search

caddyserver / caddy

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
https://caddyserver.com
Apache License 2.0
57.61k stars 4.01k forks source link

Proxy fails if "to" argument is a domain in /etc/hosts #2429

Closed FroeMic closed 5 years ago

FroeMic commented 5 years ago

1. What version of Caddy are you using (caddy -version)?

Caddy 0.11.1

2. What are you trying to do?

I try to proxy a specific path /docs/* to an subdomain of the host that exists only within the /etc/hosts file, removing the /docs segment from the url path.

Context

The Laravel application that is running behind Caddy serves a small static wiki at the docs.app.frhlch.at url. Laravel makes sure, only authenticated (and authorized) users are served these files, so it is not in the public directory, accessible via app.frhlch.at.

The problem is that my DNS allows only max third-level domain entries. Ergo, it doesn't resolve docs.app.frhlch.at. This is why I want to use Caddy to proxy all request to app.frhlch.at/docs/* to docs.app.frhlch.at/* with a /etc/hosts entry that loops back docs.app.frhlch.at.

Problem

However this always results in a 502 Bad Gateway response.

3. What is your entire Caddyfile?


https://app.frhlch.at/docs {

    proxy / http://docs.app.frhlch.at {
        transparent
        insecure_skip_verify
        without /docs
    }

    log /var/log/caddy/access.log
    errors /var/log/caddy/error.log

}

# this proxy works as it is supposed to
https://app.frhlch.at/dev {

    proxy / http://scooterlabs.com {
        transparent
        without /dev
    }

}

# The default configuration I use for Laravel
https://app.frhlch.at {

    root /var/www/app/public
    fastcgi / php-fpm:9000 php {
        index index.php
    }

    # To handle .html extensions with laravel change ext to
    # ext / .html

    rewrite {
        to {path} {path}/ /index.php?{query}
    }
    gzip
    browse
    log /var/log/caddy/access.log
    errors /var/log/caddy/error.log

    # Uncomment to enable TLS (HTTPS)
    # Change the first list to listen on port 443 when enabling TLS
    tls froehlich@frhlch.at
}

# This is a catchall right now
# Once it works, restricting this to docs.app.frhlch.at should be more secure
0.0.0.0:80 {

    root /var/www/app/public
    fastcgi / php-fpm:9000 php {
        index index.php
    }

    # To handle .html extensions with laravel change ext to
    # ext / .html

    rewrite {
        to {path} {path}/ /index.php?{query}
    }
    gzip
    browse
    log /var/log/caddy/access.log
    errors /var/log/caddy/error.log

    # Uncomment to enable TLS (HTTPS)
    # Change the first list to listen on port 443 when enabling TLS
    # tls froehlich@frhlch.at
}

/etc/hosts

127.0.0.1       localhost

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

127.0.0.1 mysql
127.0.0.1 docs.app.frhlch.at

4. How did you run Caddy (give the full command and describe the execution environment)?

Caddy runs in a Laradock container and is started with CMD ["/usr/bin/caddy", "-conf", "/etc/Caddyfile"]. The specified Caddyfile is the one posted above.

5. Please paste any relevant HTTP request(s) here.

m:~ mike$ curl --trace-ascii curl.trace https://app.frhlch.at/docs
502 Bad Gateway
m:~ mike$ curl --dump-header dump https://app.frhlch.at/docs
502 Bad Gateway
m:~ mike$ cat dump
HTTP/2 502
content-type: text/plain; charset=utf-8
server: Caddy
x-content-type-options: nosniff
content-length: 16
date: Mon, 14 Jan 2019 21:27:50 GMT

6. What did you expect to see?

This is the output of curl run on the server. Similarly this static html file should be returned by Caddy.

curl --trace-ascii curl.trace docs.app.frhlch.at 
<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8" />
        <meta http-equiv="refresh" content="0;url=http://docs.app.frhlch.at/login" />

        <title>Redirecting to http://docs.app.frhlch.at/login</title>
    </head>
    <body>
        Redirecting to <a href="http://docs.app.frhlch.at/login">http://docs.app.frhlch.at/login</a>.
    </body>
</html>

7. What did you see instead (give full error messages and/or log)?

The log shows the following error:

14/Jan/2019:21:27:50 +0000 [ERROR 502 /] dial tcp xxx.xxx.xxx.xxx:80: connect: connection refused

where xxx.xxx.xxx.xxx is the full public ip of my server.

francislavoie commented 5 years ago

Don't you just want proxy /docs https://domain.com?

francislavoie commented 5 years ago

You can pretty much combine all your blocks with the same domain into one. Proxy will take higher priority, so it should work altogether.

I'm going to close this, because ultimately this seems to be more of a usage question rather than an issue or bug with Caddy. I recommend asking on https://caddy.community for these types of questions in the future. Discussion can continue here though.