Random host values showing up in Prometheus metrics #7055
Closed as not planned
Description
I've enabled (per-host) Prometheus metrics for the first time last week, but I'm noticing that most days, I'm seeing a few requests for exactly 1 host that I don't control. When I restart Caddy, this disappears, but then sometime later, a different random host shows up.
Below are the results of running the query max_over_time(caddy_http_requests_total[2w]); I've bolded the domains that don't belong to me:
Prometheus query results
| Time | handler | host | instance | job | server | Value |
|---|---|---|---|---|---|---|
| 2025-06-08 23:25:20.087 | static_response | 2a0a:4cc0:2000:172::1 |
10.79.79.2:9117 | caddy | srv1 | 1 |
| 2025-06-08 23:25:20.087 | static_response | google.com:443 |
10.79.79.2:9117 | caddy | srv1 | 1 |
| 2025-06-08 23:25:20.087 | static_response | httpbin.org:443 |
10.79.79.2:9117 | caddy | srv1 | 1 |
| 2025-06-08 23:25:20.087 | static_response | m.naver.com:443 |
10.79.79.2:9117 | caddy | srv1 | 1 |
| 2025-06-08 23:25:20.087 | subroute | 2a0a:4cc0:2000:172::1 |
10.79.79.2:9117 | caddy | srv2 | 1 |
| 2025-06-08 23:25:20.087 | static_response | 127.0.0.1:80 |
10.79.79.2:9117 | caddy | srv1 | 2 |
| 2025-06-08 23:25:20.087 | static_response | patrickmm44tngdyixczq4gvccy2kjyignpfwjx6ryovvf6svopezeyd.onion |
10.79.79.2:9117 | caddy | srv1 | 2 |
| 2025-06-08 23:25:20.087 | subroute | overleaf.maxchernoff.ca:443 |
10.79.79.2:9117 | caddy | srv2 | 2 |
| 2025-06-08 23:25:20.087 | subroute | ech.maxchernoff.ca:443 |
10.79.79.2:9117 | caddy | srv2 | 3 |
| 2025-06-08 23:25:20.087 | subroute | mta-sts.duck.tel |
10.79.79.2:9117 | caddy | srv2 | 3 |
| 2025-06-08 23:25:20.087 | static_response | ech.maxchernoff.ca:80 |
10.79.79.2:9117 | caddy | srv1 | 4 |
| 2025-06-08 23:25:20.087 | subroute | ech.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv2 | 9 |
| 2025-06-08 23:25:20.087 | subroute | mta-sts.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv2 | 11 |
| 2025-06-08 23:25:20.087 | static_response | api.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv1 | 12 |
| 2025-06-08 23:25:20.087 | subroute | ns.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv2 | 12 |
| 2025-06-08 23:25:20.087 | static_response | icanhazip.com:443 |
10.79.79.2:9117 | caddy | srv1 | 13 |
| 2025-06-08 23:25:20.087 | subroute | api.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv2 | 16 |
| 2025-06-08 23:25:20.087 | static_response | [2a0a:4cc0:2000:172::1] |
10.79.79.2:9117 | caddy | srv1 | 19 |
| 2025-06-08 23:25:20.087 | static_response | www.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv1 | 22 |
| 2025-06-08 23:25:20.087 | subroute | [2a0a:4cc0:2000:172::1] |
10.79.79.2:9117 | caddy | srv2 | 26 |
| 2025-06-08 23:25:20.087 | static_response | noreply.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv1 | 27 |
| 2025-06-08 23:25:20.087 | static_response | overleaf.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv1 | 29 |
| 2025-06-08 23:25:20.087 | subroute | duck.tel |
10.79.79.2:9117 | caddy | srv2 | 29 |
| 2025-06-08 23:25:20.087 | subroute | noreply.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv2 | 29 |
| 2025-06-08 23:25:20.087 | static_response | mta-sts.duck.tel |
10.79.79.2:9117 | caddy | srv1 | 31 |
| 2025-06-08 23:25:20.087 | static_response | prometheus.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv1 | 31 |
| 2025-06-08 23:25:20.087 | static_response | registry.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv1 | 31 |
| 2025-06-08 23:25:20.087 | static_response | grafana.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv1 | 33 |
| 2025-06-08 23:25:20.087 | static_response | ns.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv1 | 33 |
| 2025-06-08 23:25:20.087 | static_response | maxchernoff.ca |
10.79.79.2:9117 | caddy | srv1 | 37 |
| 2025-06-08 23:25:20.087 | static_response | woodpecker.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv1 | 39 |
| 2025-06-08 23:25:20.087 | subroute | stardew-valley-item-finder.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv2 | 43 |
| 2025-06-08 23:25:20.087 | static_response | duck.tel |
10.79.79.2:9117 | caddy | srv1 | 44 |
| 2025-06-08 23:25:20.087 | static_response | ech.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv1 | 47 |
| 2025-06-08 23:25:20.087 | static_response | stardew-valley-item-finder.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv1 | 55 |
| 2025-06-08 23:25:20.087 | subroute | 152.53.36.213:443 |
10.79.79.2:9117 | caddy | srv2 | 55 |
| 2025-06-08 23:25:20.087 | static_response | 152.53.36.213:80 |
10.79.79.2:9117 | caddy | srv1 | 72 |
| 2025-06-08 23:25:20.087 | subroute | registry.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv2 | 75 |
| 2025-06-08 23:25:20.087 | static_response | mta-sts.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv1 | 96 |
| 2025-06-08 23:25:20.087 | subroute | maxchernoff.ca |
10.79.79.2:9117 | caddy | srv2 | 102 |
| 2025-06-08 23:25:20.087 | subroute | prometheus.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv2 | 133 |
| 2025-06-08 23:25:20.087 | static_response | 152.53.36.213 |
10.79.79.2:9117 | caddy | srv1 | 159 |
| 2025-06-08 23:25:20.087 | subroute | 152.53.36.213 |
10.79.79.2:9117 | caddy | srv2 | 164 |
| 2025-06-08 23:25:20.087 | subroute | overleaf.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv2 | 194 |
| 2025-06-08 23:25:20.087 | subroute | woodpecker.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv2 | 270 |
| 2025-06-08 23:25:20.087 | static_response | — | 10.79.79.2:9117 | caddy | srv1 | 411 |
| 2025-06-08 23:25:20.087 | subroute | www.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv2 | 535 |
| 2025-06-08 23:25:20.087 | subroute | — | 10.79.79.2:9117 | caddy | srv0 | 2862 |
| 2025-06-08 23:25:20.087 | subroute | 10.79.79.2:9117 |
10.79.79.2:9117 | caddy | srv0 | 2873 |
| 2025-06-08 23:25:20.087 | subroute | grafana.maxchernoff.ca |
10.79.79.2:9117 | caddy | srv2 | 4767 |
| 2025-06-08 23:25:20.087 | subroute | — | 10.79.79.2:9117 | caddy | srv2 | 10155 |
Searching the logs doesn't show anything relevant:
Logs
$ journalctl --boot=all --lines=all --since=2025-05-31 --no-pager --grep='httpbin.org|google.com|m.naver.com|patrickmm44tngdyixczq4gvccy2kjyignpfwjx6ryovvf6svopezeyd.onion|icanhazip.com' --user-unit=caddy.service
-- Boot 20a5c0181da24fc8866712d5432500e8 --
-- Boot 4d28c37f806449b8a67fc91b621bfd95 --
Jun 01 21:13:34 maxchernoff.ca systemd-caddy[158512]: 2025/06/02 03:13:34.046 WARN http.handlers.reverse_proxy aborting with incomplete response {"upstream": "systemd-woodpecker-server:8000", "duration": 0.000558981, "request": {"remote_ip": "66.249.79.224", "remote_port": "63461", "client_ip": "66.249.79.224", "proto": "HTTP/1.1", "method": "GET", "host": "woodpecker.maxchernoff.ca", "uri": "/api/stream/events", "headers": {"Cache-Control": ["no-cache"], "User-Agent": ["Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.7103.92 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"], "X-Forwarded-Host": ["woodpecker.maxchernoff.ca"], "Via": ["1.1 Caddy"], "Accept-Encoding": ["gzip, deflate, br"], "Accept-Language": ["en-US"], "Accept": ["text/event-stream"], "From": ["googlebot(at)googlebot.com"], "Referer": ["https://woodpecker.maxchernoff.ca/login"], "X-Forwarded-For": ["66.249.79.224"], "X-Forwarded-Proto": ["https"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "woodpecker.maxchernoff.ca"}}, "error": "reading: context canceled"}
Jun 01 21:13:46 maxchernoff.ca systemd-caddy[158512]: 2025/06/02 03:13:46.080 WARN http.handlers.reverse_proxy aborting with incomplete response {"upstream": "systemd-woodpecker-server:8000", "duration": 0.001648905, "request": {"remote_ip": "66.249.79.224", "remote_port": "39924", "client_ip": "66.249.79.224", "proto": "HTTP/1.1", "method": "GET", "host": "woodpecker.maxchernoff.ca", "uri": "/api/stream/events", "headers": {"User-Agent": ["Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.7103.92 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"], "Accept-Language": ["en-US"], "Accept": ["text/event-stream"], "From": ["googlebot(at)googlebot.com"], "Accept-Encoding": ["gzip, deflate, br"], "X-Forwarded-Proto": ["https"], "X-Forwarded-Host": ["woodpecker.maxchernoff.ca"], "Via": ["1.1 Caddy"], "Cache-Control": ["no-cache"], "Referer": ["https://woodpecker.maxchernoff.ca/login"], "X-Forwarded-For": ["66.249.79.224"]}, "tls": {"resumed": false, "version": 772, "cipher_suite": 4865, "proto": "", "server_name": "woodpecker.maxchernoff.ca"}}, "error": "reading: context canceled"}
-- Boot 26980d5ab3d84c6eb50c880f57159c45 --
-- Boot c78c906412334e4a8978f92133ecae3e --
-- Boot 417d1b50262e48e4add5dea357ae6913 --
-- Boot 99f90d52c26f46779041287c5310d07b --
-- Boot c7e9963ec48e4b3d9f5f826085872c40 --
-- Boot 93da27c6d020424ab1a7c5f1e2613dae --
-- Boot 96060bbfbda440ef9879813b30ec7fe9 --
-- Boot 0c986b74387449e39050aebdedb84592 --
-- Boot 2685a24fe1fb40fc9aae0f51254687a7 --
-- Boot 0bbf4267a35f4386a6507173e2ebcf6f --
$ grep -ERn 'httpbin.org|m.naver.com|patrickmm44tngdyixczq4gvccy2kjyignpfwjx6ryovvf6svopezeyd.onion|icanhazip.com' ~web/caddy/logs/ # "google.com" left out here to exclude hundreds of Googlebot hits
$ echo $?
1I'm using Caddy 2.10 with a few different modules installed:
Caddy and module versions
$ caddy version
v2.10.0 h1:fonubSaQKF1YANl8TXqGcn4IbIRUDdfAkpcsfI/vX5U=
$ caddy list-modules --packages --versions
admin.api.load v2.10.0 github.com/caddyserver/caddy/v2
admin.api.metrics v2.10.0 github.com/caddyserver/caddy/v2
admin.api.pki v2.10.0 github.com/caddyserver/caddy/v2
admin.api.reverse_proxy v2.10.0 github.com/caddyserver/caddy/v2
caddy.adapters.caddyfile v2.10.0 github.com/caddyserver/caddy/v2
caddy.config_loaders.http v2.10.0 github.com/caddyserver/caddy/v2
caddy.filesystems v2.10.0 github.com/caddyserver/caddy/v2
caddy.listeners.http_redirect v2.10.0 github.com/caddyserver/caddy/v2
caddy.listeners.proxy_protocol v2.10.0 github.com/caddyserver/caddy/v2
caddy.listeners.tls v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.cores.mock v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.encoders.append v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.encoders.console v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.encoders.filter v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.encoders.filter.cookie v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.encoders.filter.delete v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.encoders.filter.hash v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.encoders.filter.ip_mask v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.encoders.filter.query v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.encoders.filter.regexp v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.encoders.filter.rename v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.encoders.filter.replace v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.encoders.json v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.writers.discard v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.writers.file v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.writers.net v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.writers.stderr v2.10.0 github.com/caddyserver/caddy/v2
caddy.logging.writers.stdout v2.10.0 github.com/caddyserver/caddy/v2
caddy.network_proxy.none v2.10.0 github.com/caddyserver/caddy/v2
caddy.network_proxy.url v2.10.0 github.com/caddyserver/caddy/v2
caddy.storage.file_system v2.10.0 github.com/caddyserver/caddy/v2
events v2.10.0 github.com/caddyserver/caddy/v2
http v2.10.0 github.com/caddyserver/caddy/v2
http.authentication.hashes.bcrypt v2.10.0 github.com/caddyserver/caddy/v2
http.authentication.providers.http_basic v2.10.0 github.com/caddyserver/caddy/v2
http.encoders.gzip v2.10.0 github.com/caddyserver/caddy/v2
http.encoders.zstd v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.acme_server v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.authentication v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.copy_response v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.copy_response_headers v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.encode v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.error v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.file_server v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.headers v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.intercept v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.invoke v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.log_append v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.map v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.metrics v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.push v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.request_body v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.reverse_proxy v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.rewrite v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.static_response v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.subroute v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.templates v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.tracing v2.10.0 github.com/caddyserver/caddy/v2
http.handlers.vars v2.10.0 github.com/caddyserver/caddy/v2
http.ip_sources.static v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.client_ip v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.expression v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.file v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.header v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.header_regexp v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.host v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.method v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.not v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.path v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.path_regexp v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.protocol v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.query v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.remote_ip v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.tls v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.vars v2.10.0 github.com/caddyserver/caddy/v2
http.matchers.vars_regexp v2.10.0 github.com/caddyserver/caddy/v2
http.precompressed.br v2.10.0 github.com/caddyserver/caddy/v2
http.precompressed.gzip v2.10.0 github.com/caddyserver/caddy/v2
http.precompressed.zstd v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.selection_policies.client_ip_hash v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.selection_policies.cookie v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.selection_policies.first v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.selection_policies.header v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.selection_policies.ip_hash v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.selection_policies.least_conn v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.selection_policies.query v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.selection_policies.random v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.selection_policies.random_choose v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.selection_policies.round_robin v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.selection_policies.uri_hash v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.selection_policies.weighted_round_robin v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.transport.fastcgi v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.transport.http v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.upstreams.a v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.upstreams.multi v2.10.0 github.com/caddyserver/caddy/v2
http.reverse_proxy.upstreams.srv v2.10.0 github.com/caddyserver/caddy/v2
pki v2.10.0 github.com/caddyserver/caddy/v2
tls v2.10.0 github.com/caddyserver/caddy/v2
tls.ca_pool.source.file v2.10.0 github.com/caddyserver/caddy/v2
tls.ca_pool.source.http v2.10.0 github.com/caddyserver/caddy/v2
tls.ca_pool.source.inline v2.10.0 github.com/caddyserver/caddy/v2
tls.ca_pool.source.pki_intermediate v2.10.0 github.com/caddyserver/caddy/v2
tls.ca_pool.source.pki_root v2.10.0 github.com/caddyserver/caddy/v2
tls.ca_pool.source.storage v2.10.0 github.com/caddyserver/caddy/v2
tls.certificates.automate v2.10.0 github.com/caddyserver/caddy/v2
tls.certificates.load_files v2.10.0 github.com/caddyserver/caddy/v2
tls.certificates.load_folders v2.10.0 github.com/caddyserver/caddy/v2
tls.certificates.load_pem v2.10.0 github.com/caddyserver/caddy/v2
tls.certificates.load_storage v2.10.0 github.com/caddyserver/caddy/v2
tls.client_auth.verifier.leaf v2.10.0 github.com/caddyserver/caddy/v2
tls.ech.publishers.dns v2.10.0 github.com/caddyserver/caddy/v2
tls.get_certificate.http v2.10.0 github.com/caddyserver/caddy/v2
tls.get_certificate.tailscale v2.10.0 github.com/caddyserver/caddy/v2
tls.handshake_match.local_ip v2.10.0 github.com/caddyserver/caddy/v2
tls.handshake_match.remote_ip v2.10.0 github.com/caddyserver/caddy/v2
tls.handshake_match.sni v2.10.0 github.com/caddyserver/caddy/v2
tls.handshake_match.sni_regexp v2.10.0 github.com/caddyserver/caddy/v2
tls.issuance.acme v2.10.0 github.com/caddyserver/caddy/v2
tls.issuance.internal v2.10.0 github.com/caddyserver/caddy/v2
tls.issuance.zerossl v2.10.0 github.com/caddyserver/caddy/v2
tls.leaf_cert_loader.file v2.10.0 github.com/caddyserver/caddy/v2
tls.leaf_cert_loader.folder v2.10.0 github.com/caddyserver/caddy/v2
tls.leaf_cert_loader.pem v2.10.0 github.com/caddyserver/caddy/v2
tls.leaf_cert_loader.storage v2.10.0 github.com/caddyserver/caddy/v2
tls.permission.http v2.10.0 github.com/caddyserver/caddy/v2
tls.stek.distributed v2.10.0 github.com/caddyserver/caddy/v2
tls.stek.standard v2.10.0 github.com/caddyserver/caddy/v2
Standard modules: 127
cache v0.15.0 github.com/caddyserver/cache-handler
caddy.listeners.layer4 v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
caddy.logging.encoders.formatted v0.0.0-20250416233754-15eef9743261 github.com/caddyserver/transform-encoder
caddy.logging.encoders.transform v0.0.0-20250416233754-15eef9743261 github.com/caddyserver/transform-encoder
dns.providers.rfc2136 v1.0.0 github.com/caddy-dns/rfc2136
http.handlers.cache v0.15.0 github.com/caddyserver/cache-handler
http.handlers.rate_limit v0.1.0 github.com/mholt/caddy-ratelimit
http.handlers.replace_response v0.0.0-20241211194404-3865845790a7 github.com/caddyserver/replace-response
http.matchers.maxmind_geolocation v1.0.1 github.com/porech/caddy-maxmind-geolocation
layer4 v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.handlers.echo v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.handlers.proxy v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.handlers.proxy_protocol v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.handlers.socks5 v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.handlers.subroute v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.handlers.tee v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.handlers.throttle v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.handlers.tls v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.clock v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.dns v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.http v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.local_ip v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.not v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.openvpn v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.postgres v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.proxy_protocol v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.quic v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.rdp v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.regexp v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.remote_ip v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.remote_ip_list v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.socks4 v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.socks5 v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.ssh v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.tls v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.winbox v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.wireguard v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.matchers.xmpp v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.proxy.selection_policies.first v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.proxy.selection_policies.ip_hash v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.proxy.selection_policies.least_conn v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.proxy.selection_policies.random v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.proxy.selection_policies.random_choose v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
layer4.proxy.selection_policies.round_robin v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
storages.cache.otter v0.0.15 github.com/darkweak/storages/otter/caddy
tls.handshake_match.alpn v0.0.0-20250530154005-4d3c80e89c5f github.com/mholt/caddy-l4
Non-standard modules: 46
Unknown modules: 0I don't have a minimal reproducer for this (sorry!), but here is my complete Caddyfile:
Contents of my Caddyfiles
# Define the minifier
(minify) {
# JavaScript/JSON
replace {
match {
header Content-Type "text/javascript*"
header Content-Type "application/json*"
header Content-Type "*+json*"
}
re `^//.*\n|/\s*\*[^\0]*?\*\/\s*|\s*(\n)\s*|\s+([^-\w])` "${1}${2}"
}
# CSS
replace {
match {
header Content-Type "text/css*"
}
re `/\*[^\0]*?\*\/|\s*\n\s*|([^-\w)])\s+` "${1}"
}
# XML
replace {
match {
header Content-Type "text/xml*"
header Content-Type "application/xml*"
header Content-Type "*+xml*"
header !X-No-Minify
}
re `<![-]-[^\0]*?[-]->\s*|\s*(\n)\s*|([^-\w<!])\s+([^-\w<!])` "${1}${2}${3}"
}
}
# Define the default options for all sites
(default-base) {
# Compress responses
encode zstd gzip
header {
# Security headers
X-Content-Type-Options nosniff
?Cross-Origin-Resource-Policy same-origin
?Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; form-action 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' https: data:; script-src 'self'; script-src-elem 'self';"
# Prerendering
Supports-Loading-Mode credentialed-prerender uncredentialed-prerender
}
# Use www.maxchernoff.ca for special URLs
@rewrite-special {
path /.well-known/* /ads.txt /app-ads.txt /apple-touch-icon*.png /favicon.ico /favicon.svg /robots.txt /touch-icon*.png /sellers.json
}
handle @rewrite-special {
# Serve the files
root * /srv
file_server
# Minify
import minify
# Caching
header Cache-Control max-age=1209600 # 2 weeks
cache
# Set the correct Content-Types
header /.well-known/traffic-advice {
Content-Type application/trafficadvice+json
}
header /.well-known/dnt {
Content-Type application/tracking-status+json
}
header /.well-known/host-meta {
Content-Type /application/xrd+xml
}
# `time` URL
handle /.well-known/time {
header Content-Type text/plain
templates mime text/plain
header Cache-Control no-cache
}
# Clean up some root-level URLs
rewrite /ads.txt /.well-known/ads.txt
rewrite /app-ads.txt /.well-known/app-ads.txt
rewrite /robots.txt /.well-known/robots.txt
rewrite /sellers.json /.well-known/sellers.json
rewrite /apple-touch-icon*.png /assets/apple-touch-icon.png
rewrite /favicon.ico /assets/favicon.ico
rewrite /favicon.svg /assets/favicon.svg
rewrite /touch-icon*.png /assets/apple-touch-icon.png
}
header /assets/* {
Cache-Control max-age=86400 # 1 day
}
# Allow access to the icons and CSS from other sites
@cross-origin {
path /assets/style.css /favicon.svg /favicon.ico /apple-touch-icon.png
header_regexp Referer "^https://(.*\.)?(maxchernoff\.ca|duck\.tel)/"
}
header @cross-origin {
Cross-Origin-Resource-Policy cross-origin
}
# No sitemaps, so cache the response for a long time
@sitemaps {
path /sitemap.xml /sitemap.txt /sitemaps.xml /sitemap.xml.gz /sitemap_index.xml
}
handle @sitemaps {
header Cache-Control max-age=2592000 # 30 days
respond * 410 {
close
}
}
# Zip-bomb any requests to malicious URLs
@bad-url {
expression `
(path(
"*.php*",
"*/.env",
"*/.git/*",
"*phpinfo*",
"/.*",
"/*.yml",
"/actuator/*",
"/backup",
"/cgi-bin/*",
"/config.json",
"/media/system/js/core.js",
"/owa/*",
"/sftp-config.json",
"/wordpress*",
"/wp-*"
) &&
!path("/.well-known/*")) ||
header({"User-Agent": "Go-http-client/*"})
`
}
@has-zstd {
expression `{http.request.header.Accept-Encoding}.contains("zstd")`
}
handle @bad-url {
root * /srv
file_server {
status 418
}
header Cache-Control max-age=31536000 # 1 year
handle @has-zstd {
header Content-Encoding zstd
header Content-Type "text/html; charset=utf-8"
rewrite * /files/login.html.zstd
}
handle {
header Content-Encoding gzip
header Content-Type "text/html; charset=utf-8"
rewrite * /files/login.html.gz
}
}
}
(www.maxchernoff.ca) {
import default
# Serve static files from /srv
try_files {path}.html {path}
file_server {
hide /includes/* .gitignore retain-empty-folder
}
# Status page
handle /status {
header Content-Type "application/json; charset=utf-8"
header Cache-Control max-age=5
templates {
mime application/json
}
}
# Preload some resources
@html `{http.request.header.Accept}.contains("text/html")`
header @html Link "</assets/style.css>; rel=\"preload\"; as=\"style\", </favicon.svg>; rel=\"icon\"; type=\"image/svg+xml\""
# Analytics
header /analytics/* {
-Content-Security-Policy
-Link
Cache-Control "max-age=60"
}
basic_auth /analytics/* {
analytics {env.CADDY_HTTP_CREDENTIALS}
}
# Stardew Valley
header /tools/Stardew-Valley-Item-Finder/* {
-Content-Security-Policy
}
templates /tools/Stardew-Valley-Item-Finder/* {
mime text/javascript
between /*! !*/
}
redir /tools/Stardew-Valley-Item-Finder/robots.txt /robots.txt permanent
redir /tools/stardew-valley-item-finder /tools/Stardew-Valley-Item-Finder/ permanent
# Convert Markdown files to HTML
templates
rewrite /p/* /includes/index.html
rewrite / /includes/index
# Atom feed
@pretty-atom {
header Sec-Fetch-Mode navigate
}
handle /atom.xml {
header @pretty-atom {
# Browsers will force a download for "application/atom+xml", but
# will allow processing "<?xml-stylesheet ...?>" directives for
# "application/xml", so we'll use that if the request is from a web
# browser.
Content-Type "application/xml; charset=utf-8"
defer
}
header Content-Type "application/atom+xml; charset=utf-8"
header Cache-Control max-age=86400 # 1 day
header Access-Control-Allow-Origin "*"
header X-No-Minify "true"
templates {
mime application/xml application/atom+xml text/xml
}
}
handle /assets/atom.xslt {
header Content-Type "application/xslt+xml; charset=utf-8"
header X-No-Minify "true"
templates {
mime application/xslt+xml
}
}
# Block internal paths
@internal-url {
expression `{http.request.orig_uri.path}.matches("^/(includes/?|p/?$|domains/?)")`
}
handle @internal-url {
error 404
}
# Remove query parameters
@has-query {
expression `{query} != ""`
not path /.well-known/*
not path /v2/*
}
redir @has-query {path} temporary
# Container Registry
redir /v2/* https://registry.maxchernoff.ca{uri} temporary
# Prefetch
header ?Speculation-Rules `"/assets/speculation-rules.json"`
header /assets/speculation-rules.json {
Content-Type application/speculationrules+json
}
import minify
# Handle errors
handle_errors {
header Content-Type "text/html; charset=utf-8"
rewrite * /includes/error.html
templates
file_server
}
}
# Root options
{
# Directive ordering
order replace after encode
order cache before header
# For the ACME challenge
email [email protected]
# Default to maxchernoff.ca if the host is not specified
default_sni maxchernoff.ca
fallback_sni maxchernoff.ca
# Handle socket activation
auto_https disable_redirects
default_bind fd/4 {
protocols h1 h2
}
default_bind fdgram/5 {
protocols h3
}
admin off
# Proxy DNS-over-TLS
layer4 {
fd/6 {
@dot tls {
alpn dot
}
route @dot {
tls {
connection_policy {
alpn dot
fallback_sni ns.maxchernoff.ca
}
}
proxy {
upstream tcp/host.containers.internal:53
}
}
}
}
# Cache some responses server-side
cache {
otter
api {
prometheus
}
}
# Configure (non-request) logging
log {
output stderr
format console
# level DEBUG
}
# ECH
dns rfc2136 {
server host.containers.internal:53
key_name caddy
key_alg hmac-sha256
key {env.CADDY_TSIG}
}
ech ech.maxchernoff.ca
# Metrics
metrics {
per_host
}
}
# Define the default options for all sites
(default) {
import default-base
header {
# Cache all responses for 1 hour
?Cache-Control max-age=3600
# Use HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
log {
output file /var/log/caddy/access.log {
roll_keep_for 1000d
roll_keep 100
mode 640
}
format json
}
# TLS options
tls {
# My analytics show that almost no one except for bots uses TLS 1.2, so
# I might as well set the minimum to version to 1.3.
protocols tls1.3
}
}
(cache) {
# Block access to the Souin API
route {
error /souin-api/* 404
cache
}
}
http:// {
bind fd/3
redir https://{host}{uri} permanent
}
# Domain information pages
(domain-info) {
handle / {
file_server {
root /srv
}
header {
Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; form-action 'none'; style-src https://www.maxchernoff.ca; img-src https://www.maxchernoff.ca;"
}
templates
rewrite /includes/domains.html
}
}
# Redirect maxchernoff.ca to www.maxchernoff.ca
maxchernoff.ca {
import default
redir https://www.{host}{uri} permanent
}
# The main site
www.maxchernoff.ca {
root * /srv
import cache
import www.maxchernoff.ca
}
# Overleaf reverse proxy
overleaf.maxchernoff.ca {
import default
reverse_proxy systemd-overleaf-overleaf:80
redir /learn/* https://www.overleaf.com{path} permanent
}
# Woodpecker reverse proxy
woodpecker.maxchernoff.ca {
import default
header ?Content-Security-Policy ""
reverse_proxy systemd-woodpecker-server:8000
}
# Stardew Valley redirect
stardew-valley-item-finder.maxchernoff.ca {
import default
redir https://www.maxchernoff.ca/tools/Stardew-Valley-Item-Finder{uri} permanent
}
# MTA-STS needs its own subdomain
mta-sts.maxchernoff.ca {
import default
import domain-info
respond "Not Found" 404
}
mta-sts.duck.tel {
import default
import domain-info
respond "Not Found" 404
}
# Flask reverse proxy
api.maxchernoff.ca {
import default
import domain-info
header Cache-Control max-age=5
import cache
reverse_proxy systemd-flask:8080
}
# Container registry reverse proxy
registry.maxchernoff.ca {
import default
import domain-info
import cache
@manifest path /v2/*/manifests/* /v2/_catalog
header @manifest Cache-Control max-age=15
header ?Cache-Control max-age=3600 # Cache all responses for 1 hour
@get-head method GET HEAD
handle @get-head {
reverse_proxy systemd-container-registry:23719
}
# Fallback
handle {
respond "403 Forbidden" 403
}
}
# DNS Nameserver
ns.maxchernoff.ca {
import default
# We need to define a server here for Caddy to fetch a certificate for the
# layer4 DNS-over-TLS proxy, but otherwise this block serves no purpose, so
# we might as well show a landing page.
import domain-info
respond "Not Found" 404
}
# Outgoing mail server
noreply.maxchernoff.ca {
import default
import domain-info
respond "Not Found" 404
}
# ECH placeholder domain
ech.maxchernoff.ca {
import default
import domain-info
respond "Not Found" 404
}
# Prometheus reverse proxy
prometheus.maxchernoff.ca {
import default
header {
?Content-Security-Policy ""
}
basic_auth {
analytics {env.CADDY_HTTP_CREDENTIALS}
}
reverse_proxy systemd-prometheus:9090
}
# Grafana reverse proxy
grafana.maxchernoff.ca {
import default
basic_auth {
analytics {env.CADDY_HTTP_CREDENTIALS}
}
reverse_proxy systemd-grafana:3000 {
header_up X-WEBAUTH-USER "admin"
}
}
# Secondary domain: duck.tel
duck.tel {
import default
import domain-info
respond "Not Found" 404
}
# Fallback hosts
152.53.36.213, [2a0a:4cc0:2000:172::1], * {
# I've set the security options here to be as strict as possible since
# there's no valid reason for anyone to be here.
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Content-Security-Policy "default-src 'self'; sandbox;"
Content-Type text/html
}
tls internal {
protocols tls1.3
}
# I've intentionally omitted the logging here since all that shows up here
# is bots probing for vulnerabilities.
# Do nothing except for sending an informative error message.
respond 421 {
body `
<!DOCTYPE html>
<html lang="en">
<meta charset="UTF-8">
<title>Misdirected Request</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0" >
<meta name="color-scheme" content="light dark">
<h1>Misdirected Request</h1>
<p>Your request was either missing or had an unknown <code>Host</code>
header. Please try again with a valid hostname.
<p><a href="https://www.maxchernoff.ca">Return to the main site.</a>
`
close
}
}
# Metrics
http://10.79.79.2:9117 {
bind 0.0.0.0
handle /metrics {
metrics
}
handle /souin-api/metrics {
cache
}
handle {
respond "404 Not Found" 404
}
}I'm running Caddy inside a rootless Podman container; my full Caddy configuration (xcaddy scripts, systemd unit files, etc.) is available at the following links
Caddy configuration files
-
https://github.com/gucci-on-fleek/maxchernoff.ca/blob/master/builder/containers/caddy/Containerfile
-
https://github.com/gucci-on-fleek/maxchernoff.ca/blob/master/web/.config/systemd/user/caddy.socket
-
https://github.com/gucci-on-fleek/maxchernoff.ca/blob/master/web/caddy/etc/base.caddyfile
-
https://github.com/gucci-on-fleek/maxchernoff.ca/blob/master/web/caddy/etc/server.caddyfile
And here are the results of some /metrics scrapes on two different days:
/metrics scrape results
$ curl http://10.79.79.2:9117/metrics | grep -F icanhazip.com # 2025-06-07
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.005"} 13
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.01"} 13
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.025"} 13
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.05"} 13
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.1"} 13
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.25"} 13
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.5"} 13
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="1"} 13
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="2.5"} 13
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="5"} 13
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="10"} 13
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="+Inf"} 13
caddy_http_request_duration_seconds_sum{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1"} 0.00035868700000000006
caddy_http_request_duration_seconds_count{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1"} 13
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="256"} 13
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="1024"} 13
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="4096"} 13
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="16384"} 13
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="65536"} 13
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="262144"} 13
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="1.048576e+06"} 13
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="4.194304e+06"} 13
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="+Inf"} 13
caddy_http_request_size_bytes_sum{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1"} 1519
caddy_http_request_size_bytes_count{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1"} 13
caddy_http_requests_in_flight{handler="static_response",host="icanhazip.com:443",server="srv1"} 0
caddy_http_requests_total{handler="static_response",host="icanhazip.com:443",server="srv1"} 13
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.005"} 13
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.01"} 13
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.025"} 13
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.05"} 13
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.1"} 13
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.25"} 13
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="0.5"} 13
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="1"} 13
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="2.5"} 13
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="5"} 13
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="10"} 13
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="+Inf"} 13
caddy_http_response_duration_seconds_sum{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1"} 0.000198498
caddy_http_response_duration_seconds_count{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1"} 13
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="256"} 13
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="1024"} 13
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="4096"} 13
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="16384"} 13
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="65536"} 13
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="262144"} 13
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="1.048576e+06"} 13
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="4.194304e+06"} 13
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1",le="+Inf"} 13
caddy_http_response_size_bytes_sum{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1"} 0
caddy_http_response_size_bytes_count{code="301",handler="static_response",host="icanhazip.com:443",method="CONNECT",server="srv1"} 13
$ curl http://10.79.79.2:9117/metrics | grep -F httpbin.org # 2025-06-08
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.005"} 1
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.01"} 1
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.025"} 1
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.05"} 1
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.1"} 1
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.25"} 1
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.5"} 1
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="1"} 1
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="2.5"} 1
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="5"} 1
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="10"} 1
caddy_http_request_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="+Inf"} 1
caddy_http_request_duration_seconds_sum{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1"} 2.6239e-05
caddy_http_request_duration_seconds_count{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1"} 1
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="256"} 1
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="1024"} 1
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="4096"} 1
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="16384"} 1
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="65536"} 1
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="262144"} 1
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="1.048576e+06"} 1
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="4.194304e+06"} 1
caddy_http_request_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="+Inf"} 1
caddy_http_request_size_bytes_sum{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1"} 75
caddy_http_request_size_bytes_count{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1"} 1
caddy_http_requests_in_flight{handler="static_response",host="httpbin.org:443",server="srv1"} 0
caddy_http_requests_total{handler="static_response",host="httpbin.org:443",server="srv1"} 1
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.005"} 1
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.01"} 1
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.025"} 1
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.05"} 1
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.1"} 1
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.25"} 1
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="0.5"} 1
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="1"} 1
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="2.5"} 1
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="5"} 1
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="10"} 1
caddy_http_response_duration_seconds_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="+Inf"} 1
caddy_http_response_duration_seconds_sum{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1"} 1.0114e-05
caddy_http_response_duration_seconds_count{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1"} 1
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="256"} 1
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="1024"} 1
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="4096"} 1
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="16384"} 1
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="65536"} 1
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="262144"} 1
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="1.048576e+06"} 1
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="4.194304e+06"} 1
caddy_http_response_size_bytes_bucket{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1",le="+Inf"} 1
caddy_http_response_size_bytes_sum{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1"} 0
caddy_http_response_size_bytes_count{code="301",handler="static_response",host="httpbin.org:443",method="CONNECT",server="srv1"} 1I realize that this isn't very much to go off of, so please let me know if you need any more details.