1. Output of caddy version
:
root@srv ~# docker exec -it caddy caddy version
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I run Caddy:
a. System environment:
Caddy runs in a container, as a reverse proxy for services that are also containerized.
b. Command:
(see below for the docker compose)
c. Service/unit/compose file:
version: "3"
networks:
srv:
external: true
name: srv
services:
caddy:
image: caddy:2
container_name: caddy
volumes:
- /etc/docker/caddy/data/Caddyfile:/etc/caddy/Caddyfile
- /etc/docker/caddy/data/sites:/data
- /etc/docker/caddy/data/config:/config
- /etc/docker:/etc/docker:ro
ports:
- 80:80
- 443:443
- 2015:2015
environment:
- ACME_AGREE=true
restart: unless-stopped
networks:
- srv
d. My complete Caddy config:
Note: despite the several warnings in capital letters (that I completely understand) I ultimately redacted the FQDN. This is because the setup is not correct yet, and while there is no huge risk I want to avoid giving a super obvious way to use the service. This is not for security reasons, but rather for, let’s call them “responsibility” ones.
Note 2: I heavily simplified the configuration from the initial version to pinpoint the issue
{
admin 0.0.0.0:2015
email my_email_here
log {
level ERROR
}
}
https://share.example.com {
@addfile path /
handle @addfile {
respond 401
}
@admin path /admin
handle @admin {
respond 401
}
@retrievefile path /*
handle @retrievefile {
respond 200
}
}
3. The problem I’m having:
My expectation with the configuration above was:
-
https://share.example.com
matches the 3rdhandle
and responds401
→ does not work, responds200
instead of401
-
https://share.example.com/admin
matches the 2ndhandle
and responds401
→ works fine -
https://share.example.com/anything_except_admin
matches the 3rdhandle
, and responds200
→ works fine
$ curl -I https://share.example.com/
HTTP/2 200
alt-svc: h3=":443"; ma=2592000
server: Caddy
date: Thu, 24 Nov 2022 14:29:49 GMT
$ curl -I https://share.example.com/admin
HTTP/2 401
alt-svc: h3=":443"; ma=2592000
server: Caddy
date: Thu, 24 Nov 2022 14:29:44 GMT
$ curl -I https://share.example.com/lmkmlsdkfmldk
HTTP/2 200
alt-svc: h3=":443"; ma=2592000
server: Caddy
date: Thu, 24 Nov 2022 14:29:59 GMT
It would seem to me as if /
was matched by /*
which I believe should not be the case.