search

mholt / caddy-l4

Layer 4 (TCP/UDP) app for Caddy
Apache License 2.0
906 stars 69 forks source link

Matcher doesn't match #118

Open gymnae opened 1 year ago

gymnae commented 1 year ago

Hi there, I'm trying out layer4-app and got stuck with a matcher that never matches. I tried adjusting the listen directiy for http to tcp/ and remove h3 protocol, but no change. layer4 never matches. I also tried removing the ALPN handler, but no change.

The log files show it tries to match, so the layer4 app is part of the "chain": 2023-04-25T21:34:52.524480948Z {"level":"debug","ts":1682458492.5242863,"logger":"layer4","msg":"matching","remote":"<myip>:54354","matcher":"layer4.matchers.tls","matched":false}

apps:
  tls:
    automation:
      policies:
      - subjects:
        - turn.grundstil.de
        - sturn.wxbu.de
      - subjects:
        - cloud.local
        issuers:
        - module: internal

  layer4:
    servers:
      udp:
        listen:
          - udp/0.0.0.0:443
        routes:
          - match:
              - tls:
                  sni:
                    - turn.grundstil.de
            handle:
              - handler: tls
                 connection_policies:
                 alpn: ["stun.turn", "stun.nat-discovery" ]
              - handler: proxy
                upstreams:
                  - dial:
                      - udp/signaling_coturn:3389
          - match:
              - tls:
                  sni:
                    - vpn.grundstil.de
                    - vpn.amonsul.net
            handle:
              - handler: proxy
                upstreams:
                  - dial:
                      - udp/wireguard:51820
          - match:
              - tls:
                  sni:
                    - dot.grundstil.de
                    - dot.amonsul.net
                    - dot.wxbu.de
            handle:
              - handler: tls
              - handler: proxy
                upstreams:
                  - dial:
                      - udp/dnsproxy:583
  http:
    servers:
      srv0:
        protocols:
        - h1
        - h2
        - h3
        listener_wrappers:
        - wrapper: proxy_protocol
          timeout: 5s
          allow:
          - 127.0.0.1/32
        - wrapper: tls
        listen: [ "0.0.0.0:443" ]
        routes:
        - match:
          - host:
            - sturn.wxbu.de
            - sturn.grundstil.de
          handle:
          - handler: subroute
            routes:
            - handle:
              - handler: reverse_proxy
                upstreams:
                - dial: signaling_coturn:5349
        trusted_proxies:
          ranges:
          - 192.168.0.0/16
          - 172.16.0.0/12
          - 10.0.0.0/8
          - 127.0.0.1/8
          - fd00::/8
          - "::1"
          source: static

logging:
  logs:
    default:
      level: DEBUG
mholt commented 1 year ago

Never matches what, exactly? If you can provide the specific request that doesn't match, we may be able to offer some help.