search

caddyserver / caddy

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
https://caddyserver.com
Apache License 2.0
58.2k stars 4.03k forks source link

Orbitdownloader 4.1.1.19 can't download file from Caddy server with https #1980

Closed la0wei closed 6 years ago

la0wei commented 6 years ago

1. What version of Caddy are you using (caddy -version)?

Caddy 0.10.10 (unofficial)

2. What are you trying to do?

Caddy run as a http file server

3. What is your entire Caddyfile?

https://dl.***.com { root /root/fileserver/ gzip browse }

4. How did you run Caddy (give the full command and describe the execution environment)?

Linux kvm vps.Ubuntu 16.04 Caddy running as a systemd service

5. Please paste any relevant HTTP request(s) here.

https://down.zhujiwiki.com/soft/jdk-6u43-windows-i586.exe

6. What did you expect to see?

Successful download Logs show in Orbitdownloader from a Apache server 2017-12-18 22:16:54 Connecting down.zhujiwiki.com:443 2017-12-18 22:16:54 Connected 2017-12-18 22:16:54 SSL handshake ... 2017-12-18 22:16:55 SSL handshaked. 2017-12-18 22:16:55 GET /soft/jdk-6u43-windows-i586.exe HTTP/1.1 2017-12-18 22:16:55 Host: down.zhujiwiki.com:443 2017-12-18 22:16:55 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) 2017-12-18 22:16:55 Accept: / 2017-12-18 22:16:55 Pragma: no-cache 2017-12-18 22:16:55 Cache-Control: no-cache 2017-12-18 22:16:55 Connection: close 2017-12-18 22:16:55 HTTP/1.1 200 OK 2017-12-18 22:16:55 Date: Mon, 18 Dec 2017 14:16:55 GMT 2017-12-18 22:16:55 Server: Apache 2017-12-18 22:16:55 Upgrade: h2 2017-12-18 22:16:55 Connection: Upgrade, close 2017-12-18 22:16:55 Last-Modified: Sun, 10 Mar 2013 02:13:40 GMT 2017-12-18 22:16:55 ETag: "45c39a8-4d7889ad4bd00" 2017-12-18 22:16:55 Accept-Ranges: bytes 2017-12-18 22:16:55 Content-Length: 73152936 2017-12-18 22:16:55 Vary: Accept-Encoding 2017-12-18 22:16:55 Content-Type: application/x-msdownload 2017-12-18 22:16:55 Start receiving data 2017-12-18 22:16:55 Create link down.zhujiwiki.com 2017-12-18 22:16:55 Create link down.zhujiwiki.com 2017-12-18 22:16:55 Create link down.zhujiwiki.com 2017-12-18 22:16:55 Create link down.zhujiwiki.com 2017-12-18 22:16:55 Create link down.zhujiwiki.com 2017-12-18 22:16:55 Create link down.zhujiwiki.com 2017-12-18 22:16:55 Create link down.zhujiwiki.com 2017-12-18 22:16:55 Create link down.zhujiwiki.com

7. What did you see instead (give full error messages and/or log)?

**Error Log show in Orbitdownloader from my caddy server 2017-12-18 22:19:21 Connecting dl.***.com:443 2017-12-18 22:19:21 Connected 2017-12-18 22:19:25 SSL handshake ...

Someone running a download site with apache &php&h5ai https://down.zhujiwiki.com I am running caddy. Both this two sites have almost same ssl certificate which are all from Let's Encrypt. But I can only download file from https://down.zhujiwiki.com Seems caddy has some compatibility with orbitdownloader or I need any other config in Caddyfile? snipaste_2017-12-18_22-30-24

8. How can someone who is starting from scratch reproduce the bug as minimally as possible?

1 Orbitdownloader 4,1,1,19 http://www.free-codecs.com/download/orbit_downloader.htm

2 Caddy server

3 Caddyfile https://dl.***.com { root /root/fileserver/ gzip browse }

whitestrake commented 6 years ago

Hesitant to test this myself, as Orbit Downloader is considered adware and was previously discovered to be a DDOS tool (unconfirmed that this functionality was removed in the last version).

The log seems to stop while attempting a handshake, so given the program's a bit old, maybe the protocol is below minimum?

Do you have Caddy logs for when Orbit tries to connect?

la0wei commented 6 years ago

Thank you for your reply @Whitestrake ! Added "log /root/caddy/acc.log"in Caddyfile

Download file via https with IDM shows ..240.227 - - [19/Dec/2017:09:17:55 -0500] "GET /ChromeStandaloneSetup64.exe HTTP/1.1" 206 2490368 ..240.227 - - [19/Dec/2017:09:17:55 -0500] "GET /ChromeStandaloneSetup64.exe HTTP/1.1" 206 720896 ..240.227 - - [19/Dec/2017:09:17:55 -0500] "GET /ChromeStandaloneSetup64.exe HTTP/1.1" 206 819200 Downlaod file via https with Orbitdownloader shows nothing.

I browsed my site and https://down.zhujiwiki.com in Firefox 58.0b11(64bit),find something different which I thought is the same in last pic show in this issue. snipaste_2017-12-19_22-07-32 snipaste_2017-12-19_22-11-09

1.These two sites have different SSL signature algorithms,caddy use more strong signature algorithms than the site running apache.

  1. A site show different ssl certification in chrome and fierfox
  2. Maybe orbitdownloader use the protocol below minimum 4.Anyway downgrade it to the same with https://down.zhujiwiki.com? 5.Orbitdownloader maybe a adware and outdate,latest realease seems in 2011 or 2012,but it helpful.IDM cut file in pieces,somekind don;t like it,and it's a commercial software.I install orbitdownloader in virtual machine and copy the program folder to my pc,run it as a portable software.
francislavoie commented 6 years ago

You can configure the cipher suites in Caddy using the tls directive options: https://caddyserver.com/docs/tls

I'll close this, since it doesn't look like a problem with Caddy. This question is better suited in the forums https://caddy.community/ if you need more help with configuring Caddy