1. My Caddy version (v2.0.0-rc.2 h1:7NOaxYrsnQ5D3rcLGn2UnLZHLfBpgrfM/JNTLhjCJ1c=):
2. How I run Caddy:
systemd service from provided caddy.service file on github
a. System environment:
Ubuntu Server 18.04.4
c. Service/unit/compose file:
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target
[Service]
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
mydomain.space {
root * /srv/files
encode gzip
file_server browse
basicauth /data/* {
Bob JDJhJDEwJEVCNmdaNEg2Ti5iejRMYkF3MFZhZ3VtV3E1SzBWZEZ5Q3VWc0tzOEJwZE9TaFlZdEVkZDhX
}
}
mydomain.space/app/ {
respond "app"
}
I had to redact the domain name, but it’s a .space TLD if that matters.
There is an index.html file in /srv/files
Then, /srv/files/data/* is just a bunch of zip files etc… that I want the user to be able to browse and download.
3. The problem I’m having:
The config works as intended if I remove the basicauth directive. As in, I can go to the domain and see the rendered index.html, then if I go to xxxxxx.space/data/, I can browse all the files and subdirectories in there.
But when I place that basicauth directive there as shown in my config file above, I can still go to xxxxxx.space and see the index.html as intended, but going to xxxxxx.space/data/ throws a “Secure Connection Failed” error in Firefox and throws an error in caddy as well.
4. Error messages and/or full log output:
Apr 10 21:46:48 vps203057 caddy[835]: 2020/04/10 21:46:48 http2: panic serving xx.xxx.xxx.xxx:8611: runtime error: invalid memory address or nil pointer dereference
Apr 10 21:46:48 vps203057 caddy[835]: goroutine 2247 [running]:
Apr 10 21:46:48 vps203057 caddy[835]: net/http.(*http2serverConn).runHandler.func1(0xc0003ac028, 0xc000b3df8e, 0xc000001e00)
Apr 10 21:46:48 vps203057 caddy[835]: net/http/h2_bundle.go:5713 +0x16b
Apr 10 21:46:48 vps203057 caddy[835]: panic(0x144d380, 0x2470800)
Apr 10 21:46:48 vps203057 caddy[835]: runtime/panic.go:969 +0x166
Apr 10 21:46:48 vps203057 caddy[835]: github.com/caddyserver/caddy/v2/modules/caddyhttp.(*Server).ServeHTTP(0xc000291200, 0x192e1e0, 0xc0003ac028, 0xc000358b00)
Apr 10 21:46:48 vps203057 caddy[835]: github.com/caddyserver/caddy/v2@v2.0.0-rc.2/modules/caddyhttp/server.go:203 +0x932
Apr 10 21:46:48 vps203057 caddy[835]: net/http.serverHandler.ServeHTTP(0xc0000f6460, 0x192e1e0, 0xc0003ac028, 0xc000358800)
Apr 10 21:46:48 vps203057 caddy[835]: net/http/server.go:2807 +0xa3
Apr 10 21:46:48 vps203057 caddy[835]: net/http.initALPNRequest.ServeHTTP(0x19335a0, 0xc00037ea50, 0xc0003cc700, 0xc0000f6460, 0x192e1e0, 0xc0003ac028, 0xc000358800)
Apr 10 21:46:48 vps203057 caddy[835]: net/http/server.go:3381 +0x8d
Apr 10 21:46:48 vps203057 caddy[835]: net/http.(*http2serverConn).runHandler(0xc000001e00, 0xc0003ac028, 0xc000358800, 0xc00075a800)
Apr 10 21:46:48 vps203057 caddy[835]: net/http/h2_bundle.go:5720 +0x8b
Apr 10 21:46:48 vps203057 caddy[835]: created by net/http.(*http2serverConn).processHeaders
Apr 10 21:46:48 vps203057 caddy[835]: net/http/h2_bundle.go:5454 +0x4e1
5. What I already tried:
I’ve tried placing the basicauth directive as a subdirective under file_server browse {} but it doesn’t belong there.
I tried a series of different passwords to hash through caddy hash-password but that didn’t change anything. Plus I’m settling for the example of Bob hiccup for testing.
I also tried changing the matcher to * , /*, /data*, /data/ but then the error occurs on each respective matcher uri.
One thing I found odd was when I tried removing the encode gzip and the file_server browse directive just to see if I could basicauth without the file_server, it still gave me the errors on xxxx.space/data/ but when I went to the TLD, it no longer served the index.html content. Just a blank page.
I’m not greatly experienced with this stuff, but I can usually trial-and-error my way out of it… Just not this time.