Skip to content

Cleaned up Caddy dev-gateway noise#28983

Merged
9larsons merged 1 commit into
mainfrom
caddy-noise-cleanup
Jun 30, 2026
Merged

Cleaned up Caddy dev-gateway noise#28983
9larsons merged 1 commit into
mainfrom
caddy-noise-cleanup

Conversation

@9larsons

Copy link
Copy Markdown
Contributor

Summary

Two distinct sources of noise out of pnpm dev:daemon gateway logs:

  • Removed redundant header_up X-Forwarded-Host / X-Forwarded-For directives from every reverse_proxy block. Caddy's reverse_proxy passes these to upstreams by default, so the explicit copies just produce ~21 Unnecessary header_up warnings on every gateway boot. X-Real-IP (not auto-set) and X-Forwarded-Proto https (we want HTTPS upstream from :80 dev) are kept. WebSocket Connection/Upgrade upgrades and per-block Host overrides are kept.
  • Added log_skip /__admin-dev__* and log_skip /ghost/auth-frame/* at the site level. The admin Vite dev server fans out hundreds of per-module ESM fetches on every page load; the auth-frame is internal. Skipping these keeps the access log readable in dev without losing visibility on the real Ghost backend / API / asset traffic that's worth seeing.

Test plan

  • pnpm dev:daemon, gateway boots with 0 Unnecessary header_up warnings (was ~21).
  • 20 admin Vite dep fetches + auth-frame fetch produce 0 access-log lines.
  • /, /ghost/api/admin/site/, /ghost/, /sitemap.xml still log as expected.
  • All public-app UMDs (portal, comments-ui, signup-form, sodo-search, announcement-bar) still serve 200 from Caddy file_server.
  • /ghost/api/admin/site/ still proxies to Ghost backend; /ghost/auth-frame/ still returns 204; /__admin-dev__/ still proxies to Vite.

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Walkthrough

The docker/dev-gateway/Caddyfile receives two changes: log_skip directives are added to the global logging configuration to suppress access-log entries for /__admin-dev__* and /ghost/auth-frame/* paths; and across all reverse_proxy blocks (Ember live-reload, Ghost API, Analytics, ActivityPub, WebFinger, NodeInfo, Lexical dev-server, auth-frame, JWKS, HMR upgrade, admin HTML, /ghost/*, and default catch-all), explicit X-Forwarded-Host and/or X-Forwarded-For header forwarding directives are removed.

Suggested reviewers

  • acburdine
🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately summarizes the main change: reducing noisy Caddy dev-gateway logs.
Description check ✅ Passed The description matches the changeset and explains both the header cleanup and the new log-skip rules.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch caddy-noise-cleanup

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@nx-cloud

nx-cloud Bot commented Jun 29, 2026

Copy link
Copy Markdown

🤖 Nx Cloud AI Fix

Ensure the fix-ci command is configured to always run in your CI pipeline to get automatic fixes in future runs. For more information, please see https://nx.dev/ci/features/self-healing-ci


View your CI Pipeline Execution ↗ for commit ee6c28c

Command Status Duration Result
nx run @tryghost/admin:build ✅ Succeeded 7s View ↗
nx run ghost:build:assets ✅ Succeeded 2s View ↗
nx run ghost:build:tsc ✅ Succeeded 6s View ↗
nx run-many --target=build --projects=tag:publi... ✅ Succeeded 3s View ↗
nx run-many -t lint -p ghost-monorepo ✅ Succeeded <1s View ↗

💡 Verify your cache is correct by running tasks in a sandbox. Read docs ↗


☁️ Nx Cloud last updated this comment at 2026-06-30 14:40:50 UTC

no ref

Removed redundant header_up X-Forwarded-Host / X-Forwarded-For
directives — Caddy's reverse_proxy passes these to upstreams by default,
and the explicit copies produce ~21 'Unnecessary header_up' warnings on
every gateway boot. X-Real-IP is kept (not auto-set) and X-Forwarded-Proto
is kept (we want HTTPS upstream even from :80 dev).

Skipped access logging for /__admin-dev__* and /ghost/auth-frame/*. The
admin Vite dev server fans out hundreds of per-module fetches on every
page load; the auth-frame is internal. Skipping these keeps the access
log readable in dev without losing visibility on real traffic.
@9larsons 9larsons force-pushed the caddy-noise-cleanup branch from ac3188a to ee6c28c Compare June 30, 2026 14:38
@9larsons 9larsons marked this pull request as ready for review June 30, 2026 14:43
@9larsons 9larsons enabled auto-merge (squash) June 30, 2026 14:44

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
docker/dev-gateway/Caddyfile (1)

45-48: 🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Restore X-Forwarded-Proto https for Analytics.

Line 45 proxies Analytics traffic, but this block no longer preserves the HTTPS forwarded-proto header promised by the PR objective. Add it back to keep redirect-prevention behavior consistent with the other backend/service proxies.

Proposed fix
 		reverse_proxy {env.ANALYTICS_PROXY_TARGET} {
 			header_up Host {host}
 			header_up X-Real-IP {remote_host}
+			header_up X-Forwarded-Proto https
 		}
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docker/dev-gateway/Caddyfile` around lines 45 - 48, The Analytics
reverse_proxy block is missing the forwarded protocol header needed for
HTTPS-aware behavior. Update the reverse_proxy configuration that uses
{env.ANALYTICS_PROXY_TARGET} to also set X-Forwarded-Proto to https, keeping it
consistent with the other backend/service proxy blocks and preserving
redirect-prevention behavior.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@docker/dev-gateway/Caddyfile`:
- Around line 45-48: The Analytics reverse_proxy block is missing the forwarded
protocol header needed for HTTPS-aware behavior. Update the reverse_proxy
configuration that uses {env.ANALYTICS_PROXY_TARGET} to also set
X-Forwarded-Proto to https, keeping it consistent with the other backend/service
proxy blocks and preserving redirect-prevention behavior.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d2cce994-d563-473a-b1c0-1f0efd6eff32

📥 Commits

Reviewing files that changed from the base of the PR and between 1313765 and ee6c28c.

📒 Files selected for processing (1)
  • docker/dev-gateway/Caddyfile

@9larsons 9larsons merged commit 465a32f into main Jun 30, 2026
40 checks passed
@9larsons 9larsons deleted the caddy-noise-cleanup branch June 30, 2026 14:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant