Setup

npm install
micro app.js
caddy

Static scenario 1

curl http://localhost:4000/index.html -v

expectation

serve public/index.html file

results

failed: redirect to /

example

> curl http://localhost:4000/index.html -v
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 4000 (#0)
> GET /index.html HTTP/1.1
> Host: localhost:4000
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: /
< Server: Caddy
< Date: Mon, 07 Aug 2017 15:49:56 GMT
< Content-Length: 36
< Content-Type: text/html; charset=utf-8
<
<a href="/">Moved Permanently</a>.

* Connection #0 to host localhost left intac

Static scenario 2

curl http://localhost:4000/notindex.html -v

expectation

serve public/notindex.html file

results

failed: redirect to /not

example

> curl http://localhost:4000/notindex.html -v
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 4000 (#0)
> GET /notindex.html HTTP/1.1
> Host: localhost:4000
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Location: /not
< Server: Caddy
< Date: Mon, 07 Aug 2017 15:53:57 GMT
< Content-Length: 39
< Content-Type: text/html; charset=utf-8
<
<a href="/not">Moved Permanently</a>.

* Connection #0 to host localhost left intact

Static scenario 3

curl http://localhost:4000/not.html -v

expectation

serve public/not.html

results

passed: served file

example

> curl http://localhost:4000/not.html -v
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 4000 (#0)
> GET /not.html HTTP/1.1
> Host: localhost:4000
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 16
< Content-Type: text/html; charset=utf-8
< Etag: "oubo0fg"
< Last-Modified: Mon, 07 Aug 2017 15:50:39 GMT
< Server: Caddy
< Date: Mon, 07 Aug 2017 15:55:49 GMT
<
Public not.html
* Connection #0 to host localhost left intact

Internal scenario 1

curl http://localhost:4000/secure/index.html -v

expectations

app server returns X-Accel-Redirect of /private/index.html and then caddy serves public/private/index.html

results

failed: returns redirect to http://localhost:3000/private/

notes

The redirect contains the direct address to the app server, not the caddy proxy.

If the proxy server is intentionally unreachable, for example on an internal network, this exposes the internal IP and port

example

> curl http://localhost:4000/secure/index.html -v
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 4000 (#0)
> GET /secure/index.html HTTP/1.1
> Host: localhost:4000
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Mon, 07 Aug 2017 16:02:55 GMT
< Location: http://localhost:3000/private/
< Server: Caddy
< Content-Length: 65
< Content-Type: text/html; charset=utf-8
<
<a href="http://localhost:3000/private/">Moved Permanently</a>.

* Connection #0 to host localhost left intact

Internal scenario 2

curl http://localhost:4000/secure/notindex.html -v

expectations

app server returns X-Accel-Redirect of /private/notindex.html and then caddy serves public/private/notindex.html

results

failed: returns redirect to http://localhost:3000/private/not

notes

The redirect contains the direct address to the app server, not the caddy proxy.

If the proxy server is intentionally unreachable, for example on an internal network, this exposes the internal IP and port

example

> curl http://localhost:4000/secure/notindex.html -v
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 4000 (#0)
> GET /secure/notindex.html HTTP/1.1
> Host: localhost:4000
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Mon, 07 Aug 2017 16:05:41 GMT
< Location: http://localhost:3000/private/not
< Server: Caddy
< Content-Length: 68
< Content-Type: text/html; charset=utf-8
<
<a href="http://localhost:3000/private/not">Moved Permanently</a>.

* Connection #0 to host localhost left intact

Internal scenario 3

curl http://localhost:4000/secure/not.html -v

expectation

app server returns X-Accel-Redirect of /private/not.html and then caddy serves public/private/not.html

results

passed: caddy serves internal resource properly

example

> curl http://localhost:4000/secure/not.html -v
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 4000 (#0)
> GET /secure/not.html HTTP/1.1
> Host: localhost:4000
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 17
< Content-Type: text/html; charset=utf-8
< Date: Mon, 07 Aug 2017 16:07:55 GMT
< Etag: "oubo0wh"
< Last-Modified: Mon, 07 Aug 2017 15:50:56 GMT
< Server: Caddy
<
Private not.html
* Connection #0 to host localhost left intact

Temporary Workaround

Define the index to something that will not exist.

eg:

index abc.xyz

dusty/caddy-issue

Setup

Static scenario 1

expectation

results

example

Static scenario 2

expectation

results

example

Static scenario 3

expectation

results

example

Internal scenario 1

expectations

results

notes

example

Internal scenario 2

expectations

results

notes

example

Internal scenario 3

expectation

results

example

Temporary Workaround