Using ip_mask filter with 2.5 [actually an init script issue]

Help
1

1. Caddy version (caddy version): 2.5

$ /usr/bin/caddy version
v2.5.0 h1:eRHzZ4l3X6Ag3kUt8nj5IxATprhqKq/wToP7OHlXWA0=

2. How I run Caddy:

https://ponce.cc

a. System environment:

lxc container with slackware64-15.0.
$ uname -a
Linux chuckd 5.17.2 #1 SMP PREEMPT Fri Apr 8 14:20:27 CEST 2022 x86_64 Intel(R) Core™ i7 CPU 930 @ 2.80GHz GenuineIntel GNU/Linux

b. Command:

launch command:
su - $CADDYUSR -c "XDG_DATA_HOME=/var/lib XDG_CONFIG_HOME=/etc $CADDYBIN run --environ --config $CADDYCFG >> /var/log/caddy/caddy.log 2>&1"

c. Service/unit/compose file:

#!/bin/bash

CADDYUSR=caddy
CADDYGRP=caddy
CADDYBIN=/usr/bin/caddy
CADDYCFG=/etc/caddy/Caddyfile
CADDYLOG=/var/log/caddy/caddy.log

caddy_start() {
  echo "Starting caddy"
  if [ -S /run/caddy/admin.socket ] ; then
    echo "Already running!"
    return
  fi
  su - $CADDYUSR -c "XDG_DATA_HOME=/var/lib XDG_CONFIG_HOME=/etc $CADDYBIN validate --config $CADDYCFG >> /var/log/caddy/caddy.log 2>&1"
  mkdir -p /run/caddy
  chown -R $CADDYUSR:$CADDYGRP /run/caddy
  su - $CADDYUSR -c "XDG_DATA_HOME=/var/lib XDG_CONFIG_HOME=/etc $CADDYBIN run --environ --config $CADDYCFG >> /var/log/caddy/caddy.log 2>&1" &
}

caddy_stop() {
  echo "Stopping caddy"
  if [ -S /run/caddy/admin.socket ] ; then
    su - $CADDYUSR -c "$CADDYBIN stop -address unix//run/caddy/admin.socket"
    rm -f /run/caddy/admin.socket
  else
    echo "Not running!"
  fi
}

caddy_reload() {
  if [ -S /run/caddy/admin.socket ] ; then
    echo "Reloading caddy"
    su - $CADDYUSR -c "XDG_DATA_HOME=/var/lib XDG_CONFIG_HOME=/etc $CADDYBIN reload --config $CADDYCFG"
  else
    echo "Not running!"
  fi
}

caddy_restart() {
  caddy_stop
  sleep 1
  caddy_start
}

case "$1" in
'start')
  caddy_start
  ;;
'stop')
  caddy_stop
  ;;
restart)
  caddy_restart
  ;;
reload)
  caddy_reload
  ;;
*)
  echo "usage $0 start|stop|restart|reload"
esac

d. My complete Caddyfile or JSON config:

{                                                                                                                                                                                                                                                                                                  
  order cgi last                                                                                                                                                                                                                                                                                   
  admin "unix//run/caddy/admin.socket"                                                                                                                                                                                                                                                             
}                                                                                                                                                                                                                                                                                                  
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   
ponce.cc ponce.cc:80 {                                                                                                                                                                                                                                                                             
  root * /var/www/htdocs                                                                                                                                                                                                                                                                           
  encode zstd gzip                                                                                                                                                                                                                                                                                 
  file_server {                                                                                                                                                                                                                                                                                    
    index index.htm index.html                                                                                                                                                                                                                                                                     
    browse                                                                                                                                                                                                                                                                                         
  }                                                                                                                                                                                                                                                                                                
  log {                                                                                                                                                                                                                                                                                            
    format filter {                                                                                                                                                                                                                                                                                
      wrap console                                                                                                                                                                                                                                                                                 
      fields {                                                                                                                                                                                                                                                                                     
        request>remote_ip ip_mask {                                                                                                                                                                                                                                                                
          ipv4 24                                                                                                                                                                                                                                                                                  
          ipv6 56                                                                                                                                                                                                                                                                                  
        }                                                                                                                                                                                                                                                                                          
      }                                                                                                                                                                                                                                                                                            
    }                                                                                                                                                                                                                                                                                              
    output file /var/log/caddy/ponce.cc.log                                                                                                                                                                                                                                                        
  }                                                                                                                                                                                                                                                                                                
}

3. The problem I’m having:

remote_ip still shows in the logs

4. Error messages and/or full log output:

{"level":"info","ts":1651080138.101779,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"142.132.143.107","remote_port":"14882","proto":"HTTP/1.1","method":"GET","host":"ponce.cc","uri":"/slackware/slackware-14.1/packages/stella-4.6.1-i486-1ponce.lst","headers":{"Connection":["close"],"User-Agent":["Mozilla/5.0 (compatible; DataForSeoBot/1.0; +https://dataforseo.com/dataforseo-bot)"],"Accept-Encoding":["gzip, deflate, br"],"Upgrade-Insecure-Requests":["1"]},"tls":{"resumed":false,"version":772,"cipher_suite":4867,"proto":"http/1.1","server_name":"ponce.cc"}},"user_id":"","duration":0.009822473,"size":9375,"status":200,"resp_headers":{"Content-Length":["9375"],"Server":["Caddy"],"Etag":["\"o63hyq78f\""],"Content-Type":[],"Last-Modified":["Sat, 23 Apr 2016 16:32:50 GMT"]}}

5. What I already tried:

applied the example as described at the bottom of the page linked below

6. Links to relevant resources:

2

Works for me.

For sake of example, since I’m testing on LAN, my IP is 127.0.0.1, I used ipv4 1 to just do a “super aggressive” mask:

:8888 {
	log {
		format filter {
			wrap console
			fields {
				request>remote_ip ip_mask {
					ipv4 1
					ipv6 56
				}
			}
		}
	}
	respond "foo"
}

Then with curl localhost:8888, I get in this in my logs:

1.6510827211412401e+09	info	http.log.access.log0	handled request	{"request": {"remote_ip": "0.0.0.0", "remote_port": "37910", "proto": "HTTP/1.1", "method": "GET", "host": "localhost:8888", "uri": "/", "headers": {"User-Agent": ["curl/7.74.0"], "Accept": ["*/*"]}}, "user_id": "", "duration": 0.000069021, "size": 3, "status": 200, "resp_headers": {"Server": ["Caddy"], "Content-Type": []}}
1 Like
3

thanks a lot Francis,

your confirmation made me have a better look and actually what was happening is that the original caddy process never stopped because when I was trying to stop it (like described in the init file above) using a command like

su - $CADDYUSR -c "$CADDYBIN stop -address unix//run/caddy/admin.socket"

that worked with 2.4.x the server won’t stop answering

Stopping caddy
2022/04/28 07:19:09.204 WARN    failed using API to stop instance       {"error": "performing request: Post \"//%20/unixsocket/stop\": unsupported protocol scheme \"\""}
stop: performing request: Post "//%20/unixsocket/stop": unsupported protocol scheme ""

so the ip_mask directive wasn’t actually applied…

if I just kill the processes, remove the socket and restart caddy ip_mask works as intended, sorry for the noise.

I’ll have a deeper look at the changes introduced with this version. :books:

1 Like
4

:man_facepalming:

Oops, looks like we broke unix socket addresses with a change to some of the CLI commands. I can replicate the issue. I’ll try to fix it.

5

Got it:

6

thanks for this too!
so I think I’ll wait for 2.5.1 to update my caddies (and maybe open a new topic on how to package it from source for Slackware).

7

You can build from source easily with xcaddy:

8

just a curiosity, I hope not being too OT in this topic…

how do you apply a patch (like the one for which you opened a pull request for) for caddy or even for some plugin when building with xcaddy?
it’s safe to build it with a syntax like this (I’ve tried and it seems to work)?

xcaddy build f24853e --with github.com/aksdb/caddy-cgi/v2
9

Yep, that syntax works. The first argument can be any kind of git ref on the Caddy repo. It can also be the branch name for that PR if you want.

10

This topic was automatically closed after 30 days. New replies are no longer allowed.