search

acouvreur / sablier

Start your containers on demand, shut them down automatically when there's no activity. Docker, Docker Swarm Mode and Kubernetes compatible.
https://acouvreur.github.io/sablier/
GNU Affero General Public License v3.0
1.16k stars 43 forks source link

Caddy with SSL does not work for dynamic loading screen #293

Open valankar opened 2 months ago

valankar commented 2 months ago

Describe the bug When using HTTPS endpoint, it seems the dynamic loading screen does not work. Here is the curl output:

valankar@debian ~/caddy> curl -v https://valankar.ftp.sh/accounts_plotly/
*   Trying [2a01:4f9:c011:8a49::1]:443...
* Connected to valankar.ftp.sh (2a01:4f9:c011:8a49::1) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=valankar.ftp.sh
*  start date: Apr 20 10:31:25 2024 GMT
*  expire date: Jul 19 10:31:24 2024 GMT
*  subjectAltName: host "valankar.ftp.sh" matched cert's "valankar.ftp.sh"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* using HTTP/2
* h2h3 [:method: GET]
* h2h3 [:path: /accounts_plotly/]
* h2h3 [:scheme: https]
* h2h3 [:authority: valankar.ftp.sh]
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x55b2107d0400)
> GET /accounts_plotly/ HTTP/2
> Host: valankar.ftp.sh
> user-agent: curl/7.88.1
> accept: */*                                                                                                                                                                                                                                                                              >
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)
* Connection #0 to host valankar.ftp.sh left intact
curl: (92) HTTP/2 stream 1 was not closed cleanly: PROTOCOL_ERROR (err 1)

And when I use the HTTP endpoint, it works:

valankar@debian ~/caddy> curl -v http://valankar.ftp.sh/accounts_plotly/
...
<div class="terminal">
    <h1><span>Starting </span> <span class="error_code">Accounts</span>...</h1>
    <p class="output"><span>Your instance(s) will stop after 1 minutes of inactivity</span>.</p>

    <div class="details">
        <p class="output small command"><span>sablier status <span class="error_code">accounts</span></span></code></p>
        <p class="output small success"><span>accounts</span> is not-ready <code>(0/1)</code></p>
    </div>

</div>
</body>

Context

Expected behavior Working via HTTPS.

valankar commented 2 months ago

Here is the relevant Caddyfile config:

valankar.ftp.sh, valankar.ftp.sh:80 {
        log
        route {
                sablier http://localhost:10000 {
                        names accounts
                        session_duration 1m
                        dynamic {
                                display_name Accounts
                        }
                }
                reverse_proxy localhost:8050
        }
}
acouvreur commented 1 month ago

Maybe HTTP2 is the issue, can you try without HTTP2 ?

valankar commented 1 month ago

I switched to using Cloudflare tunnels and don't need SSL in Caddy anymore. It works great in that case.

Feel free to close. But might want to verify whether it works via SSL in your end-to-end test.