Wordpress Install CORS 403 Error, cross origin from domain to IP?

1. Caddy version (caddy version):

caddy version: v2.4.6

2. How I run Caddy:

a. System environment:

Arch Linux

Linux meaningpoetry.com 5.15.12-arch1-1 #1 SMP PREEMPT Wed, 29 Dec 2021 12:04:56 +0000 x86_64 GNU/Linux

I believe it is systemd

b. Command:

sudo systemctl start caddy.service

c. Service/unit/compose file:

Description=Caddy web server
Wants=network-online.target systemd-networkd-wait-online.service

ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
ExecStopPost=/usr/bin/rm -f /run/caddy/admin.socket

# Do not allow the process to be restarted in a tight loop. If the
# process fails to start, something critical needs to be fixed.

# Use graceful shutdown with a reasonable timeout


# Hardening options
ReadWritePaths=/var/lib/caddy /var/log/caddy /run/caddy


d. My complete Caddyfile or JSON config:

# The Caddyfile is an easy way to configure your Caddy web server.
# https://caddyserver.com/docs/caddyfile
# The configuration below serves a welcome page over HTTP on port 80.
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace the line below with your
# domain name.
# https://caddyserver.com/docs/caddyfile/concepts#addresses

        # Restrict the admin interface to a local unix file socket whose directory
        # is restricted to caddy:caddy. By default the TCP socket allows arbitrary
        # modification for any process and user that has access to the local
        # interface. If admin over TCP is turned on one should make sure
        # implications are well understood.
        admin "unix//run/caddy/admin.socket"

http:// {
        # Set this path to your site's directory.
        root * /usr/share/caddy

        # Enable the static file server.

        # Another common task is to set up a reverse proxy:
        #reverse_proxy localhost:3000 {
        #       header_down Strict-Transport-Security max-age=31536000;

        # Or serve a PHP site through php-fpm:
        # php_fastcgi localhost:9000

        # Refer to the directive documentation for more options.
        # https://caddyserver.com/docs/caddyfile/directives

# Import additional caddy config files in /etc/caddy/conf.d/
import /etc/caddy/conf.d/*
meaningpoetry.com {
    handle_path /hoc/* {
      root * /var/www/html/hoc
      php_fastcgi unix//run/php-fpm/www.sock
    reverse_proxy localhost:3000  {
      header_down Strict-Transport-Security max-age=31536000;

a.meaningpoetry.com {
  reverse_proxy localhost:1337  {
    header_down Strict-Transport-Security max-age=31536000;

m.meaningpoetry.com {
  reverse_proxy localhost:7700  {
    header_down Strict-Transport-Security max-age=31536000;

roundcube.meaningpoetry.com {
        root * /usr/share/webapps/roundcubemail/
        encode gzip

        php_fastcgi unix//run/roundcubemail/roundcubemail.sock {
        split .php
        index index.php

mad.meaningpoetry.com {
        root * /usr/share/webapps/postfixadmin/public/
        encode gzip

        php_fastcgi unix//run/postfixadmin/postfixadmin.sock {
        split .php
        index index.php

awakening.observer:443 {
   root * /home/thero/ao/wordpress
   encode gzip
   php_fastcgi unix//run/php-fpm/www.sock

3. The problem I’m having:

I serve numerous services fine on https://meaningpoetry.com including a strapi admin at a.meaningpoetry.com, I am trying to configure https://awakening.observer to run a wordpress install, however I am running into a 403 error, and Brave indicates it’s CORS related with redirection to my IP from https://awakening.observer to erroring from strict-origin when cross-origin

4. Error messages and/or full log output:

*   Trying
* Connected to awakening.observer ( port 80 (#0)
> GET / HTTP/1.1
> Host: awakening.observer
> User-Agent: curl/7.80.0
> Accept: */*
* Mark bundle as not supporting multiuse
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://awakening.observer/
< Server: Caddy
< Date: Tue, 04 Jan 2022 21:16:40 GMT
< Content-Length: 0
* Closing connection 0

5. What I already tried:

I’ve tried to pinpoint what was happening which is how I stumbled upon the network tab in my browsers and thus found a 403 occurring. All secure files are being rejected.
I’ve tried tweaking Caddyfile from the first few errors I ran into due to outdated citations on the setup of wordpress, I think Caddy is fine, I will be enabling debugging, but not sure where logfiles would go

I did run sudo pacman -Syu today, but everything with my previous setup for meaningpoetry.com seems a-o.k., no pages yield a 403?

6. Links to relevant resources:

Do you mean your Wordpress app is serving a redirect to the IP address? That’s strange, sounds like a Wordpress misconfiguration.

That curl output you posted seems to be a request over HTTP, and Caddy is serving an HTTP->HTTPS redirect (see the Location header). You can tell curl to follow the redirect by using the -L flag (L for Location), or just do curl -v https://awakening.observer (i.e. directly make a request to HTTPS and skip the redirect).

* Connected to awakening.observer ( port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=awakening.observer
*  start date: Dec 15 00:00:00 2021 GMT
*  expire date: Mar 15 23:59:59 2022 GMT
*  subjectAltName: host "awakening.observer" matched cert's "awakening.observer"
*  issuer: C=AT; O=ZeroSSL; CN=ZeroSSL ECC Domain Secure Site CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x563dca4919f0)
> GET / HTTP/2
> Host: awakening.observer
> user-agent: curl/7.80.0
> accept: */*
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 250)!
< HTTP/2 403
< server: Caddy
< content-length: 0
< date: Tue, 04 Jan 2022 22:28:52 GMT
* Connection #0 to host awakening.observer left intact

There is no wordpress install, there’s no way to actually create a functional install due to the majority of the resources 403, it’s not even installed yet. I don’t get redirected to installer or anything, and going manually is just plain text with some input fields

This might be a duplicate of my previous issue, it’s been awhile. I think it has to do with serving static files from home directory.

Oh, yeah that would make sense. Since you’re running Caddy as a service with user caddy, then that user needs permissions to read the files in /home/thero/ao/wordpress.

If you turn on the debug global option then look at Caddy’s logs after making a request, you should see that permission error appear in the logs. They’re logged at debug level because otherwise permission errors would be kinda noisy.

Solution: Moved files to the previously created /var/www/html directory from previous run-in with this. Issue instantly solved. I saw my previous forum topic and realized there was that 403 issue then too, read through and realized I should move the directory.


This topic was automatically closed after 30 days. New replies are no longer allowed.