Caddy Reverse Proxy connection issue in remote

dudaddydomotica · March 19, 2023, 2:44am

Hello,
i’m in trouble… i’m trying to enable reverse proxy with Caddy on my HA Core on Docker and i’m able to connect in remote to my HA but after a small time period it disconnect
I’ve followed this installation:

Here my configuration:

CONFIGURATION.YAML

# Setting for Reverse Proxy configuration
http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.18.0.3

CADDYFILE

(https_header) {
  header {
    Strict-Transport-Security "max-age=31536000; includeSubdomains"
    X-XSS-Protection "1; mode=block"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "SAMEORIGIN"
    Referrer-Policy "same-origin"
  }
}

https://mysite.duckdns.org {
  respond "All working fine"
  file_server
}
https://mysite.duckdns.org:9000 {
  import https_header
  reverse_proxy http://192.168.1.10:8123
}

DOCKER-COMPOSE.YAML

  caddy:
    container_name: caddy
    image: caddy:latest
    volumes:
    - "/home/daniele/caddy/Caddyfile:/etc/caddy/Caddyfile"
    - "/home/daniele/caddy/data:/data"
    environment:
    - "TZ=Europe/Rome"
    restart: always
    ports:
    - "80:80"
    - "443:443"
    - "9000:9000"

Here also the log of CADDY with an error that i don’t understand

{"level":"info","ts":1679191238.6523993,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1679191238.6537223,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1679191238.6551166,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1679191238.6566072,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1679191238.65667,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1679191238.6566916,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv1"}
{"level":"info","ts":1679191238.6570609,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000526150"}
{"level":"info","ts":1679191238.6576052,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1679191238.6576865,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1679191238.6577852,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
{"level":"info","ts":1679191238.6578808,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1679191238.6580448,"logger":"http","msg":"enabling HTTP/3 listener","addr":":9000"}
{"level":"info","ts":1679191238.6581483,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
{"level":"info","ts":1679191238.6582692,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1679191238.6583283,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["mysite.duckdns.org"]}
{"level":"info","ts":1679191238.6583333,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1679191238.6594727,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1679191238.659508,"msg":"serving initial configuration"}
{"level":"error","ts":1679191971.459085,"logger":"http.log.error","msg":"readfrom tcp 172.18.0.3:51102->192.168.1.10:8123: client disconnected","request":{"remote_ip":"37.159.6.110","remote_port":"37789","proto":"HTTP/2.0","method":"POST","host":"mysite.duckdns.org:9000","uri":"/api/webhook/551b09ba90600dc7403e3584654e8018e06f010c2dda6f67b7465aba3815f92a","headers":{"Accept":["*/*"],"Content-Type":["application/json"],"Accept-Language":["it-IT,it;q=0.9"],"Accept-Encoding":["gzip, deflate, br"],"User-Agent":["Home Assistant/2023.2 (io.robbie.HomeAssistant; build:2023.444; iOS 16.3.1)"],"Content-Length":["376"],"Cache-Control":["no-cache"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"mysite.duckdns.org"}},"duration":0.001263423,"status":502,"err_id":"kpdyup2jd","err_trace":"reverseproxy.statusError (reverseproxy.go:1299)"}

Please help me to understand the problem i’m spending a lot of hours trying to understand it without any results

dudaddydomotica · March 19, 2023, 3:07am

i’ll add that probably the issue in the CADDY log probably is something not important because i’ve restarte the container CADDY and now the log is:

{"level":"info","ts":1679194623.0811412,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1679194623.0823977,"msg":"Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":2}
{"level":"info","ts":1679194623.0832763,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1679194623.0843744,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv1"}
{"level":"info","ts":1679194623.0844042,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1679194623.084412,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1679194623.0844288,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0004ff730"}
{"level":"info","ts":1679194623.0848541,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/data/caddy"}
{"level":"info","ts":1679194623.0848875,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1679194623.084955,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
{"level":"info","ts":1679194623.0850186,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1679194623.085054,"logger":"http","msg":"enabling HTTP/3 listener","addr":":9000"}
{"level":"info","ts":1679194623.0851684,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
{"level":"info","ts":1679194623.0852098,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1679194623.0852416,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["mysite.duckdns.org"]}
{"level":"info","ts":1679194623.0867612,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1679194623.0893056,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1679194623.0893278,"msg":"serving initial configuration"}

but i’m still facing disconnections

dudaddydomotica · March 19, 2023, 3:21am

in addition here my port forwarding configuration:

TCP HTTP (80) HTTP (80) 192.168.1.10
TCP HTTPS (443) HTTPS (443) 192.168.1.10
TCP 9000 9000 192.168.1.10

Another information is that i doing test with two smartphone connected in 4G with two different operators and sometimes one is connect and the other one no… sometimes both connected… sometimes noone connected… no idea