"POST","host":"nav.domain.com:7057","uri":"/NAV_TEST/WS/Campbell%20Supply%20Test/Codeunit/SC_NAV_WebService","headers":{"Soapaction":["\"urn:microsoft-dynamics-schemas/codeunit/SC_NAV_WebService:ProcessRequest\""],"Content-Length":["1217"],"Expect":["100-continue"],"User-Agent":["Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.42000)"],"Content-Type":["text/xml; charset=utf-8"]},"tls":{"resumed":false,"version":771,"cipher_suite":49196,"proto":"","proto_mutual":true,"server_name":"nav.domain.com"}},"common_log":"23.96.235.205 - - [28/Jan/2021:16:49:38 +0000] \"POST /NAV_TEST/WS/Campbell%20Supply%20Test/Codeunit/SC_NAV_WebService HTTP/1.1\" 401 0","duration":0.091340441,"size":0,"status":401,"resp_headers":{"Server":["Caddy","Microsoft-HTTPAPI/2.0"],"Content-Length":["0"],"Www-Authenticate":["Negotiate"],"Date":["Thu, 28 Jan 2021 16:49:38 GMT"]}}
{"level":"error","ts":1611852578.7265854,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"23.96.235.205:59218","proto":"HTTP/1.1","method":"POST","host":"nav.domain.com:7057","uri":"/NAV_TEST/WS/Campbell%20Supply%20Test/Codeunit/SC_NAV_WebService","headers":{"User-Agent":["Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.42000)"],"Content-Type":["text/xml; charset=utf-8"],"Soapaction":["\"urn:microsoft-dynamics-schemas/codeunit/SC_NAV_WebService:ProcessRequest\""],"Authorization":["Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAKAGNFAAAADw=="],"Content-Length":["0"]},"tls":{"resumed":false,"version":771,"cipher_suite":49196,"proto":"","proto_mutual":true,"server_name":"nav.domain.com"}},"common_log":"23.96.235.205 - - [28/Jan/2021:16:49:38 +0000] \"POST /NAV_TEST/WS/Campbell%20Supply%20Test/Codeunit/SC_NAV_WebService HTTP/1.1\" 401 0","duration":0.047850755,"size":0,"status":401,"resp_headers":{"Server":["Caddy","Microsoft-HTTPAPI/2.0"],"Content-Length":["0"],"Www-Authenticate":["Negotiate TlRMTVNTUAACAAAABgAGADgAAAAVgoni/s+bXup4fncAAAAAAAAAAG4AbgA+AAAACgA5OAAAAA9DAFMAQwACAAYAQwBTAEMAAQAGAFQARABGAAQAEgBjAHMAYwAuAGwAbwBjAGEAbAADABoAVABEAEYALgBjAHMAYwAuAGwAbwBjAGEAbAAFABIAYwBzAGMALgBsAG8AYwBhAGwABwAIALItE5GV9dYBAAAAAA=="],"Date":["Thu, 28 Jan 2021 16:49:38 GMT"]}}
{"level":"info","ts":1611852578.8741202,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"23.96.235.205:59218","proto":"HTTP/1.1","method":"POST","host":"nav.domain.com:7057","uri":"/NAV_TEST/WS/Campbell%20Supply%20Test/Codeunit/SC_NAV_WebService","headers":{"Soapaction":["\"urn:microsoft-dynamics-schemas/codeunit/SC_NAV_WebService:ProcessRequest\""],"Authorization":["Negotiate TlRMTVNTUAADAAAAGAAYAIAAAAAsASwBmAAAAAAAAABYAAAADgAOAFgAAAAaABoAZgAAABAAEADEAQAAFYKI4goAY0UAAAAPIhGQ5anSVBiXANJEohJvRVMAQwBfAFUAUwBFAFIAYwBhAG0AcABiAGUAbABsAC0AcwBjADAAMQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIW0jFg49Jw8dhkSbmXKM9AQEAAAAAAACyLRORlfXWAWq3AxZRJERrAAAAAAIABgBDAFMAQwABAAYAVABEAEYABAASAGMAcwBjAC4AbABvAGMAYQBsAAMAGgBUAEQARgAuAGMAcwBjAC4AbABvAGMAYQBsAAUAEgBjAHMAYwAuAGwAbwBjAGEAbAAHAAgAsi0TkZX11gEGAAQAAgAAAAgAMAAwAAAAAAAAAAAAAAAAQAAALSrOSzEYbh1lS9Y6HMhJFWH44IlddKjzOb9Nu4H2694KABAAFCrQ9wbf7ltHOLudBJhGDQkAOgBIAFQAVABQAC8AbgBhAHYALgBjAGEAbQBwAGIAZQBsAGwAcwB1AHAAcABsAHkAYwBvAC4AYwBvAG0AAAAAAAAAAAAW1D4I2OERgtbrKgBv5f2C"],"Content-Length":["1217"],"Expect":["100-continue"],"User-Agent":["Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.42000)"],"Content-Type":["text/xml; charset=utf-8"]},"tls":{"resumed":false,"version":771,"cipher_suite":49196,"proto":"","proto_mutual":true,"server_name":"nav.domain.com"}},"common_log":"23.96.235.205 - - [28/Jan/2021:16:49:38 +0000] \"POST /NAV_TEST/WS/Campbell%20Supply%20Test/Codeunit/SC_NAV_WebService HTTP/1.1\" 200 11426","duration":0.119120432,"size":11426,"status":200,"resp_headers":{"Server":["Caddy","Microsoft-HTTPAPI/2.0"],"Content-Length":["11426"],"Content-Type":["text/xml; charset=utf-8"],"Date":["Thu, 28 Jan 2021 16:49:38 GMT"]}}
{"level":"error","ts":1611852578.9594343,"logger":"http.log.access.log0","msg":"handled request","request":{"remote_addr":"23.96.235.205:59217","proto":"HTTP/1.1","method":"POST","host":"nav.domain.com:7057","uri":"/NAV_TEST/WS/Campbell%20Supply%20Test/Codeunit/SC_NAV_WebService","headers":{"Content-Type":["text/xml; charset=utf-8"],"Soapaction":["\"urn:microsoft-dynamics-schemas/codeunit/SC_NAV_WebService:ProcessRequest\""],"Content-Length":["1217"],"Expect":["100-continue"],"User-Agent":["Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.42000)"]},"tls":{"resumed":false,"version":771,"cipher_suite":49196,"proto":"","proto_mutual":true,"server_name":"nav.domain.com"}},"common_log":"23.96.235.205 - - [28/Jan/2021:16:49:38 +0000] \"POST /NAV_TEST/WS/Campbell%20Supply%20Test/Codeunit/SC_NAV_WebService HTTP/1.1\" 401 0","duration":0.042509854,"size":0,"status":401,"resp_headers":{"Server":["Caddy","Microsoft-HTTPAPI/2.0"],"Content-Length":["0"],"Www-Authenticate":["Negotiate"],"Date":["Thu, 28 Jan 2021 16:49:38 GMT"]}}

5. What I already tried:

The NAV Server can use SSL, I installed a self signed cert and it always ended up with a 504 error then even after using tls_insecure_skip_verify it still returned errors, so switched back to using HTTP on the NAV Server and HTTPS still on Caddy.

6. Links to relevant resources:

I don’t know?

francislavoie · January 28, 2021, 11:26pm

Unfortunately, there’s not much to say, frankly. You’ll need to dig into the logs of the service you’re proxying to. It’s the one returning these errors, not Caddy.

ndolph · January 29, 2021, 2:19pm

There are no error logs on the service side that I can find… I’ll do some more digging, but I was wondering if I wasn’t passing something through, but if reverse-proxy just forwards everything along then I should be fine?

ndolph · January 29, 2021, 8:12pm

So now that I’m bypassing Caddy and running direct to the server I have no 400 errors… Something must not be getting through the proxy or a timeout is happening?

system · February 27, 2021, 9:37pm

This topic was automatically closed after 30 days. New replies are no longer allowed.