caddy: Panic when proxying with QUIC: not a Flusher

1. What version of Caddy are you running (caddy -version)?

Caddy 0.9.1 (+e8e5595 Thu Aug 18 14:21:02 UTC 2016)

2. What are you trying to do?

Run Caddy as proxy in front of a ZeroNet instance that runs on http://127.0.0.1:43110/

3. What is your entire Caddyfile?

zero.example.net {
  header / Strict-Transport-Security "max-age=31556926"
  tls {
    key_type p384
  }
  proxy /          http://127.0.0.1:43110 {
    transparent
  }
  proxy /Websocket http://127.0.0.1:43110 {
    websocket
  }
  basicauth myUsername myPassword {
    /
  }
}

4. How did you run Caddy (give the full command and describe the execution environment)?

Via a systemd service file:

[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target systemd-networkd-wait-online.service

[Service]
Restart=on-failure

; User and group the process will run as.
User=www-data
Group=www-data

; Letsencrypt-issued certificates will be written to this directory.
Environment=HOME=/etc/ssl/caddy

; Always set "-root" to something safe in case it gets forgotten in the Caddyfile.
ExecStart=/usr/local/bin/caddy -log stdout -email=undisclosed@example.com -agree=true -quic -conf=/etc/caddy/caddy.conf -root=/srv/http/empty
ExecReload=/bin/kill -USR1 $MAINPID

; Limit the number of file descriptors; see `man systemd.exec` for more limit settings.
LimitNOFILE=1048576
; Unmodified caddy is not expected to use more than that.
LimitNPROC=64

; Use private /tmp and /var/tmp, which are discarded after caddy stops.
PrivateTmp=true
; Use a minimal /dev
PrivateDevices=true
; Hide /home, /root, and /run/user. Nobody will steal your SSH-keys.
ProtectHome=true
; Make /usr, /boot, /etc and possibly some more folders read-only.
ProtectSystem=full
; … except /etc/ssl/caddy, because we want Letsencrypt-certificates there.
;   This merely retains r/w access rights, it does not add any new. Must still be writable on the host!
ReadWriteDirectories=/etc/ssl/caddy

; Drop all other capabilities. Important if you run caddy as privileged user (which you should not).
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
; … but permit caddy to open ports reserved for system services.
;   This could be redundant here, but is needed in case caddy runs as nobody:nogroup.
AmbientCapabilities=CAP_NET_BIND_SERVICE
; … and prevent gaining any new privileges.
NoNewPrivileges=true

; Caveat: Some plugins need additional capabilities. Add them to both above lines.
; - plugin "upload" needs: CAP_LEASE

[Install]
WantedBy=multi-user.target

5. What did you expect to see?

No errors

6. What did you see instead (give full error messages and/or log)?

From syslog:

Aug 31 10:15:06 danlu caddy[20251]: panic: not a Flusher
Aug 31 10:15:06 danlu caddy[20251]: goroutine 106 [running]:
Aug 31 10:15:06 danlu caddy[20251]: panic(0xcac000, 0xc420495e30)
Aug 31 10:15:06 danlu caddy[20251]:     /usr/local/go/src/runtime/panic.go:500 +0x1a1
Aug 31 10:15:06 danlu caddy[20251]: github.com/mholt/caddy/caddyhttp/httpserver.(*ResponseRecorder).Flush(0xc4205e54f0)
Aug 31 10:15:06 danlu caddy[20251]:     /tmp/custombuild_6580_159870072/src/github.com/mholt/caddy/caddyhttp/httpserver/recorder.go:87 +0xda
Aug 31 10:15:06 danlu caddy[20251]: github.com/mholt/caddy/caddyhttp/proxy.(*maxLatencyWriter).flushLoop(0xc420612540)
Aug 31 10:15:06 danlu caddy[20251]:     /tmp/custombuild_6580_159870072/src/github.com/mholt/caddy/caddyhttp/proxy/reverseproxy.go:378 +0x156
Aug 31 10:15:06 danlu caddy[20251]: created by github.com/mholt/caddy/caddyhttp/proxy.(*ReverseProxy).copyResponse
Aug 31 10:15:06 danlu caddy[20251]:     /tmp/custombuild_6580_159870072/src/github.com/mholt/caddy/caddyhttp/proxy/reverseproxy.go:247 +0x2e1
Aug 31 10:15:06 danlu systemd[1]: caddy.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Aug 31 10:15:06 danlu systemd[1]: caddy.service: Unit entered failed state.
Aug 31 10:15:06 danlu systemd[1]: caddy.service: Failed with result 'exit-code'.
Aug 31 10:15:07 danlu systemd[1]: caddy.service: Service hold-off time over, scheduling restart.
Aug 31 10:15:07 danlu systemd[1]: Stopped Caddy HTTP/2 web server.
Aug 31 10:15:07 danlu systemd[1]: Started Caddy HTTP/2 web server.
Aug 31 10:15:09 danlu caddy[20344]: Activating privacy features... done.

7. How can someone who is starting from scratch reproduce this behavior as minimally as possible?

  1. install Zeronet (runs out of the box on Python2 when requirements (gevent and msgpack-python modules) are installed.
  2. use above mentioned caddyfile
  3. access Zeronet via HTTPS and click around on a few sites

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 22 (11 by maintainers)

Most upvoted comments

I suspect this is an experimental QUIC issue. If you disable QUIC does this error still occur?

+1
mholt on Aug 31, 2016
Read more comments on GitHub
← caddy: OpenBSD - Caddy immediately dies on http requests
caddy: PATH_INFO is empty with basic fastcgi Caddyfile →