Caddy: Caddy preprends http:// to `uri` when SSL terminating and proxying
1. What version of Caddy are you running (caddy -version)?
Caddy 0.9.5
2. What are you trying to do?
SSL terminate using caddy and proxy to a node server.
3. What is your entire Caddyfile?
# Upgrade all requests to https
mysite.com:80 {
redir https://mysite.com{uri}
}
# HTTPS request
mysite.com:443 {
# Load certificates
tls /path/mysite.com/server.crt /path/mysite.com/server.key
# Enable GZip
gzip
# Proxy configuration
proxy / {$SERVER_IP}:{$SERVER_PORT} {
transparent
}
# Logging configuration
log / /path/log.log "directory_of_the_requested_file:: {dir} file:: {file} fragment:: {fragment} host:: {host} hostname:: {hostname} hostonly:: {hostonly} method:: {metho
d} path:: {path} path_escaped:: {path_escaped} port:: {port} proto:: {proto} query:: {query} query_escaped:: {query_escaped} remote:: {remote} request:: {request} Body: request_body
:: {request_body} scheme:: {scheme} uri:: {uri} uri_escaped:: {uri_escaped} when:: {when}" {
rotate {
size 100 # Rotate after 100 MB
age 30 # Keep log files for 14 days
keep 10 # Keep at most 10 log files
}
}
# Errors configuration
errors {
log /path/errors.log {
size 100 # Rotate after 100 MB
age 30 # Keep log files for 14 days
keep 10 # Keep at most 10 log files
}
500 /path/errors/50x.html
502 /path/errors/50x.html
503 /path/errors/50x.html
504 /path/errors/50x.html
}
}
4. How did you run Caddy (give the full command and describe the execution environment)?
"$CADDY_PATH" -conf="$CONFIG_PATH" -log=stdout
Caddy is being run inside a docker container running Ubuntu 16.10.
5. What did you expect to see?
With the following URL https://mysite.com////example%2ecom/%2f%2e%2e I expected the uri value to be ////example%2ecom/%2f%2e%2e.
6. What did you see instead (give full error messages and/or log)?
directory_of_the_requested_file:: / file:: fragment:: host:: mysite.com hostname:: ae712ade5732 hostonly:: mysite.com method:: GET path:: / path_escaped:: %2F port:: 60710 proto
:: HTTP/1.1 query:: query_escaped:: remote:: 172.17.0.1 request:: GET //example%2ecom/%2f%2e%2e HTTP/1.1\r\nHost: mysite.com\r\nAccept: */*\r\nUser-Agent: curl/7.43.0\r\nX-Forwar
ded-For: 172.17.0.1\r\nX-Forwarded-Proto: https\r\nX-Real-Ip: 172.17.0.1\r\n\r\n Body: request_body:: - scheme:: https uri:: http://example%2ecom/%2f%2e%2e uri_escaped:: http%3A%2F%
2Fexample%252ecom%2F%252f%252e%252e when:: 10/Feb/2017:19:12:27 +0000
Note: uri is http://example%2ecom/%2f%2e%2e. The http protocol was added to the path, which in turn caused a redirect on the upstream server.
7. How can someone who is starting from scratch reproduce this behavior as minimally as possible?
I think the minimal setup is SSL termination proxying to another server. I haven't been able to reproduce the issue on OS X. I suspect this is related to https://github.com/mholt/caddy/issues/1298
EnFinlay
All 6 comments
Hi @EnFinlay , could you please test the latest master branch to check whether the issue exists?
tw4452852
on 17 Feb 2017
@tw4452852 Will do! I'm not completely fluent in go but I think your changes will do the trick 馃憤
EnFinlay
on 17 Feb 2017
@EnFinlay Did you get a chance to check if latest code fixes your issue?
tobya
on 5 Mar 2017
@tobya Not yet, I'll get to it this week.
EnFinlay
on 6 Mar 2017
Just finished testing and can confirm that the issue is no longer present on master. Thanks for your help! Closing.
EnFinlay
on 20 Mar 2017
Thanks so much to the contributors who fixed it!
mholt
on 20 Mar 2017
Related issues
lorddaedra
路
3Comments
aeroxy
路
3Comments
muhammadmuzzammil1998
路
3Comments
PhilmacFLy
路
3Comments
jgsqware
路
3Comments
Most helpful comment
Thanks so much to the contributors who fixed it!